Filter
Top Products
Administering the Kerberos Server
Administrative Permissions
Chapter 8 191
Restricted
Administrator
Select this option in addition to the Add Principals, Delete
Principals, Modify Principals, Inquire about Principals, Extract
Keys, Change Principal Password attributes in the realm of the
administrative principal or all realms to permit administrative
principals to use these options only for the following principals:
• Restricted administrator in the This Realm box – Restricts
actions on admin_acl_file entries that belong to the realm of
the administrative principal.
• Restricted administrator in the All Realms box – Restricts
actions on admin_acl_file entries that belong to realms other
than the realm of the administrative principal.
• Restricted administrator in both the This Realm box and the
All Realms box – Restricts actions on admin_acl_file entries
that belong to any realm supported by the primary security
server.
You cannot restrict the administrative principals that have the
Restricted Administrator modifier from managing principals that
are not included in admin_acl_file.
The Restricted Administrator modifier setting does not override
the Modify Administrative Permissions, that is, an administrative
principal with both the Modify Administrative Permissions and the
Restricted Administrator settings can change the principal
settings in admin_acl_file, including their own principal
settings.
The Restricted Administrator modifier setting also does not
override the Principal Information>Edit>Edit Group Default
setting; an administrative principal with both these settings
enabled can edit the values of the default group principal.
Edit Group
Defaults
Edits the default values stored in the default group for the realm.
You can edit the default principal using the Principal
Information>Edit>Edit Default Group>Group Information
window.
Table 8-15 Group Information Window Components (Continued)
Component Description