Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i: HP 9000 Networking > Chapter 6 Administration

kadmin Vs kadminl
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

These utilities provide a unified administration interface for the Kerberos database. Kerberos administrators use these utilities to create new users and services for the primary database, and to modify information for the existing entries present in the database.

Both these utilities provide for maintenance of Kerberos principals and service key tables (v5srvtab). These utilities exist as both a remote Kerberos client, 'kadmin'and a local client, 'kadminl'.

The local client (kadminl) resides on the primary server and is intended for use by individuals with root access privileges.

The remote client (kadmin) resides on secondary servers and client systems. This is intended for use by principals with administrative privileges. It also enables administrators to maintain the database on the primary security server from their workstations.

Alternatively, you could also use the Graphical User Interface namely, the kadmin_ui for remote administration and the kadminl_ui for local administration.

An administrative prinicpal must first be added to the database on the primary security server before you can log on to the Remote administrator either from a secondary server or using a client.

To log in to the Remote Administrator, kadmin, you must use a principal account that has an entry present in the admin_acl_file. For complete access to all the functions, use an unrestricted administrative principal account, one with the '*' permissions in the admin_acl_file. At a minimum, the account must have the inquire privileges. For more information on administrative permissions, refer to “admin_acl_file”.

For more information on the kadmin option, type man kadmin (1) at the HP-UX prompt

Administration Tools

There are four administration tools, as shown in Table 6-3 “Administration Tools”, that will help you in administering the Kerberos database.

Table 6-3 Administration Tools

Tool Name

Tool Description
Local Administrator (kadminl_ui)The graphical interface that runs on the primary security server
Local Command-Line-Administrator (kadminl)The command line tools that runs on the primary security server
Remote Administrator (kadmin_ui)The graphical user interface that can only be run by administrative principals with the required permissions. It runs on all secondary security servers and any client system where the tool was installed.
Remote Command-Line-Administrator (kadmin)

The command line tool that can only be run by administrative principals with the required permissions. It runs on all secondary servers and any client system where the tool was installed.

 

NOTE: The Command-Line-Administrator has limited capabilities. It cannot be used to control: administrative permissions; maximum ticket lifetimes and renew times or adding new realms. Hence, we recommend that the Graphical user Interface be used for all administrative purposes.


Principals
  		 


Administrator  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2002 Hewlett-Packard Development Company, L.P.