| Administering the Kerberos Server |
| Manual Administration Using kadmin |
policy | Specifies the new policy name. If you do not specify a |
| policy name, the default policy is applied. |
dn | Specifies the LDAP DN name. If you do not specify an |
| LDAP DN name, the default policy is applied. |
The general syntax for modifying an existing principal is as follows:
command: mod
For example, to modify the principal admin, type kadmin at the
Command: mod
Name of Principal to Modify: admin
Parameter Type to be Modified (attr,fcnt,vno, policy,dn or qui
t):<parameter_type>
Principal modified.
Enter the <parameter_type> to be modified at the command prompt. The principal is modified depending on the parameter that you have specified. The subsequent sections of this chapter contain a detailed description of the parameter types.
Number of Authentication Failures (fcnt)When you create a principal, the failed authentication count is automatically set to zero. The user associated with that principal increments the failed authentication count by 1 for each failed authentication attempt.
If the user has more consecutive authentication failures than allowed by the MaxFailAuthCnt parameter in the password policy file, the principal is locked. Before the user can attempt to authenticate again, the administrator must unlock the principal, which resets the fcnt to zero.
If the user successfully authenticates before the maximum failed authentication count value, fcnt is automatically reset to zero.
For example, to modify the fcnt parameter for the principal admin, type kadmin at the
Following is a sample output for the mod command with the fcnt parameter:
Chapter 8 | 209 |