Administration
Manual Administration Using kadmin
WARNING
NOTE
Command: mod
Name of Principal to Modify: admin
Parameter Type to be Modified (attr,fcnt,vno or quit) :attr Attribute (or quit): {forwardnoforward}
Principal modified.
Allow Proxy Attribute
The Allow Proxy attribute determines whether a principal is allowed proxy tickets. Proxy tickets allow applications that a principal accesses with a TGT to request a special class of service ticket. This type of service ticket can be moved to another host on the network that acts on the principal’s behalf. For example, a print service printing a file for a user.
The authorization fields of the ticket and authenticator can be used to hold restrictions on the proxy ticket.
The Allow Proxy attribute applies to both user and service principals. If this attribute is set for a,
•User principal, the principal can be issued a proxy ticket
•Service principal, the server can issue a proxy service ticket for the service
Before the server issues a proxy service ticket, the requesting user must possess a proxy TGT
To modify the parameter type attr for the principal admin, to set the Allow Proxy Attribute, you need to do the following:
Command: mod
Name of Principal to Modify: admin
Parameter Type to be Modified (attr,fcnt,vno or quit) :attr Attribute (or quit): {proxynoproxy}
Principal modified.
180 | Chapter 6 |