Administration

Manual Administration Using kadmin

WARNING

NOTE

Command: mod

Name of Principal to Modify: admin

Parameter Type to be Modified (attr,fcnt,vno or quit) :attr Attribute (or quit): {forwardnoforward}

Principal modified.

Allow Proxy Attribute

The Allow Proxy attribute determines whether a principal is allowed proxy tickets. Proxy tickets allow applications that a principal accesses with a TGT to request a special class of service ticket. This type of service ticket can be moved to another host on the network that acts on the principal’s behalf. For example, a print service printing a file for a user.

The authorization fields of the ticket and authenticator can be used to hold restrictions on the proxy ticket.

The Allow Proxy attribute applies to both user and service principals. If this attribute is set for a,

User principal, the principal can be issued a proxy ticket

Service principal, the server can issue a proxy service ticket for the service

Before the server issues a proxy service ticket, the requesting user must possess a proxy TGT

To modify the parameter type attr for the principal admin, to set the Allow Proxy Attribute, you need to do the following:

Command: mod

Name of Principal to Modify: admin

Parameter Type to be Modified (attr,fcnt,vno or quit) :attr Attribute (or quit): {proxynoproxy}

Principal modified.

180

Chapter 6

Page 180
Image 180
HP UX Kerberos Data Security Software manual Allow Proxy Attribute