Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i: HP 9000 Networking > Chapter 5 Configuration

Add An Administrative Principal
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

Use the Administrator instead of the Command-Line-Administrator option to add the principal account. Refer to, “kadmin Vs kadminl”, for more information on using the Administrator and the Command-Line-Administrator.

While it is possible to use the kadmin option to create an administrative principal, it cannot be used to assign administrative privileges. If you must use the kadmin utilities to manage your administrative prinicpals, use a text editor to add the required entries to the file.

NOTE: You need to be logged in as a root user in order to execute the tasks mentioned above. These tasks must be performed on the Primary Security Server.

For the first administrative principal, we recommend that you assign all permissions, indicated by '*' in the admin_acl_file. Refer to “admin_acl_file”, for more information.

To add an administrative principal using the Administrator

  1. Run Administrator, kadminl_ui

  2. Add a new principal to the default realm using the following syntax:

    identifier/admin@DEFAULT_REALM

  3. Assign password

  4. Using the Edit-> Edit Administrative Permissions menu, assign ALL administrative permissions to the principal

  5. On the Attributes tab, clear the Require Password Change Checkbox.

  6. Save your changes and close the Administrator

The principal account, by default, requires a password change at the first logon. However, kadmin does not permit password changes, unless you have explicit permissions to do so.

To enable authentication, you must disable the password change requirement when you create the administrative principal account.

If you are using the kadminl_ui, go to the Attributes tab on the Principal Information Window and clear the Require Password Change checkbox. If you are using kadminl, use the mod command and set nopwchg to indicate no password change is required.

You can also disable the password change requirement by setting the NoReqChangePwd setting in the principal's password policy file to 1.

Refer to “Administrator”, for more information on using the Administrator.

To add an administrative principal using the Remote Command-Line-Administrator

  1. Run Command-Line-Administrator, kadmin

  2. Add a new principal to the default realm using the following syntax:

    command: add
    Name of Principal to add: admin
    Enter password:password
    Re-enter password for verification:password
    Principal added

Refer to “Manual Administration Using kadmin”, for more information on assigning administrative privileges to principals.



Creating The Principal Database After Installation
  		 


Create The host/<fqdn> principal And Extract Its Service Key  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2002 Hewlett-Packard Development Company, L.P.