Filter
Top Products
Administering the Kerberos Server
Attributes Tab (Principal Information Window)
Chapter 8 173
Lock Principal Specifies if a principal is active. A locked
principal still exists in the principal
database, but it is unable to use or provide
Kerberos services.
The Lock Principal attribute applies to both
user and service principals. If you set this
attribute for a user principal, tickets cannot
be issued to the user. If you set this
attribute for a service principal, tickets are
not issued to it.
When a principal exceeds the maximum
number of failed authentication attempts
allowed by the password policy file, the Lock
attribute is set. The default maximum level
allowed for failed authentication attempts is
5. If a principal is locked, an administrative
user must unlock the principal before the
user authenticates.
Allow As Service Specifies if a principal is allowed to act as a
service. Set this attribute to allow a
principal to act as a service (that is, the
name of the principal is in the server field of
the service ticket). You must select this
attribute for any principal that is used as a
service principal.
You can apply the Allow As Service
attribute to all principals, in addition to
principals that act solely as service
principals. The attribute is selected by
default.
NOTE: User principals must have this
attribute set when using user-to-user
authentication.
Table 8-12 Attributes Tab Components (Continued)
Components Description