Filter
Top Products
Administering the Kerberos Server
The admin_acl_file File
Chapter 8 117
Creating Administrative Accounts
You can set administrative permissions in admin_acl_file using one of
the following methods:
• Using the HP Kerberos Administrator to set administrative
permissions. When you change the administrative permissions of the
principal, admin_acl_file is automatically updated.
• Editing admin_acl_file directly. To edit this file, you need to have
the required system file administration rights.
Using Restricted Administrator
The r, R, and Rr modifiers are used with the a, A, c, C, d, D, i, I, m, M, x,or
X permissions to permit administrative principals to use those options
only against certain principals.
How the r/R Modifiers Work
Consider the following factors while using the r, R, and Rr modifiers:
• The r modifier restricts only lowercase permissions. For instance,
administrative principals with ird permissions cannot delete
principals from their own realm that are included in
admin_acl_file.
NOTE The r modifier does not restrict upper-case permissions. For
instance, administrative principals assigned with IMimr permissions
cannot modify principals in their own realm that are included in
admin_acl_file, but they are able to modify any principal in all
other realms supported by the primary security server.
• The R modifier restricts only uppercase letter permissions and only
applies to realms other than the realm of the administrative
principal. For instance, administrative principals assigned the IRD
permissions cannot delete principals included in admin_acl_file
from any realm except their own.