Administering the Kerberos Server
Manual Administration Using kadmin
Allow Duplicate Session Key AttributeThe Allow Duplicate Session Key attribute determines whether a principal is allowed to use a duplicate session key. A duplicate session key applies to
This setting controls the security protocol between a client application, initiator, and a service called the acceptor. The following processes occur when an initiator application requests for a duplicate session key:
•The initiator application sends the TGT of the initiator and the acceptor as a request to the
•The service ticket returned to the initiator application is encrypted with the secret key of the acceptor when the Allow Duplicate Session Key attribute is not set.
This attribute is set by default, thereby allowing an initiator application to request a duplicate session key for the application of the acceptor. You must assign the Allow as Service attribute to principal accounts that use duplicate session keys.
To modify the type of parameter attr for the principal admin and to set the Allow Duplicate Session Key attribute, type kadmin at the
Following is a sample output of the Allow Duplicate Session Key attribute:
Command: mod
Name of Principal to Modify: admin
Parameter Type to be Modified (attr,fcnt,vno, policy,dn or qui t) :attr
Attribute (or quit): {dskeynodskey}
Principal modified.
Chapter 8 | 215 |