Administering the Kerberos Server
Manual Administration Using kadmin
Chapter 8220
You can use the kadmin inq command to view the attribute of the
principal. With Require Initial Authentication selected (tgt), the
inquire command shows TGT_BASED in the attributes field. Without the
Require Initial Authentication setting (notgt), the text does not
appear in the attributes field.
Table 8-18 displays the output of the HP Kerberos
Administrator>Attributes tab setting that is equivalent to the kadmin
command. It also indicates the attribute text that displays when you
view the setting of the principal using the kadmin inq command.
Set As Password Change Service Attribute
The Set As Password Change Service attribute determines if a service
principal can act as a change password service. If you set this attribute, a
service principal receives initial tickets for user principals whose
passwords have expired.
NOTE When you select the Set As Password Change Service attribute, the
Require Initial Authentication attribute is automatically selected.
Normally, you select the Set As Password Change Service attribute
only for the service principal defined as a change password service. You
can add other change password service principals to the principal
database if you have created custom applications that require different
password service principals.
To modify the type of parameter attr for the principal admin and to set
the Password Change Service attribute, type kadmin at the HP-UX
prompt and specify the mod command, the principal name, the attr
parameter type, and the attribute.
Table 8-18 Require Initial Authentication Attribute Settings
Attributes Tab Check-Box
Setting
HP Kerberos
Administrator
kadmin inq
Shows:
Select Require Initial
Authentication
notgt No text shows
Select Require Initial
Authentication
tgt TGT_BASED
