Filter
Top Products
Administering the Kerberos Server
Manual Administration Using kadmin
Chapter 8216
Require Preauthentication Attribute
The Require Preauthentication attribute determines whether a
principal is required to preauthenticate when requesting a TGT.
Preauthentication implies that the client logon program attaches known
encrypted data to a ticket request, providing additional security when
the TGT is presented to access a secured service.
The Require Preauthentication attribute applies to user and service
principals. If this attribute is set for a user principal, the user must run
the logon software that performs authentication using the
preauthentication protocol. If this attribute is set for a service principal,
the service accepts TGTs only from user principals that obtained a TGT
using a preauthentication protocol.
NOTE Client applications require preauthentication by default; however, a
client can override this setting.
To modify the type of parameter attr for the principal admin and to set
the Require Preauthentication attribute, type kadmin at the HP-UX
prompt and specify the mod command, the principal name, the attr
parameter type, and the attribute.
Following is a sample output of the Require Preauthentication
attribute:
Command: mod
Name of Principal to Modify: admin
Parameter Type to be Modified (attr,fcnt,vno, policy,dn or qui
t) :attr
Attribute (or quit): {preauth|nopreauth}
Principal modified.
Require Password Change Attribute
The Require Password Change attribute determines whether a
principal must change the password of the user during the next
authentication attempt. You must change the password when this
attribute is set for a principal.