Administering the Kerberos Server
Manual Administration Using kadmin
You can use the kadmin inq command to view the attribute of the principal. With Require Initial Authentication selected (tgt), the inquire command shows TGT_BASED in the attributes field. Without the Require Initial Authentication setting (notgt), the text does not appear in the attributes field.
Table
Table | Require Initial Authentication Attribute Settings |
| ||
|
|
|
|
|
| Attributes Tab | HP Kerberos |
| kadmin inq |
| Setting | Administrator |
| Shows: |
|
|
|
|
|
| Select Require Initial | notgt |
| No text shows |
| Authentication |
|
|
|
|
|
|
|
|
| Select Require Initial | tgt |
| TGT_BASED |
| Authentication |
|
|
|
|
|
|
|
|
The Set As Password Change Service attribute determines if a service principal can act as a change password service. If you set this attribute, a service principal receives initial tickets for user principals whose passwords have expired.
NOTE | When you select the Set As Password Change Service attribute, the |
| Require Initial Authentication attribute is automatically selected. |
|
|
Normally, you select the Set As Password Change Service attribute only for the service principal defined as a change password service. You can add other change password service principals to the principal database if you have created custom applications that require different password service principals.
To modify the type of parameter attr for the principal admin and to set the Password Change Service attribute, type kadmin at the
220 | Chapter 8 |