Administration
Principals
The fqdn instance must be the fully qualified domain name (FQDN) of the host system for the server or service. The FQDN must be entered as
These principals are not automatically added to the principal database when the security servers or application services are installed.
Removing User Principals
You may need to delete user principals from the database. When a principal account is deleted from the database, the principal can no longer be used to authenticate to the security server.
To delete a principal, use either the Administrator or
For user principals, there may be additional steps that must be performed to remove the special privilege settings.
For user principals that use UNIX systems, every UNIX host used by a principal contains the host/ service principal. If this system is unused, delete the service key from the host and remove the host/<fqdn> principal from the database.
Remove Special Privilege Settings
If the principal had special privileges, you must also remove those rights. Examples of special privileges include:
•Administrative principal who are aware of the UNIX root password. Ensure that you change the root or Administrator password according to your password requirements.
•Administrative principal using kadmin. Ensure that the administrative principal entry in the admin_acl_file is removed.
NOTE | When you delete an administrative principal using Administrator, any |
| reference to that principal is automatically removed from the |
| admin_acl_file. |
|
|
Chapter 6 | 109 |