Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i

Administration

admin_acl_ﬁle

Chapter 6 97

NOTE The order of the permission letters is irrelevant.

The principal can also include the “*” wildcard as the admin_acl_file

supports the following identifier/instance wildcards:

• */instance

• identifier/*

This makes it easier to add groups of principal names to the ﬁle. So if you

want any principal with the instance “admin” to have permissions to

administer the database, you could use the principal “*/admin@REALM”.

where ‘REALM’ is your primary security server’s realm.

For example, to grant allprincipals with the admin instance, who need to

have all the permissions assigned to them, add the following line in the

acl ﬁle:

*/admin@FINANCE.BAMBI.COM *

where,

* all prinicpals

admin instance

List prinicpal. This is redundant with i or I

Note: This permission is not displayed in

Administrator

l or L

Modify Principals m or M

Extract Keys x or X

Restricted Administrator. Use the r, R and Rr

modiﬁers in combination with thea, A, c, C, d, D,

i, I, m, M, or x. X permissions to permit

administrative principals to use those options only

against certain principals.

r or R

Table 6-1 Administrative Permission Settings (Continued)

Administrator Field Name

ACL ﬁle

Character