Manualshelf

Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i

ManualsBrandsHP ManualsSoftwareHP-UX Kerberos Data Security Software
171172173174175176177178179180
Administration
Manual Administration Using kadmin
Chapter 6 179
Service principal, the server can issue a renewable ticket for the
service
NOTE Before the server issues a renewable service ticket, the
requesting user must possess a renewable TGT.
To modify the parameter type attr for the principal admin, to set the
Allow Renewable Attribute, you would need to do the following:
Command: mod
Name of Principal to Modify: admin
Parameter Type to be Modified (attr,fcnt,vno or quit) :attr
Attribute (or quit): {renew|norenew}
Principal modified.
Allow Forwardable Attribute
The Allow Forwardable attribute determines whether a principal is
allowed ticket forwarding. Forwarding is a mechanism to send a TGT to a
remote system, from one network host to another. The forwarded TGT can
be used to generate, on the principal’s behalf, a new service ticket on the
second host’s system. This eliminates the need for the user to
re-authenticate and re-enter the password on the second host.
The Allow Forwardable attribute applies to both user and service
principals. If this attribute is set for a,
User principal, the principal can be issued a forwarded or
forwardable ticket
Service principal, the server can issue a forwarded service ticket
for the service
NOTE Before the server issues a service ticket on the remote host, the
requesting user must possess a forwarded TGT
To modify the parameter type attr for the principal admin, to set the
Allow Forwardable Attribute, you need to do the following: