Administration

Principals

WARNING

WARNING

WARNING

kadmin/REALM@REALM The kadmin/REALM@REALM principal name is used by the administration tools: Administrator and the Command-Line-Administratorprograms. This principal is required in each realm. It is automatically added when you add a realm to the database.

This principal uses a random key, but you do not need to extract the key to a service key table file.

Do NOT remove or modify this principal entry.

kadmin/changepw@REALM The kadmin/changepw@REALM principal is required by the Kerberos v5 standard set/change password protocol. This principal is automatically added to the database when a realm is created.

This principal uses a random key, but you do not need to extract the key to the service key table file.

Do NOT remove or modify this principal entry.

kcpwd/REALM@REALM The kcpwd/REALM@REALM principal name is change password service for Kerberos. This principal is required in each realm. It is automatically added when you add a realm to the database.

This principal uses a random key. However, you do not need to extract this key to a service key table file.

Do NOT remove or modify this principal entry.

host/fqdn@REALM The host/fqdn@REALM principal name is used by various Security Servers and application services, including:

Primary and secondary security servers, as required for database propagation

Secure Connection Utilities daemons and client applications

108

Chapter 6