Filter
Top Products
Administering the Kerberos Server
The admin_acl_file File
Chapter 8 113
The admin_acl_file File
The /opt/krb5/admin_acl_file file located only on the primary
security server, lists authorized principals with their respective
administrative permissions. It also lists principals that you cannot
modify without explicit privileges.
NOTE Protect admin_acl_file with appropriate read-write privileges with
access only to the root user
The kadmind command checks the permissions of the principal in
admin_acl_file. You can edit admin_acl_file directly on the primary
security server, or remotely using the Administrative Permissions
window of the HP Kerberos Administrator.
The general format of admin_acl_file is as follows:
identifier/instance@REALM [perms_list] [# comments]
where:
identifier Specifies the name of the principal.
instance Specifies the administrative instance associated with
the principal. HP recommends that you add an admin
instance to each administrative principal name.
If the prinicpal resides in the default realm of the
primary security server, @REALM is optional. Otherwise,
you must explicitly specify the realm of the principal.
[perms_list] Specifies the permissions. You can add one or more
permissions listed in Table 8-2, without any space
between the letters.
[# comment] Specifies any optional remarks about the principal.
Characters after the # (hash) symbol are ignored.
Each line in admin_acl_file matches an administrative principal with
a set of permissions. You can also use wildcards to enter groups of
principal names.