Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i
Administration
Manual Administration Using kadmin
Chapter 6184
To modify the parameter type attr of the principal admin, to set the
Allow as Service Attribute, you need to do the following:
Command: mod
Name of Principal to Modify: admin
Parameter Type to be Modified (attr,fcnt,vno or quit) :attr
Attribute (or quit): {svr|nosvr}
Principal modified.
Require Initial Authentication Attribute
The Require Initial Authentication attribute specifies whether the
server is allowed toissue service tickets to a service principal onbehalf of
a user principal using an existing TGT.
The Require Initial Authentication attribute applies only to service
principals,
• If this attribute is set, user principals must re-authenticate to the
security server before the server issues a service ticket for that
service. For example, the change password service requires a
principal to enter a password to receive a ticket for the change
password service before the password can be changed.
• If this attribute is not set, the server may issue a service ticket based
on the user principal’s existing TGT.
NOTE In Administrator, when the Require Initial Authentication
attribute is selected, the Allow as Service Attribute is automatically
selected.
Do not enable this setting for user principal accounts. This attribute is
applicable to selected service principals.
To modify the parameter type attr of the principal admin, to set the
Require Initial Authentication Attribute, you need to do the
following:
Command: mod
Name of Principal to Modify: admin
Parameter Type to be Modified (attr,fcnt,vno or quit) :attr
Attribute (or quit): {tgt|notgt}
Principal modified.