Filter
Top Products
Administering the Kerberos Server
Manual Administration Using kadmin
Chapter 8212
The Allow Postdated attribute applies to both user and service
principals specified as follows:
• You can issue either a postdated or postdatable ticket for user
principals.
• The server can issue postdated service tickets for the service.
NOTE Before the server issues a postdated service ticket, the requesting user
must possess a postdatable TGT.
To modify the type of the parameter attr for the principal admin and to
set the Allow Postdated attribute, type kadmin at the HP-UX prompt
and specify the mod command, the principal name, the attr parameter
type, and the attribute.
Following is a sample output of the Allow Postdated attribute:
Command: mod
Name of Principal to Modify: admin
Parameter Type to be Modified (attr,fcnt,vno,dn or quit) :attr
Attribute (or quit): {postdate|nopostdate}
Principal modified.
Allow Renewable Attribute
The Allow Renewable attribute determines whether a principal is
allowed to request renewable tickets. Renewable tickets are those that
can be revalidated up to the maximum renewal time.
The principal database krbtgt/REALM@REALM principal contains the
maximum ticket lifetime and the renewable time. You can use the
Maximum Renew Time Setting in the General tab of the Principal
Information window to limit individual principal accounts.
The Allow Renewable attribute applies to both user and service
principals. If this attribute is set to a user principal, the principal can be
issued a renewable ticket. If this attribute is set to a service principal,
the server can issue a renewable ticket for the service.