Administering the Kerberos Server
HP Kerberos Administrator
Chapter 8132
HP Kerberos Administrator
HP Kerberos Administrator is a graphical user interface that you can
use to administer the principal database.
You can use the HP Kerberos Administrator to perform the following
functions:
• Creating, modifying, and deleting principals.
• Altering a principal account key type setting.
• Assigning administrative permissions.
• Modifying the default group principals.
• Extracting principals to service key table files.
Following are the different types of graphical user interface
administrative utilities:
• kadminl_ui –The local administrator.
• kadmin_ui – The remote administrator.
The local administrator, kadminl_ui, is available only on the primary
security server, and is located in the /opt/krb5/admin/kadminl_ui
directory.
You can install the remote administrator, kadmin_ui, on secondary
security servers and clients to permit remote administration of the
principal database. The kadmin_ui remote administrator is located in
the /opt/krb5/bin/kadmin_ui directory on the secondary security
servers and clients.
NOTE You must use kadminl to add the first administrative principal, before
you can use kadmin from a secondary security server or client.
You need not log on as an admin principal to the local administrator. A
user with root access to the primary security server can run kadminl.
Alternatively, to log on to the remote administrator, use a principal
account that has an entry in admin_acl_file. For complete access to all
the functions, use an unrestricted administrative principal account with
