NOTE
NOTE
Administration
Manual Administration Using kadmin
•Service principal, the server can issue a renewable ticket for the service
Before the server issues a renewable service ticket, the requesting user must possess a renewable TGT.
To modify the parameter type attr for the principal admin, to set the Allow Renewable Attribute, you would need to do the following:
Command: mod
Name of Principal to Modify: admin
Parameter Type to be Modified (attr,fcnt,vno or quit) :attr Attribute (or quit): {renewnorenew}
Principal modified.
Allow Forwardable Attribute
The Allow Forwardable attribute determines whether a principal is allowed ticket forwarding. Forwarding is a mechanism to send a TGT to a remote system, from one network host to another. The forwarded TGT can be used to generate, on the principal’s behalf, a new service ticket on the second host’s system. This eliminates the need for the user to
The Allow Forwardable attribute applies to both user and service principals. If this attribute is set for a,
•User principal, the principal can be issued a forwarded or forwardable ticket
•Service principal, the server can issue a forwarded service ticket for the service
Before the server issues a service ticket on the remote host, the requesting user must possess a forwarded TGT
To modify the parameter type attr for the principal admin, to set the Allow Forwardable Attribute, you need to do the following:
Chapter 6 | 179 |