Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i
Administration
Password Tab (Principal Information window)
Chapter 6 139
• The keyword NEVER, which indicates that the
expiration is not effected.
Key Version Number
Every principal password has a version number
associated with it that identifies the number of times
the password has been changed. When a principal is
first created, its password version number is one. Every
time the password is changed, the version number is
incremented by one.
Password Last Changed
This date is updated when you change a password. The
word NEVER indicates the password cannot be changed
by the user.
Change Password button Displays the Change Password window,
which provides the option to specify a password or to
generate a random key for the current principal.
Failed Auth Count This is the number of failed authentication attempts
since the last successful authentication by the
principal. Every failed SignOn request by the client
increments the Failed Auth Count by one. If the
number exceeds the maximum allowed by the
MaxFailAuthCnt parameter in the password policy file,
the principal account is automatically locked. To
determine if a principal account is locked, click the
Attributes tab in the Principal Information
window and look at the Lock Principal check box. To
unlock a principal, clear the check box.
For more information, refer to “Password Policy File”
on page 101.
Primary and Secondary Key Types The available key options are
DES3-MD5, DES-MD5,and DES-CRC encryption. Select a
key encryption type for each salt type that you use.
Primary and Secondary Salt Types
A Salt is a string of characters added to a password
before it is transformed into the secret key. Each salt
type, except None has data associated with it. The salt
data is appended to the password before generating the
DES3 or DES encrypted key. The salt key settings are
controlledthroughthePassword tab of the Principals