Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i

Administration

Principals

Chapter 6104

• cannot be longer than 767 characters

• must be uniquely deﬁned in the ﬁrst 255 characters

• cannot contain a space, tab, number sign (#), backward slash (\) or

colon (:)

NOTE The forward slash (/) is an allowed character and is used to delineate

the instance.

There are two types of principals:

• user principals

User principals are accounts assigned to individuals in your

organization. There must be at least one account for each individual.

You may choose to add multiple accounts for one individual if the

accounts are intended to be used for different purposes. Use the

instance parameter of the principal name to designate the intended

use of the account. There are two special categories of user

principals:-

— Administrative principals are user accounts that have

administrative permissions assigned to them.

We recommend, that you use the /admin instance to distinguish

these accounts. These principals have the administrative

permissions assigned in the admin_acl_file.

• service principals

A service principal is a principal accountassigned to aservice in your

security network. Examples of service principals include secured

daemons or services that are accessible on the network, or host/

principals that are created for a user’s host system.