NOTE
NOTE
Administering the Kerberos Server
Manual Administration Using kadmin
Before the server issues a renewable service ticket, the requesting user must possess a renewable TGT.
To modify the type of the parameter attr for the principal admin and to set the Allow Renewable attribute, type kadmin at the
Following is a sample output of the Allow Renewable attribute:
Command: mod
Name of Principal to Modify: admin
Parameter Type to be Modified (attr,fcnt,vno, policy,dn or qui t) :attr
Attribute (or quit): {renewnorenew}
Principal modified.
Allow Forwardable AttributeThe Allow Forwardable attribute determines whether a principal is allowed ticket forwarding. Forwarding is a mechanism to send a TGT to a remote system, from one network host to another. On behalf of the principal, you can use the forwarded TGT to generate a new service ticket on the second host system. This eliminates the need for the user to reauthenticate and
The Allow Forwardable attribute applies to both user and service principals. If this attribute is set for a user principal, you can issue a forwarded or forwardable ticket to the principal. If this attribute is set for a service principal, the server can issue a forwarded service ticket for the service.
Before the server issues a service ticket on the remote host, the requesting user must possess a forwarded TGT.
To modify the type of the parameter attr for the principal admin and to set the Allow Forwardable attribute, type kadmin at the
Following is a sample output of the Allow Forwardable attribute:
Chapter 8 | 213 |