Administering the Kerberos Server
Manual Administration Using kadmin
Chapter 8214
Command: mod
Name of Principal to Modify: admin
Parameter Type to be Modified (attr,fcnt,vno, policy,dn or qui
t) :attr
Attribute (or quit): {forward|noforward}
Principal modified.
Allow Proxy Attribute
The Allow Proxy attribute determines whether a principal is allowed
proxy tickets. Proxy tickets allow applications that a principal accesses
with a TGT to request a special class of service ticket. You can move this
type of service to another host on the network that acts on behalf of the
principal, for example, a print service printing a file for a user.
NOTE You can use the authorization fields of the ticket and authenticator to
hold restrictions on the proxy ticket.
The Allow Proxy attribute applies to both user and service principals. If
this attribute is set for a user principal, you can issue a proxy ticket to
the principal. If this attribute is set for service principal, the server can
issue a proxy service ticket for the service.
NOTE Before the server issues a proxy service ticket, the requesting user must
possess a proxy TGT.
To modify the type of parameter attr for the principal admin and to set
the Allow Proxy attribute, type kadmin at the HP-UX prompt and
specify the mod command, the principal name, the attr parameter type,
and the attribute.
Following is a sample output of the Allow Proxy attribute:
Command: mod
Name of Principal to Modify: admin
Parameter Type to be Modified (attr,fcnt,vno, policy,dn or qui
t) :attr
Attribute (or quit): {proxy|noproxy}
Principal modified.
