Administration

Password Tab (Principal Information window)

The keyword NEVER, which indicates that the expiration is not effected.

Key Version Number

Every principal password has a version number associated with it that identifies the number of times the password has been changed. When a principal is first created, its password version number is one. Every time the password is changed, the version number is incremented by one.

Password Last Changed

This date is updated when you change a password. The word NEVER indicates the password cannot be changed by the user.

Change Password button Displays the Change Password window, which provides the option to specify a password or to generate a random key for the current principal.

Failed Auth Count This is the number of failed authentication attempts since the last successful authentication by the principal. Every failed SignOn request by the client increments the Failed Auth Count by one. If the number exceeds the maximum allowed by the MaxFailAuthCnt parameter in the password policy file, the principal account is automatically locked. To determine if a principal account is locked, click the Attributes tab in the Principal Information window and look at the Lock Principal check box. To unlock a principal, clear the check box.

For more information, refer to “Password Policy File” on page 101.

Primary and Secondary Key Types The available key options are DES3-MD5, DES-MD5,and DES-CRCencryption. Select a key encryption type for each salt type that you use.

Primary and Secondary Salt Types

A Salt is a string of characters added to a password before it is transformed into the secret key. Each salt type, except None has data associated with it. The salt data is appended to the password before generating the DES3 or DES encrypted key. The salt key settings are controlled through the Password tab of the Principals

Chapter 6

139

Page 139
Image 139
HP UX Kerberos Data Security Software manual