HP UX Kerberos Data Security Software manual 161

Administration

Administrative Permissions

Principal Displays the name of the Principal you are editing. You should add an additional principal account with the /admin instance for the individual requiring administrator privileges.

Add Principals Select this box to allow this principal to add new principals to the principal database.

Delete Principals Select this box to allow this principal to delete principals from the principal database.

Modify Principals Select this box to allow the user to modify principals.

Inquire about Principals Select this box to allow the user to inquire about specific prinicpals. This option is required for any principal that is being granted access to this Administrator program. To enable a user to log on to the Administrator program, it is sufficient to select the option Inquire about Principals for the current realm only, the lower list, rather than all realms, the upper list

Extract Keys Select this box to allow the user to extract a key into the service key table file.

Change Principal Password Select this box to allow the user to change principal passwords. This option allows the user to change or any principal in the principal database, including principals in admin_acl_file.

Restricted Administrator Select this box in combination with the Add Principals, Delete Principals, Change Principal Password, Inquire about Principals, Modify Principals or Extract Keys boxes in the administrative principal’s realm or all realms to permit administrative principals to use these options only against certain prinicpal, as indicated below:

•Restricted administrator in This Relam field - Restricts actions on admin_acl_file entries that belong to the administrative principal’s own realm.

•Restricted administrator in All Realms field - Restricted actions on admin_acl_file entries that belong to realms other than the administrative principal’s own realm.