Creating an Administrative Principal

Use the kadminl_ui to create administrative prinicpals. When a principal is created and the administrative permissions have been assigned to it, it is saved to the admin_acl_file located on the primary server. For more information on the admin_acl_file, refer to “admin_acl_file”.

We recommend that the /admin instance be assigned to each principal who is an administrator. This implies that a user can have two or more principal accounts, namely,

one or more principals with non-administrative permissions for daily authentication
one principal account with the /admin instance that has administrative permissions




	NOTE: The user's /`admin` principal should have a different password than the user's other principal accounts. This provides additional security during administrative tasks.

To create an administrative principal

In the kadminl_ui window, choose the Principals tab and select the realm in which you want to create the administrative account.
Click New to display the Principal Information window.
Enter the identifier/admin@REALM of the administrative principal in the Principal field.
On the General tab, the default ticket information for the administrative principal already exists. You may change this information else leave it as is.
Display the Change Password window by clicking Apply.
Enter the password information. Do NOT select the Generate Random Key box.
Click OK.
On the Attributes tab, select the attributes for the administrative principal.
- If this administrative principal requires the use of a hardware authentication device, select the Require Preauthentication attribute.
If necessary, click Apply.
From the Edit Menu, select Edit Administrative Permission. Select the permissions for the administrative principal. Click *All to select all principals. Click OK.
Click Cancel to finish.

Creating an Administrative Principal

Technical documentation

» Table of Contents

» Glossary

» Index

To create an administrative principal