sun.com   |  docs.sun.com
How To Buy  |  My Sun  |  Worldwide Sites
         
 
Sun Microsystems Logo
 Products and Services
 		 Support and Training
 
 
System Administration Guide: Security Services >> 17.  Administering Principals and Policies (Tasks) >> Administering Principals >> How to View a Principal's Attributes 

Previous Previous     Contents     Index     Next Next

Example--Viewing a Principal's Attributes (Command Line)

In the following example, the get_principal command of kadmin is used to view the attributes of the jdb/admin principal.

kadmin: getprinc jdb/admin
Principal: jdb/admin@EXAMPLE.COM
Expiration date: Fri Aug 25 17:19:05 PDT 2000
Last password change: [never]
Password expiration date: Wed Apr 14 11:53:10 PDT 1999
Maximum ticket life: 1 day 16:00:00
Maximum renewable life: 1 day 16:00:00
Last modified: Thu Jan 14 11:54:09 PST 1999 (admin/admin@EXAMPLE.COM)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 1
Key: vno 1, DES cbc mode with CRC-32, no salt
Attributes: REQUIRES_HW_AUTH
Policy: [none]
kadmin: quit

ProcedureHow to Create a New Principal

An example of the command-line equivalent follows this procedure.

  1. If necessary, start the SEAM Tool.

    See How to Start the SEAM Tool for details.

    Note - If you are creating a new principal that might need a new policy, you should create the new policy before you create the new principal. Go to How to Create a New Policy.

  2. Click the Principals tab.

  3. Click New.

    The Principal Basics panel that contains some attributes for a principal is displayed.

  4. Specify a principal name and a password.

    Both the principal name and password are mandatory.

  5. Specify values for the principal's attributes, and continue to click Next to specify more attributes.

    Three windows contain attribute information. Choose Context-Sensitive Help from the Help menu to get information about the various attributes in each window. Or, for all the principal attribute descriptions, go to SEAM Tool Panel Descriptions.

  6. Click Save to save the principal, or click Done on the last panel.

  7. If needed, set up Kerberos administration privileges for the new principal in the /etc/krb5/kadm5.acl file.

    See How to Modify the Kerberos Administration Privileges for more details.

Example--Creating a New Principal

The following example shows the Principal Basics panel when a new principal called pak is created. The policy is set to testuser.

Dialog box titled SEAM Administration Tool shows account data for the pak principal. Shows password, account expiration date, and testuser policy.

Example--Creating a New Principal (Command Line)

In the following example, the add_principal command of kadmin is used to create a new principal called pak. The principal's policy is set to testuser.

kadmin: add_principal -policy testuser pak
Enter password for principal "pak@EXAMPLE.COM": <type the password>
Re-enter password for principal "pak@EXAMPLE.COM": <type the password again>
Principal "pak@EXAMPLE.COM" created.
kadmin: quit

ProcedureHow to Duplicate a Principal

This procedure explains how to use all or some of the attributes of an existing principal to create a new principal. No command-line equivalent exists for this procedure.

  1. If necessary, start the SEAM Tool.

    See How to Start the SEAM Tool for details.

  2. Click the Principals tab.

  3. Select the principal in the list that you want to duplicate, then click Duplicate.

    The Principal Basics panel is displayed. All the attributes of the selected principal are duplicated except for the Principal Name and Password fields, which are empty.

  4. Specify a principal name and a password.

    Both the principal name and the password are mandatory. To make an exact duplicate of the principal you selected, click Save and skip to Step 7.

  5. Specify different values for the principal's attributes, and continue to click Next to specify more attributes.

    Three windows contain attribute information. Choose Context-Sensitive Help from the Help menu to get information about the various attributes in each window. Or, for all the principal attribute descriptions, go to SEAM Tool Panel Descriptions.

  6. Click Save to save the principal, or click Done on the last panel.

  7. If needed, set up Kerberos administration privileges for the principal in /etc/krb5/kadm5.acl file.

    See How to Modify the Kerberos Administration Privileges for more details.

ProcedureHow to Modify a Principal

An example of the command-line equivalent follows this procedure.

  1. If necessary, start the SEAM Tool.

    See How to Start the SEAM Tool for details.

  2. Click the Principals tab.

  3. Select the principal in the list that you want to modify, then click Modify.

    The Principal Basics panel that contains some of the attributes for the principal is displayed.

  4. Modify the principal's attributes, and continue to click Next to modify more attributes.

    Three windows contain attribute information. Choose Context-Sensitive Help from the Help menu to get information about the various attributes in each window. Or, for all the principal attribute descriptions, go to SEAM Tool Panel Descriptions.

    Note - You cannot modify a principal's name. To rename a principal, you must duplicate the principal, specify a new name for it, save it, and then delete the old principal.

  5. Click Save to save the principal, or click Done on the last panel.

  6. Modify the Kerberos administration privileges for the principal in the /etc/krb5/kadm5.acl file.

    See How to Modify the Kerberos Administration Privileges for more details.

Previous Previous     Contents     Index     Next Next
 
Copyright 1994-2003 Sun Microsystems