Filter
Top Products
Administering the Kerberos Server
Manual Administration Using kadmin
Chapter 8 215
Allow Duplicate Session Key Attribute
The Allow Duplicate Session Key attribute determines whether a
principal is allowed to use a duplicate session key. A duplicate session
key applies to user-to-user authentication and determines which key is
used to encrypt the requested service tickets.
This setting controls the security protocol between a client application,
initiator, and a service called the acceptor. The following processes
occur when an initiator application requests for a duplicate session key:
• The initiator application sends the TGT of the initiator and the
acceptor as a request to the ticket-granting service (TGS). The Allow
Duplicate Session Key attribute is set. The service ticket returned
to the initiator is encrypted with the session key in the TGT of the
acceptor.
• The service ticket returned to the initiator application is encrypted
with the secret key of the acceptor when the Allow Duplicate
Session Key attribute is not set.
This attribute is set by default, thereby allowing an initiator application
to request a duplicate session key for the application of the acceptor. You
must assign the Allow as Service attribute to principal accounts that
use duplicate session keys.
To modify the type of parameter attr for the principal admin and to set
the Allow Duplicate Session Key attribute, type kadmin at the
HP-UX prompt and specify the mod command, the principal name, the
attr parameter type, and the attribute.
Following is a sample output of the Allow Duplicate Session Key
attribute:
Command: mod
Name of Principal to Modify: admin
Parameter Type to be Modified (attr,fcnt,vno, policy,dn or qui
t) :attr
Attribute (or quit): {dskey|nodskey}
Principal modified.