Filter
Top Products
Administering the Kerberos Server
Manual Administration Using kadmin
Chapter 8 213
NOTE Before the server issues a renewable service ticket, the requesting user
must possess a renewable TGT.
To modify the type of the parameter attr for the principal admin and to
set the Allow Renewable attribute, type kadmin at the HP-UX prompt
and specify the mod command, the principal name, the attr parameter
type, and the attribute.
Following is a sample output of the Allow Renewable attribute:
Command: mod
Name of Principal to Modify: admin
Parameter Type to be Modified (attr,fcnt,vno, policy,dn or qui
t) :attr
Attribute (or quit): {renew|norenew}
Principal modified.
Allow Forwardable Attribute
The Allow Forwardable attribute determines whether a principal is
allowed ticket forwarding. Forwarding is a mechanism to send a TGT to a
remote system, from one network host to another. On behalf of the
principal, you can use the forwarded TGT to generate a new service
ticket on the second host system. This eliminates the need for the user to
reauthenticate and re-enter the password on the second host.
The Allow Forwardable attribute applies to both user and service
principals. If this attribute is set for a user principal, you can issue a
forwarded or forwardable ticket to the principal. If this attribute is set
for a service principal, the server can issue a forwarded service ticket for
the service.
NOTE Before the server issues a service ticket on the remote host, the
requesting user must possess a forwarded TGT.
To modify the type of the parameter attr for the principal admin and to
set the Allow Forwardable attribute, type kadmin at the HP-UX prompt
and specify the mod command, the principal name, the attr parameter
type, and the attribute.
Following is a sample output of the Allow Forwardable attribute: