Administration

Manual Administration Using kadmin

The notgt command in kadmin is equivalent to selecting the Require Initial Authentication on the Attributes tab of the Administrator; the tgt command in the kadmin is equivalent to clearing the Require Initial Authentication check-box on the Attributes tab.

You can use the kadmin inq command to view this principal’s attribute. With Require Initial Authentication selected (tgt), the inquire command shows TGT_BASED in the attributes field. Without the Require Initial Authentication setting (notgt) no text appears in the attributes field.

Table 6-4equates the Administrator Attributes tab check-box setting with the kadmin command setting. It also indicates the attribute text that shows if you view a principal’s settings using the kadmin inq command.

Table 6-4

Require Initial Authentication Attribute Settings

 

 

 

 

 

 

 

Attributes Tab Check-box

kadmin

 

Kadmin inq

 

Setting

Command

 

Shows:

 

 

 

 

 

 

Select Require Initial

notgt

 

no text shows

 

Authentication

 

 

 

 

 

 

 

 

 

Select Require Initial

tgt

 

TGT_BASED

 

Authentication

 

 

 

 

 

 

 

 

Set As Password Change Service Attribute

The Set As Password Change Service attribute determines whether a service principal can act as a change password service. Setting this attribute allows a service principal to receive initial tickets for user principals whose passwords have expired.

NOTE

When the Set as Password Change Service attribute is selected, the

 

Require Initial Authentication Attribute is automatically selected.

 

 

Chapter 6

185