Administration
Principals
•cannot be longer than 767 characters
•must be uniquely defined in the first 255 characters
•cannot contain a space, tab, number sign (#), backward slash (\) or colon (:)
NOTE | The forward slash (/) is an allowed character and is used to delineate |
| the instance. |
|
|
There are two types of principals:
•user principals
User principals are accounts assigned to individuals in your organization. There must be at least one account for each individual. You may choose to add multiple accounts for one individual if the accounts are intended to be used for different purposes. Use the instance parameter of the principal name to designate the intended use of the account. There are two special categories of user principals:-
—Administrative principals are user accounts that have administrative permissions assigned to them.
We recommend, that you use the /admin instance to distinguish these accounts. These principals have the administrative permissions assigned in the admin_acl_file.
•service principals
A service principal is a principal account assigned to a service in your security network. Examples of service principals include secured daemons or services that are accessible on the network, or host/ principals that are created for a user’s host system.
104 | Chapter 6 |