Administering the Kerberos Server
Manual Administration Using kadmin
Following is a sample output for the mod command with the dn parameter:
Command: mod
Name of Principal to Modify: admin
Parameter Type to be Modified (attr,fcnt,vno, policy,dn or qui t) :dn
Enter LDAP DN name or quit: <enter LDAP DN name> Principal modified.
Policy NameThis option specifies the policy name subscribed by the principal. When the principal attempts to change its password, the rules of this policy are applied to the principal.
For example, to modify the policy parameter for the principal admin, type kadmin at the
Following is a sample output for the mod command with the policy parameter:
Command: mod
Name of Principal to Modify: admin
Parameter Type to be Modified (attr,fcnt,vno, policy,dn or qui t) :policy
Enter policy name or quit: <enter policy name>
Principal modified.
Attributes
Attributes indicate the properties associated with a principal. To view a list of attributes, type kadmin at the
Command: attr
Attribute (or quit): ?
The subsequent sections discuss the attributes associated with a principal.
Allow Postdated AttributeThe Allow Postdated attribute determines whether a principal is allowed ticket postdating. Postdating is a mechanism that allows a principal to obtain a ticket that is initially invalid, but that becomes valid in the future.
Chapter 8 | 211 |