Kerberos Server Version 3.0 Release Notes
HP’s Kerberos Server V 3.0 Release Notes
Kerberos Server Version 3.0 Benefits and Features
Chapter 110
— Assign administrative permissions
— Modify the default group principals
— Extract principals to service key table files
— Reset password of principals
There are two different versions of the Administrator, namely
— kadminl_ui - the local administrator
— kadmin_ui - the remote administrator
The local administrator, kadminl_ui, is available only on the primary server.
The remote administrator, kadmin_ui, can be installed on secondary security servers and
clients to permit remote administration of the principal database.
Location
Local Administrator on the primary security server:
/opt/krb5/admin/kadminl_ui
Remote Administrator on secondary security servers and clients:
/opt/krb5/bin/kadmin_ui
NOTE You must add the first administrative principal using the Local
Administrator, kadminl or kadminl_ui, located on the primary server
before you can use the Remote Administrator, kadmin or kadmin_ui from a
secondary server or client.
You do not need to log in to the Local Administrator. Any user with root access to the
primary security server can run the Local Administrator.
Alternatively, to log in to the Remote Administrator, you must use a principal account
that has an entry in the admin_acl_file. For complete access to all the functions use an
unrestricted administrative principal account, one with ‘*’ permissions in the
admin_acl_file. At a minimum, the account must have inquire privileges.
For more information on Kerberos Server Version 3.0 refer to the Kerberos Server Version
3.0 Administrator’s Guide (T1417-90007).