Filter
Top Products
Administering the Kerberos Server
Creating an Administrative Principal
Chapter 8146
Creating an Administrative Principal
You can use the HP Kerberos Administrator window to create an
administrative principal. When you create a principal and assign the
administrative permissions to it, the principal is stored in
admin_acl_file located on the primary security server. For more
information on admin_acl_file, see “The admin_acl_file File” on
page 113.
HP recommends that you assign the /admin instance to a principal that
is an administrator. Therefore, a user can have one or more of the
following principal accounts:
• One or more principals with non administrative permissions for
daily authentication.
• One principal account with the /admin instance that has
administrative permissions
.
NOTE The /admin principal of the user must have a different password than the
password for other principal accounts of the user. This provides
additional security during administrative tasks.
To create an administrative principal, complete the following steps:
Step 1. In the HP Kerberos Administrator window, select the Realm in which
you want to create an administrative account.
Step 2. Click New to display the Principal Information window as shown in
Figure 8-2.
Step 3. Enter the identifier/admin@REALM of the administrative principal in
the Principal field.
Step 4. In the General tab, the default ticket information for the administrative
principal already exists. You may change this information or retain the
old values.
Step 5. Click Apply to display the Change Password window as shown in
Figure 8-3.