Configuring the Primary and Secondary Security Server

Configuring the Primary Security Server

If you are using Kerberos server v2.0 or v3.0, and want to migrate the principal database to Kerberos server v3.1, see Chapter 3, “Migrating to a Newer Version of the Kerberos Server,” on page 41.

 

 

Add an Administrative Principal

 

 

Use the HP Kerberos Administrator (kadminl_ui) instead of the

 

 

command-line administrator (kadminl) to add the principal account. For

 

 

more information on using the HP Kerberos Administrator and the

 

 

command-line administrator, see “The kadmin and kadminl Utilities” on

 

 

page 130.

 

 

Though it is possible to use the kadmin option to create an

 

 

administrative principal, you cannot use kadmin to assign

 

 

administrative privileges. If you want to use the kadmin utilities to

 

 

manage your administrative principals, use a text editor to add the

 

 

required entries to the file.

 

 

 

NOTE

 

You must log on as a root user, on the primary security server, to add an

 

 

administrative principal.

 

 

For the first administrative principal, HP recommends that you assign

 

 

 

 

all permissions, indicated by * in admin_acl_file. For more

 

 

information, see “The admin_acl_file File” on page 113.

 

 

You can add an administrative principal through the HP Kerberos

 

 

Administrator GUI, or through the command-line interface.

 

 

To add an Administrative Principal Using the HP Kerberos

 

 

Administrator

 

 

Following steps show you how to add an administrative principal using

 

 

the HP Kerberos Administrator:

Step

1.

Invoke the HP Kerberos Administrator using the command kadminl_ui.

Step

2.

Add a new principal to the default realm using the following syntax:

 

 

# identifier/admin@DEFAULT_REALM

Step

3.

Assign the password.

Chapter 7

97

Page 97
Image 97
HP UX Kerberos Data Security Software manual Add an Administrative Principal, Administrator