Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i
Administration
Attributes Tab (Principal Information window)
Chapter 6 147
Allow Duplicate Session Keys Attribute The Duplicate Session
Key attribute specifies if a principal is allowed to use a
duplicate session key. A duplicate session key. A
duplicate session key is used in user-to-user
authentication and specifies which key is used to
encrypt the tickets.
Require Pre-authentication Attribute The Require
Preauthentication attribute specifies if a principal is
required to use preauthentication in the TGT request.
Preauthentication means that additional known
encrypted data is sent with the ticket request,
providing additional security when the TGT is
presented to gain access to a secured service.
The Require Preauthentication attribute applies to
users and service principals. If this attribute is set for a
user principal, the user is required to be running logon
software that performs authentication using the
preauthentication protocol. If this attribute is set for a
service principal, service cannot accept TGT’s from a
user principal if the user did not obtain a TGT using a
preauthentication protocol.
Require Password Change Attribute TheRequire Password Change
Attribute specifies that a principal must change its
password during the next logon to the security server.
The Require Password Change attribute applies to user
principals.
When a new principals added to the database or when
a principal’s password is changed, this attribute is
controlled by the NoReqChangePwd setting in the
Principal’s Password Policy file. By default,
NoReqChangePwd is set to zero, meaning the user must
change their password at the first logon.
Lock Principal Attribute The Lock Principal attribute specifies if a
principal is active. A locked principal still exists in the
principal database, but it is unable to use or provide
Kerberized services.