Administration
Creating an Administrative Principal
NOTE
Creating an Administrative Principal
Use the kadminl_ui to create administrative prinicpals. When a principal is created and the administrative permissions have been assigned to it, it is saved to the admin_acl_file located on the primary server. For more information on the admin_acl_file, refer to “admin_acl_file” on page 95.
We recommend that the /admin instance be assigned to each principal who is an administrator. This implies that a user can have two or more principal accounts, namely,
•one or more principals with
•one principal account with the /admin instance that has administrative permissions
The user’s /admin principal should have a different password than the user’s other principal accounts. This provides additional security during administrative tasks.
|
| To create an administrative principal |
Step | 1. | In the kadminl_ui window, choose the Principals tab and select the |
|
| realm in which you want to create the administrative account. |
Step | 2. | Click New to display the Principal Information window. |
Step | 3. | Enter the identifier/admin@REALM of the administrative principal in |
|
| the Principal field. |
Step | 4. | On the General tab, the default ticket information for the administrative |
|
| principal already exists. You may change this information else leave it as |
|
| is. |
Step | 5. | Display the Change Password window by clicking Apply. |
Step | 6. | Enter the password information. Do NOT select the Generate Random |
|
| Key box. |
124 | Chapter 6 |