Administration

Manual Administration Using kadmin

Allow Postdated Attribute

The Allow Postdated attribute determines whether a principal is allowed ticket postdating. Postdating is a mechanism that allows a principal to obtain a ticket that is initially invalid but becomes valid in the future.

The Allow Postdated attribute applies to both user and service principals as indicated below:

User principals can be issued either a postdated or postdatable ticket

Service principals can be issued postdated service tickets for the service by the server

NOTE

Before the server issues a postdated service ticket, the requesting

 

user must possess a postdatable TGT.

 

 

To modify the parameter type attr for the principal admin, to set the

Allow Postdated Attribute, you would need to do the following:

Command: mod

Name of Principal to Modify: admin

Parameter Type to be Modified (attr,fcnt,vno or quit) :attr

Attribute (or quit): {postdatenopostdate}

Principal modified.

Allow Renewable Attribute

The Allow Renewable attribute determines whether a principal is allowed to request for renewable tickets. Renewable tickets are those that can be re-validated up to the maximum renewal time.

The maximum ticket lifetime and renewable time are stored in the principal database in krbtgt/REALM@REALM principal. Individual principal accounts can be limited using the Maximum Renew Time Setting on the General tab of the Administrator.

The Allow Renewable attribute applies to both user and service principals. If this attribute is set for a,

User principal, the principal can be issued a renewable ticket

178

Chapter 6

Page 178
Image 178
HP UX Kerberos Data Security Software manual Allow Postdated Attribute, Allow Renewable Attribute