Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i
Administration
Manual Administration Using kadmin
Chapter 6 185
The notgt command in kadmin is equivalent to selecting the Require
Initial Authentication on the Attributes tab of the Administrator;
the tgt command in the kadmin is equivalent to clearing the Require
Initial Authentication check-box on the Attributes tab.
You can use the kadmin inq command to view this principal’s attribute.
With Require Initial Authentication selected (tgt), the inquire
command shows TGT_BASED in the attributes field. Without the Require
Initial Authentication setting (notgt) no text appears in the
attributes field.
Table 6-4 equates the Administrator Attributes tab check-box setting
with the kadmin command setting. It also indicates the attribute text
that shows if you view a principal’s settings using the kadmin inq
command.
Set As Password Change Service Attribute
The Set As Password Change Service attribute determines whether a
service principal can act as a change password service. Setting this
attribute allows a service principal to receive initial tickets for user
principals whose passwords have expired.
NOTE When the Set as Password Change Service attribute is selected, the
Require Initial Authentication Attribute is automatically selected.
Table 6-4 Require Initial Authentication Attribute Settings
Attributes Tab Check-box
Setting
kadmin
Command
Kadmin inq
Shows:
Select Require Initial
Authentication
notgt no text shows
Select Require Initial
Authentication
tgt TGT_BASED