Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i
Administration
Attributes Tab (Principal Information window)
Chapter 6148
The Lock Principal attribute applies to both user and
service principals. If this attribute is set for a user
principals. If this attribute is set for a user principal,
no tickets can be issued to the user. If this attribute is
set for a service principal, no tickets are issues for it.
The Lock attribute becomes set when a principal
exceeds the maximum number of failed authentication
attempts allowable by the password policy file. The
default maximum level allowed for failed
authentication attempts is five (5). If a principal is
locked, an administrative user must unlock the
principal before the user can authenticate again.
Allow As Service Attribute The Allow As Service attribute
specifies whether a Principal is allowed to act as a
service. Set this attribute to allow a principal to act as
a service (that is, the principal’s name is in the server
field of the service ticket). This attribute should be
selected for any principal that is used as a service
principal.
The Allow As Service Attribute can be applied to all
principals, not just principals that act solely as service
principals. The attribute is selected by default.
NOTE User principals need to have this attribute set when
using user-to-user authentication.
Require Initial Authentication Attribute The Require Initial
Authenticaton attribute specifies whether the server
is allowed to issue service to the service principal on
behalf of a user principal using a previously obtained
TGT.
If this attribute is set for the service principal, a user
principal is required to go through initial
authentication, i.e., required to authenticate to the
server again, to obtain a ticket for that service. For
example, the Change Password service requires that a
principal enter a password to receive a ticket for the