Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i

Administration

admin_acl_ﬁle

Chapter 696

Assigning Administrative Permissions

Administrative principals may have varying levels of trust assigned to

them, depending on your organization’s policies. Table 6-1 lists the

possible administrative permission settings and the letter designator

used in the admin_acl_file to indicate the permissions assigned to the

principal account. Permissions designated with a lower case letter apply

only to the realm to which the administrative principal belongs.

Permissions designated with an upper-case letter apply to all realms.

The [permissions] is an optional string containing one or more of the

options listed in the table below.

The Restricted administrator setting is a modiﬁer; it must be used in

conjunction with permissions. There are several important

considerations that need to be taken into account while using r, R and Rr

modiﬁers. Refer to “Using Restricted Adminsitrator” on page 99, for

more information.

NOTE The e, E, g and G switches are not affected by the r and R permissions.

* overrides the r and R switches

Table 6-1 Administrative Permission Settings

Administrator Field Name

ACL ﬁle

Character

Add Principals a or A

Change Principal Passwords c or C

Delete Principals d or D

Edit the admin_acl_file.

Note: This setting cannot be restricted by the r or R

permissions

e or E

Edit Group Defaults g or G

Inquire about Principals. Assign this attribute to all

administrative principals to allow use of the

administrative tools

i or I