Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i
Administration
kadmin Vs kadminl
Chapter 6112
kadmin Vs kadminl
These utilities provide a unified administration interface for the
Kerberos database. Kerberos administrators use these utilities to create
new users and services for the primary database, and to modify
information for the existing entries present in the database.
Both these utilities provide for maintenance of Kerberos principals and
service key tables (v5srvtab). These utilities exist as both a remote
Kerberos client, ‘kadmin’and a local client, ‘kadminl’.
The local client (kadminl) resides on the primary server and is intended
for use by individuals with root access privileges.
The remote client (kadmin) resides on secondary servers and client
systems. This is intended for use by principals with administrative
privileges. It also enables administrators to maintain the database on
the primary security server from their workstations.
Alternatively, you could also use the Graphical User Interface namely,
the kadmin_ui for remote administration and the kadminl_ui for local
administration.
An administrative prinicpal must first be added to the database on the
primary security server before you can log on to the Remote
administrator either from a secondary server or using a client.
To log in to the Remote Administrator, kadmin, you must use a principal
account that has an entry present in the admin_acl_file. For complete
access to all the functions, use an unrestricted administrative principal
account, one with the ‘*’ permissions in the admin_acl_file. At a
minimum, the account must have the inquire privileges. For more
information on administrative permissions, refer to “admin_acl_file” on
page 95.
For more information on the kadmin option, type man kadmin (1) at the
HP-UX prompt
Administration Tools
There are four administration tools, as shown in Table 6-3, that will help
you in administering the Kerberos database.