Manualshelf

Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i

ManualsBrandsHP ManualsSoftwareHP-UX Kerberos Data Security Software
101102103104105106107108109110
Administration
Principals
Chapter 6 103
Principals
A Principal is a string that names a specific entity to which a set of
credentials may be assigned. Principals are users and network services
that are included in your security network.
The general syntax of a principal is:
identifier/instance@REALM
A principal name consists of three parts,
identifier is the name of either the network service or a user.
This is a required parameter and has to be specified.
/instance is a group used to further identify the name. The
instance can identify the duties, organization or any
other information about the principal.
In case of a user, the instance is often used to describe
the intended use of the corresponding credentials.
In case of a host, the instance, is the fully qualified
domain name. Multiple instances of upto 255, are
allowed. Each additional instance is preceded by a /.
The rlogind, ftpd, rshd, rcpd, and telnetd use the
instance to indicate the name of the system where the
network service resides.
An instance may also imply special privileges. For
example, a security administrator could have a
principal account with an admin instance to use when
performing administration tasks.
This is an optional parameter that need not be
specified
Realm identifies the realm in which the principal resides. By
convention, realm names are generally are the fully
qualified domain name of the primary server.
This a required parameter and has to be specified.
When creating principal names, note that a principal name:
is case sensitive