Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i
Administration
Setting Administrative Permissions
Chapter 6 159
Setting Administrative Permissions
Use the kadminl_ui window to assign administrative permissions to
users. When a principal is assigned administrative permissions, the
principal and its permissions are saved to the admin_acl_file located
on the primary security server.
We recommend the convention of adding a principal with the instance
/admin to identify a principal who is an administrator. The user’s /admin
instance should have a different password than other instances, thus
providing additional security during administrative tasks. Users signing
on to kadmin_ui to perform administrative tasks must log in with the
admin principal. For example, user/admin@REALM.
To set administrative permissions
Step 1. In the kadminl_ui window, choose the Principals tab and select the
realm where the principal resides.
Step 2. Find the principal to be assigned administrative permissions and then
click Edit. The Principal Information window appears. See “Finding
a Principal” on page 126 on how to search for a principal.
Step 3. From the Edit menu, select Edit Administrative Permissions. The
Administrative Permissions window appears.
Step 4. Select the appropriate permissions for the principal. The principal may
be assigned permissions for all realms or just for the realm where the
principal resides.
To enable a principal to run the Administrator program, the principal
must have the Inquire About Principals permission enabled.
Step 5. Click OK to save the permissions to admin_acl_file.