Administration
Setting Administrative Permissions
|
| Setting Administrative Permissions |
|
| Use the kadminl_ui window to assign administrative permissions to |
|
| users. When a principal is assigned administrative permissions, the |
|
| principal and its permissions are saved to the admin_acl_file located |
|
| on the primary security server. |
|
| We recommend the convention of adding a principal with the instance |
|
| /admin to identify a principal who is an administrator. The user’s /admin |
|
| instance should have a different password than other instances, thus |
|
| providing additional security during administrative tasks. Users signing |
|
| on to kadmin_ui to perform administrative tasks must log in with the |
|
| admin principal. For example, user/admin@REALM. |
|
| To set administrative permissions |
Step | 1. In the kadminl_ui window, choose the Principals tab and select the | |
|
| realm where the principal resides. |
Step | 2. | Find the principal to be assigned administrative permissions and then |
|
| click Edit. The Principal Information window appears. See “Finding |
|
| a Principal” on page 126 on how to search for a principal. |
Step | 3. | From the Edit menu, select Edit Administrative Permissions. The |
|
| Administrative Permissions window appears. |
Step | 4. | Select the appropriate permissions for the principal. The principal may |
|
| be assigned permissions for all realms or just for the realm where the |
|
| principal resides. |
|
| To enable a principal to run the Administrator program, the principal |
|
| must have the Inquire About Principals permission enabled. |
Step | 5. Click OK to save the permissions to admin_acl_file. | |
Chapter 6 | 159 |