Manualshelf

Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i

ManualsBrandsHP ManualsSoftwareHP-UX Kerberos Data Security Software
101102103104105106107108109110
Administration
Principals
Chapter 6 109
The fqdn instance must be the fully qualified domain name (FQDN) of the
host system for the server or service. The FQDN must be entered as
lower-case characters.
These principals are not automatically added to the principal database
when the security servers or application services are installed.
Removing User Principals
You may need to delete user principals from the database. When a
principal account is deleted from the database, the principal can no
longer be used to authenticate to the security server.
To delete a principal, use either the Administrator or
Command-Line-Administrator. This removes the principal name,
attributes, and properties from the database.
For user principals, there may be additional steps that must be
performed to remove the special privilege settings.
For user principals that use UNIX systems, every UNIX host used by a
principal contains the host/ service principal. If this system is
unused, delete the service key from the host and remove the
host/<fqdn> principal from the database.
Remove Special Privilege Settings
If the principal had special privileges, you must also remove those rights.
Examples of special privileges include:
Administrative principal who are aware of the UNIX root password.
Ensure that you change the root or Administrator password
according to your password requirements.
Administrative principal using kadmin. Ensure that the
administrative principal entry in the admin_acl_file is removed.
NOTE When you delete an administrative principal using Administrator, any
reference to that principal is automatically removed from the
admin_acl_file.