Configuring the Primary and Secondary Security Server

Configuring the Primary Security Server

Step

4.

Use the Edit>Edit Administrative Permissions menu to assign ALL

 

 

administrative permissions to the principal.

Step

5.

On the Attributes tab, clear the Require Password Change checkbox

 

 

to disable the password change requirement.

 

 

You can also disable the password change requirement by setting the

 

 

NoReqChangePwd setting in the principal’s password policy file to 1.

 

 

 

NOTE

 

By default, the principal account requires a password change at the first

 

 

logon. However, kadmin does not permit password changes, unless you

 

 

have explicit permissions to change your password.

 

 

 

Step

6.

Save your changes and close the HP Kerberos Administrator.

 

 

For more information on using the HP Kerberos Administrator, see “HP

 

 

Kerberos Administrator” on page 132.

 

 

To Add an Administrative Principal Through the Command Line

 

 

Following steps show how to add an administrative principal through the

 

 

command-line interface:

Step

1.

Run the kadmin command-line administrator.

Step

2.

Add a new principal to the default realm using the following syntax:

 

 

command: add

 

 

Name of Principal to add: admin

 

 

Enter password:password

 

 

Re-enter password for verification:password

 

 

Enter policy name (Press enter key to apply default policy):

 

 

Principal added

For more information on assigning administrative privileges to principals, see “Manual Administration Using kadmin” on page 202.

Create the host/<fqdn> Principal and Extracting the Service Key

To allow principal database propagation, the primary security server must have a host/<fqdn> principal and the service key for this principal must be extracted to the service key table file of the server.

98

Chapter 7

Page 98
Image 98
HP UX Kerberos Data Security Software manual To Add an Administrative Principal Through the Command Line