Filter
Top Products
Administering the Kerberos Server
Manual Administration Using kadmin
Chapter 8 209
policy Specifies the new policy name. If you do not specify a
policy name, the default policy is applied.
dn Specifies the LDAP DN name. If you do not specify an
LDAP DN name, the default policy is applied.
The general syntax for modifying an existing principal is as follows:
command: mod
For example, to modify the principal admin, type kadmin at the HP-UX
prompt and specify the mod command, the principal name, and the type
of parameter. Following is a sample output for the mod command:
Command: mod
Name of Principal to Modify: admin
Parameter Type to be Modified (attr,fcnt,vno, policy,dn or qui
t):
<parameter_type>
Principal modified.
Enter the
<parameter_type>
to be modified at the command prompt.
The principal is modified depending on the parameter that you have
specified. The subsequent sections of this chapter contain a detailed
description of the parameter types.
Number of Authentication Failures (fcnt)
When you create a principal, the failed authentication count is
automatically set to zero. The user associated with that principal
increments the failed authentication count by 1 for each failed
authentication attempt.
If the user has more consecutive authentication failures than allowed by
the MaxFailAuthCnt parameter in the password policy file, the principal
is locked. Before the user can attempt to authenticate again, the
administrator must unlock the principal, which resets the fcnt to zero.
If the user successfully authenticates before the maximum failed
authentication count value, fcnt is automatically reset to zero.
For example, to modify the fcnt parameter for the principal admin, type
kadmin at the HP-UX prompt and specify the mod command, the
principal name, and the fcnt parameter.
Following is a sample output for the mod command with the fcnt
parameter: