Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i: HP 9000 Networking > Chapter 6 Administration

Administrative Permissions
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

Use this window to assign administrative permissions to users. Varying levels of permissions can be assigned. Any combination or all permissions can be assigned to a single user.

There are eight permissions that can be assigned under the KDC for the current realm or for all realms. If you assign permissions for the current realm only the administrator can perform administrative tasks only within the realm. The Restricted Administrator modifier is used in conjunction with the Add Principals, Delete Principals, Change Principal Password, Inquire About Principals, Modify Principals and Extract Keys permissions.

Figure 6-8 Administrative Permissions

Administrative Permissions
Principal

Displays the name of the Principal you are editing. You should add an additional principal account with the /admin instance for the individual requiring administrator privileges.

Add Principals

Select this box to allow this principal to add new principals to the principal database.

Delete Principals

Select this box to allow this principal to delete principals from the principal database.

Modify Principals

Select this box to allow the user to modify principals.

Inquire about Principals

Select this box to allow the user to inquire about specific prinicpals. This option is required for any principal that is being granted access to this Administrator program. To enable a user to log on to the Administrator program, it is sufficient to select the option Inquire about Principals for the current realm only, the lower list, rather than all realms, the upper list

Extract Keys

Select this box to allow the user to extract a key into the service key table file.

Change Principal Password

Select this box to allow the user to change principal passwords. This option allows the user to change or any principal in the principal database, including principals in admin_acl_file.

Restricted Administrator

Select this box in combination with the Add Principals, Delete Principals, Change Principal Password, Inquire about Principals, Modify Principals or Extract Keys boxes in the administrative principal's realm or all realms to permit administrative principals to use these options only against certain prinicpal, as indicated below:

  • Restricted administrator in This Relam field - Restricts actions on admin_acl_file entries that belong to the administrative principal's own realm.

  • Restricted administrator in All Realms field - Restricted actions on admin_acl_file entries that belong to realms other than the administrative principal's own realm.

  • Restricted administrator in both This Realm and All Realms fields - Restricts actions on admin_acl_file entries that belong to any realm supported by the primary security server.

Administrative principals who have the Restricted Administrator modifiers are not restricted from managing principals that are not included in the admin_acl_file.

The Restricted Administrator modifier setting does not override the Modify Administrative Permissions setting; that is, an administrative principal with both the Modify Administrative Permissions and the Restricted Administrator settings enabled can change principal settings in the admin_acl_file, including their own.

The Restricted Administrator modifier setting also does not override the Edit Group Default setting; so an administrative principal with both these settings enabled can edit the values of the default group principal.

Edit Group Select this box to allow the user to edit the default
Defaults

values stored in the default group for the realm. Edits to the default principal are made through the Group Information window.

Modify Select this box to allow the user to modify
Administrative administrative permissions for other users. Changes
Permissions

are made on the Administrative Permissions window.

All button

The Administrative Permissions window features two All buttons,

  • one for the designated principal in all realms

  • the other for the designated principal in the specified realm

Click either button, respectively, to assign all administrative permissions for the principal in all realms or this realm only.



Setting Administrative Permissions
  		 


Realms Tab  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2002 Hewlett-Packard Development Company, L.P.