Administration
Principals
Adding User Principals
The Kerberos Security Server allows you to add user principals to the principal database as needed. The only limit on the number of principals in the database is the disk space available on the primary security server and each of the secondary security servers.
When adding a user principal to the database, you must assign the principal identifier, instances (if used) and realm. You must also designate a temporary password for the principal. You may assign specific attributes and properties to the account. Any attributes and properties that are not specifically set for the principal are inherited from the default group principal.
The temporary password must be communicated to the user before the user authenticates with the new principal account. The user provides the temporary password and is required to change the password during the first authentication attempt. A secure method must be established for transferring the temporary password information to the user to avoid a security breach.
Adding New Service Principals
The Kerberos Security Server allows you to add service principals to the principal database, as needed. A service principal account is used for a UNIX host system, or a
Certain service principals are required by the Kerberos Security Server and are automatically added to the principal database, when the Kerberos Server software is installed. Service principal accounts used by optional secured service applications must be added to the principal database manually.
Each
•The application must be able to provide its unique principal name during authentication.
Chapter 6 | 105 |