Administration

Principals

Adding User Principals

The Kerberos Security Server allows you to add user principals to the principal database as needed. The only limit on the number of principals in the database is the disk space available on the primary security server and each of the secondary security servers.

When adding a user principal to the database, you must assign the principal identifier, instances (if used) and realm. You must also designate a temporary password for the principal. You may assign specific attributes and properties to the account. Any attributes and properties that are not specifically set for the principal are inherited from the default group principal.

The temporary password must be communicated to the user before the user authenticates with the new principal account. The user provides the temporary password and is required to change the password during the first authentication attempt. A secure method must be established for transferring the temporary password information to the user to avoid a security breach.

Adding New Service Principals

The Kerberos Security Server allows you to add service principals to the principal database, as needed. A service principal account is used for a UNIX host system, or a Kerberos-secured service or application that is available in the network to user principals.

Certain service principals are required by the Kerberos Security Server and are automatically added to the principal database, when the Kerberos Server software is installed. Service principal accounts used by optional secured service applications must be added to the principal database manually.

Each Kerberos-secured service or application must have the ability to provide its secret key during authentication. For this reason, service principal accounts must have specific attributes and properties, as required by the application. These attributes and properties include:

The application must be able to provide its unique principal name during authentication.

Chapter 6

105

Page 105
Image 105
HP UX Kerberos Data Security Software manual Adding User Principals, Adding New Service Principals