Manualshelf

Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i

ManualsBrandsHP ManualsSoftwareHP-UX Kerberos Data Security Software
101102103104105106107108109110
Administration
Principals
Chapter 6 105
Adding User Principals
The Kerberos Security Server allows you to add user principals to the
principal database as needed. The only limit on the number of principals
in the database is the disk space available on the primary security server
and each of the secondary security servers.
When adding a user principal to the database, you must assign the
principal identifier, instances (if used) and realm. You must also
designate a temporary password for the principal. You may assign
specific attributes and properties to the account. Any attributes and
properties that are not specifically set for the principal are inherited
from the default group principal.
The temporary password must be communicated to the user before the
user authenticates with the new principal account. The user provides the
temporary password and is required to change the password during the
first authentication attempt. A secure method must be established for
transferring the temporary password information to the user to avoid a
security breach.
Adding New Service Principals
The Kerberos Security Server allows you to add service principals to
the principal database, as needed. A service principal account is used for
a UNIX host system, or a Kerberos-secured service or application that is
available in the network to user principals.
Certain service principals are required by the Kerberos Security
Server and are automatically added to the principal database, when the
Kerberos Server software is installed. Service principal accounts used
by optional secured service applications must be added to the principal
database manually.
Each Kerberos-secured service or application must have the ability to
provide its secret key during authentication. For this reason, service
principal accounts must have specific attributes and properties, as
required by the application. These attributes and properties include:
The application must be able to provide its unique principal name
during authentication.