Administration

Creating an Administrative Principal

NOTE

Creating an Administrative Principal

Use the kadminl_ui to create administrative prinicpals. When a principal is created and the administrative permissions have been assigned to it, it is saved to the admin_acl_file located on the primary server. For more information on the admin_acl_file, refer to “admin_acl_file” on page 95.

We recommend that the /admin instance be assigned to each principal who is an administrator. This implies that a user can have two or more principal accounts, namely,

one or more principals with non-administrative permissions for daily authentication

one principal account with the /admin instance that has administrative permissions

The user’s /admin principal should have a different password than the user’s other principal accounts. This provides additional security during administrative tasks.

 

 

To create an administrative principal

Step

1.

In the kadminl_ui window, choose the Principals tab and select the

 

 

realm in which you want to create the administrative account.

Step

2.

Click New to display the Principal Information window.

Step

3.

Enter the identifier/admin@REALM of the administrative principal in

 

 

the Principal field.

Step

4.

On the General tab, the default ticket information for the administrative

 

 

principal already exists. You may change this information else leave it as

 

 

is.

Step

5.

Display the Change Password window by clicking Apply.

Step

6.

Enter the password information. Do NOT select the Generate Random

 

 

Key box.

124

Chapter 6

Page 124
Image 124
HP UX Kerberos Data Security Software manual Creating an Administrative Principal, To create an administrative principal