Filter
Top Products
Administering the Kerberos Server
Manual Administration Using kadmin
Chapter 8204
HP recommends that you use the graphical user interface administrative
utility, kadminl_ui, to administer these parameters.
Adding a New Principal
You must specify the add administrative privilege in admin_acl_file to
add a principal to the database.
To add a new principal, type kadmin add at the HP-UX prompt. This
command adds a new principal with the specified name and password to
the principal database. When you add a principal by using the add
command, the principal inherits the default group principal settings for
the key type and salt types.
The general syntax for adding a new principal is as follows:
command: add
NOTE You must specify values for all the mandatory LDAP attributes while
creating a Kerberos principal. These attributes need to be specified only
if the LDAP DN does not exist in the Directory server. You are prompted
for mandatory attributes based on the default object class template that
you specified while configuring your Kerberos server with LDAP as the
backend. You are not prompted for LDAP attributes if the default object
class template consists of only one mandatory attribute.
When creating principal names, ensure that a principal name meets the
following conditions:
• Is case-sensitive.
• Is shorter than 767 characters.
• Is uniquely defined in the first 255 characters.
• Do not contain a space, tab, # (pound sign), \ (backslash) or : (colon).
• Does not subscribe to a NULL policy.
If you subscribe to a policy that does not exist in the
password.policy file, the default policy * is applied to the principal.