Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i
Administration
admin_acl_file
Chapter 6 95
admin_acl_file
This file lists authorized principals with their respective administrative
permissions. It also lists principals that cannot be modified without
explicit privileges. This file is located only on the primary security server,
at the following location:
/opt/krb5
It must be protected with appropriate read-write privileges and must
be accessible only by the root user.
kadmind checks for the principal’s permissions in the admin_acl_file.
The admin_acl_file can be edited directly on the primary server, or can
also be edited remotely using the Administrative Permissions
window of the Administrator.
The general format of the file is:
identifier/instance@REALM [perms_list] [# comments]
where,
identifier The principal’s name
instance The administrative instance associated with the
principal. It is recommended that you add an admin
instance to each administrative principal name.
If the prinicpal resides in the primary security server’s
default realm, the @REALM is optional; else you will
need to explicitly specify the principal’s realm.
[perms_list] You need to add one or more of the permissions letters
listed in the table below, with no spaces between them.
[# comment] Contains any optional remarks about the principal.
Characters after the pound symbol are ignored.
Each line in the admin_acl_file matches an administrative principal
with a set of permissions. Wildcards can also be used to enter groups of
principal names.