Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i
Administration
Manual Administration Using kadmin
Chapter 6180
Command: mod
Name of Principal to Modify: admin
Parameter Type to be Modified (attr,fcnt,vno or quit) :attr
Attribute (or quit): {forward|noforward}
Principal modified.
Allow Proxy Attribute
The Allow Proxy attribute determines whether a principal is allowed
proxy tickets. Proxy tickets allow applications that a principal accesses
with a TGT to request a special class of service ticket. This type of service
ticket can be moved to another host on the network that acts on the
principal’s behalf. For example, a print service printing a file for a user.
WARNING The authorization fields of the ticket and authenticator can be
used to hold restrictions on the proxy ticket.
The Allow Proxy attribute applies to both user and service principals. If
this attribute is set for a,
• User principal, the principal can be issued a proxy ticket
• Service principal, the server can issue a proxy service ticket for
the service
NOTE Before the server issues a proxy service ticket, the requesting user must
possess a proxy TGT
To modify the parameter type attr for the principal admin, to set the
Allow Proxy Attribute, you need to do the following:
Command: mod
Name of Principal to Modify: admin
Parameter Type to be Modified (attr,fcnt,vno or quit) :attr
Attribute (or quit): {proxy|noproxy}
Principal modified.