Filter
Top Products
Administering the Kerberos Server
Manual Administration Using kadmin
Chapter 8218
To modify the type of the parameter attr for the principal admin and to
set the Lock Principal attribute, type kadmin at the HP-UX prompt
and specify the mod command, the principal name, the attr parameter
type, and the attribute.
Following is a sample output of the Lock Principal attribute:
Command: mod
Name of Principal to Modify: admin
Parameter Type to be Modified (attr,fcnt,vno, policy,dn or qui
t) :attr
Attribute (or quit): {lock|nolock}
Principal modified.
Allow As Service Attribute
You must select the Allow As Service attribute for any principal that is
used as a service.
This attribute applies to both the user principal and the service
principal. Selecting this attribute does not necessarily mean that the
principal account is being used by a network service application. Select
this attribute for user principals that run programs requiring
user-to-user authentication.
When you set the Allow As Service attribute, the name of the principal
name appears in the server field of the service ticket. If you do not set
this attribute, the Kerberos server cannot issue a service ticket for that
principal because the name of the principal cannot appear in the server
field of the service ticket.
This attribute is set by default, allowing principals to act as a service and
enabling user-to-user authentication for user principals.
To modify the type of the parameter attr for the principal admin and to
set the Allow As Service attribute, type kadmin at the HP-UX prompt
and specify the mod command, the principal name, the attr parameter
type, and the attribute.
Following is a sample output of the Allow As Service attribute:
Command: mod
Name of Principal to Modify: admin
Parameter Type to be Modified (attr,fcnt,vno, policy,dn or qui
t) :attr
Attribute (or quit): {svr|nosvr}
Principal modified.