Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i
Administration
Administrative Permissions
Chapter 6 161
Principal Displays the name of the Principal you are editing. You
should add an additional principal account with the
/admin instance for the individual requiring
administrator privileges.
Add Principals Select this box to allow this principal to add new
principals to the principal database.
Delete Principals Select this box to allow this principal to delete
principals from the principal database.
Modify Principals Select this box to allow the user to modify
principals.
Inquire about Principals Select this box to allow the user to inquire
about specific prinicpals.This option is required for any
principal that is being granted access to this
Administrator program. To enable a user to log on to
the Administrator program, it is sufficient to select
the option Inquire about Principals for the current
realm only, the lower list, rather than all realms, the
upper list
Extract Keys Select this box to allow the user to extract a key into
the service key table file.
Change Principal Password Select this box to allow the user to change
principal passwords. This option allows the user to
change or any principal in the principal database,
including principals in admin_acl_file.
Restricted Administrator Select this box in combination with the
Add Principals, Delete Principals, Change Principal
Password, Inquire about Principals, Modify Principals
or Extract Keys boxes in the administrative principal’s
realm or all realms to permit administrative principals
to use these options only against certain prinicpal, as
indicated below:
• Restricted administrator in This Relam field -
Restricts actions on admin_acl_file entries that
belong to the administrative principal’s own realm.
• Restricted administrator in All Realms field -
Restricted actions on admin_acl_file entries that
belong to realms other than the administrative
principal’s own realm.