Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i
Administration
Creating an Administrative Principal
Chapter 6124
Creating an Administrative Principal
Use the kadminl_ui to create administrative prinicpals. When a
principal is created and the administrative permissions have been
assigned to it, it is saved to the admin_acl_file located on the primary
server. For more information on the admin_acl_file, refer to
“admin_acl_file” on page 95.
We recommend that the /admin instance be assigned to each principal
who is an administrator. This implies that a user can have two or more
principal accounts, namely,
• one or more principals with non-administrative permissions for daily
authentication
• one principal account with the /admin instance that has
administrative permissions
NOTE The user’s /admin principal should have a different password than the
user’s other principal accounts. This provides additional security during
administrative tasks.
To create an administrative principal
Step 1. In the kadminl_ui window, choose the Principals tab and select the
realm in which you want to create the administrative account.
Step 2. Click New to display the Principal Information window.
Step 3. Enter the identifier/admin@REALM of the administrative principal in
the Principal field.
Step 4. On the General tab, the defaultticket information for theadministrative
principal already exists. You may change this information else leave it as
is.
Step 5. Display the Change Password window by clicking Apply.
Step 6. Enter the password information. Do NOT select the Generate Random
Key box.