Use the HP Kerberos Administrator window to assign administrative permissions
to users. When you assign administrative permissions to a principal,
the principal and its permissions are saved to admin_acl_file located on the primary security server.
HP recommends that you add the /admin instance to a principal to identify a principal
as an administrator. The /admin instance of the user must have a password different
from the password for other instances, thus providing additional
security during administrative tasks. To perform administrative
tasks, you must log on to the HP Kerberos Administrator with the admin principal, for instance, user/admin@REALM.
To set administrative permission, complete the following steps:
In the HP Kerberos
Administrator window, choose the Principals tab and
select the realm where the principal is located.
Click List
All or Search to find
the principal for which you want to assign administrative permissions.
For more information on how to search a principal, see “Searching
for a Principal”.
Click Edit to
display the Principal Information window (Figure 8-2 “Principal
Information Window”).
Choose the Principal
Information>Edit, and choose the Edit Administrative Permissions option
to display the Administrative Permissions window (Figure 8-11 “Administrative
Permissions Window”).
In the Administrative Permissions
window, select the appropriate permissions for the principal. You
can assign permission for the principal for all realms or only for
the realm where the principal resides.
To enable a principal to run the remote or local administrative
utility, you must enable the Inquire About Principals option. For
more information, see “Administrative
Permissions”.
Click OK to
save the permissions to admin_acl_file.
Printable version
