Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i
Configuration
Add An Administrative Principal
Chapter 580
Add An Administrative Principal
Use the Administrator instead of the Command-Line-Administrator
option to add the principal account. Refer to, “kadmin Vs kadminl” on
page 112, for more information on using the Administrator and the
Command-Line-Administrator.
While it is possible to use the kadmin option to create an administrative
principal, it cannot be used to assign administrative privileges. If you
must use the kadmin utilities to manage your administrative prinicpals,
use a text editor to add the required entries to the file.
NOTE You need to be logged in as a root user in order to execute the tasks
mentioned above. These tasks must be performed on the Primary
Security Server.
For the first administrative principal, we recommend that you assign all
permissions, indicated by ‘*’ in the admin_acl_file. Refer to
“admin_acl_file” on page 95, for more information.
To add an administrative principal using the
Administrator
1. Run Administrator, kadminl_ui
2. Add a new principal to the default realm using the following syntax:
identifier/admin@DEFAULT_REALM
3. Assign password
4. Using the Edit-> Edit Administrative Permissions menu,
assign ALL administrative permissions to the principal
5. On the Attributes tab, clear the Require Password Change
Checkbox.
6. Save your changes and close the Administrator
The principal account, by default, requires a password change at the first
logon. However, kadmin does not permit password changes, unless you
have explicit permissions to do so.