Administering the Kerberos Server
Manual Administration Using kadmin
Command: mod
Name of Principal to Modify: admin
Parameter Type to be Modified (attr,fcnt,vno,policy,dn or quit ):fcnt
Failure Count (or quit): <enter count>
Principal modified.
Key Version Number Attribute
Every principal password has an associated version number that identifies the frequency of password changes.
When you create a principal, its password version number is inherited from the default group template. Every time you change a password, the version number is incremented by 1. However, the key version number is a writable field in the database, and you cannot consider the key version number as an accurate counter.
If you change the password for the default group principal, the key version number increments, and every new principal added to the database does not begin with 1. Because this may be confusing, HP recommends that you edit the version number for the default group principal to be 1 after you regenerate a key for the default principal.
For example, to modify the vno parameter for the principal admin, type kadmin at the
Following is a sample output for the mod command with the vno parameter:
Command: mod
Name of Principal to Modify: admin
Parameter Type to be Modified (attr,fcnt,vno,policy,dn or quit ): vno
Remote Administrator version Number (or quit): <enter count> Principal modified.
LDAP DN
This option specifies the LDAP DN name. The LDAP DN specifies the location of where all information for the client is found in the DIT. If you choose to use the default, press the return key.
For example, to modify the dn parameter for the principal admin, type kadmin at the
210 | Chapter 8 |
