Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 Kerberos Server Version 3.12 Administrator's Guide: HP-UX 11i v3 > Chapter 8 Administering the Kerberos Server

Administrative Permissions
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

You can assign administrative permissions using the Administrative Permissions window. Choose Principal Information>Edit, and select the Edit Administrative Permissions option to display the Administrative Permissions window (Figure 8-11 “Administrative Permissions Window”). You can assign different levels of permissions in any combination or all the permissions to a single user.

Figure 8-11 Administrative Permissions Window

Administrative Permissions Window

You can assign eight permissions in the KDC for the current realm or for all realms. If you assign permissions only for the current realm, the administrator can perform administrative tasks only within the realm. You can use the Restricted Administrator modifier in conjunction with the Add Principals, Delete Principals, Change Principal Password, Inquire About Principals, Modify Principals, and Extract Keys permissions.

Table 8-15 “Group Information Window Components” describes the components of the Group Information window.

Table 8-15 Group Information Window Components

ComponentDescription
PrincipalDisplays the name of the principal that you are editing. You must add an additional principal account with the /admin instance for the individual requiring administrator privileges.
Add PrincipalsAllows the principal to add new principals to the principal database.
Delete PrincipalsAllows the principal to delete principals from the principal database.
Modify PrincipalsModifies principals.
Inquire about PrincipalsInquires about specific prinicpals. You must enable this option for all principals that access the Kerberos administrative utilities. If you wish to log on to the HP Kerberos Administrator, select the Permission for this principal in This Realm box>Inquire about Principals attribute.

Extract Keys

Extracts a key into the service key table file.

Change Principal Password

Changes principal passwords. In addition to the principals in admin_acl_file, you can also change any principal in the principal database.

Restricted Administrator

Select this option in addition to the Add Principals, Delete Principals, Modify Principals, Inquire about Principals, Extract Keys, Change Principal Password attributes in the realm of the administrative principal or all realms to permit administrative principals to use these options only for the following principals:

  • Restricted administrator in the This Realm box - Restricts actions on admin_acl_file entries that belong to the realm of the administrative principal.

  • Restricted administrator in the All Realms box - Restricts actions on admin_acl_file entries that belong to realms other than the realm of the administrative principal.

  • Restricted administrator in both the This Realm box and the All Realms box - Restricts actions on admin_acl_file entries that belong to any realm supported by the primary security server.

You cannot restrict the administrative principals that have the Restricted Administrator modifier from managing principals that are not included in admin_acl_file.

The Restricted Administrator modifier setting does not override the Modify Administrative Permissions, that is, an administrative principal with both the Modify Administrative Permissions and the Restricted Administrator settings can change the principal settings in admin_acl_file, including their own principal settings.

The Restricted Administrator modifier setting also does not override the Principal Information>Edit>Edit Group Default setting; an administrative principal with both these settings enabled can edit the values of the default group principal.

Edit Group Defaults

Edits the default values stored in the default group for the realm. You can edit the default principal using the Principal Information>Edit>Edit Default Group>Group Information window.

Modify Administrative Permissions

Modifies administrative permissions for others users. You can modify the administrative permission using the Principal Information>Edit>Edit Administrative Permissions>Administrative Permissions window.

All*

The Administrative Permissions window contains two All* buttons for the following purposes:

  • A designated principal in all realms

  • A designated principal in the specified realm

Click All* to assign all administrative permissions for the principal in all realms or only in this realm.

 



Setting Administrative Permissions
  		 


Realms Tab  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2007 Hewlett-Packard Development Company, L.P.