Administering the Kerberos Server
Chapter 8122
• Is case sensitive.
• Cannot be longer than 767 characters.
• Must be uniquely defined in the first 255 characters.
• Cannot contain a space, tab, pound symbol (#), backward slash (\)or
colon (:).
• Does not subscribe to a NULL policy. If you subscribe to a policy that
does not exist in the password.policy file, the default policy * is
applied for the principal.
NOTE You can use the slash (/) character in a principal name to delineate an
Following are the different types of principals:
• User principal
A user principal is an account assigned to an individual in your
organization. Each individual must have at least one account. You
may choose to add multiple accounts for one individual if you intend
to use the accounts for different purposes. Use the instance
parameter of the principal name to designate the intended use of the
account. Following are the special categories for user principals:
Administrative principals are user accounts with administrative
permissions assigned in admin_acl_file. HP recommends that you
use the /admin instance to distinguish these accounts.
• Service principal
A service principal is a principal account assigned to a service in your
security network. Examples of service principals include secured
daemons or services that are accessible on the network, and host/
principals created for a host system of the user.