Administration
Principals
Principals
A Principal is a string that names a specific entity to which a set of credentials may be assigned. Principals are users and network services that are included in your security network.
The general syntax of a principal is:
identifier/instance@REALM
A principal name consists of three parts,
identifier | is the name of either the network service or a user. |
| This is a required parameter and has to be specified. |
/instance | is a group used to further identify the name. The |
| instance can identify the duties, organization or any |
| other information about the principal. |
| In case of a user, the instance is often used to describe |
| the intended use of the corresponding credentials. |
| In case of a host, the instance, is the fully qualified |
| domain name. Multiple instances of upto 255, are |
| allowed. Each additional instance is preceded by a /. |
| The rlogind, ftpd, rshd, rcpd, and telnetd use the |
| instance to indicate the name of the system where the |
| network service resides. |
| An instance may also imply special privileges. For |
| example, a security administrator could have a |
| principal account with an admin instance to use when |
| performing administration tasks. |
| This is an optional parameter that need not be |
| specified |
Realm | identifies the realm in which the principal resides. By |
| convention, realm names are generally are the fully |
| qualified domain name of the primary server. |
| This a required parameter and has to be specified. |
When creating principal names, note that a principal name:
•is case sensitive
Chapter 6 | 103 |