Configuration

Add An Administrative Principal

 

Add An Administrative Principal

 

Use the Administrator instead of the Command-Line-Administrator

 

option to add the principal account. Refer to, “kadmin Vs kadminl” on

 

page 112, for more information on using the Administrator and the

 

Command-Line-Administrator.

 

While it is possible to use the kadmin option to create an administrative

 

principal, it cannot be used to assign administrative privileges. If you

 

must use the kadmin utilities to manage your administrative prinicpals,

 

use a text editor to add the required entries to the file.

 

You need to be logged in as a root user in order to execute the tasks

NOTE

 

mentioned above. These tasks must be performed on the Primary

 

Security Server.

 

For the first administrative principal, we recommend that you assign all

 

 

permissions, indicated by ‘*’ in the admin_acl_file. Refer to

 

“admin_acl_file” on page 95, for more information.

 

To add an administrative principal using the

 

Administrator

1.Run Administrator, kadminl_ui

2.Add a new principal to the default realm using the following syntax: identifier/admin@DEFAULT_REALM

3.Assign password

4.Using the Edit-> Edit Administrative Permissions menu, assign ALL administrative permissions to the principal

5.On the Attributes tab, clear the Require Password Change

Checkbox.

6.Save your changes and close the Administrator

The principal account, by default, requires a password change at the first logon. However, kadmin does not permit password changes, unless you have explicit permissions to do so.

80

Chapter 5

Page 80
Image 80
HP UX Kerberos Data Security Software manual Add An Administrative Principal, To add an administrative principal using