Sun Microsystems, Inc.
spacerspacer
spacer www.sun.com docs.sun.com |
spacer
black dot
 
 
10.  Administering Principals and Policies (Tasks) Administering Principals How to View a Principal's Attributes Example--Viewing a Principal's Attributes (Command Line)  Previous   Contents   Next 
   
 

How to Create a New Principal

An example of the command-line equivalent follows this procedure.

  1. If necessary, start the SEAM Tool.

    See "How to Start the SEAM Tool" for details.

    Note - If you are creating a new principal that might need a new policy, you should create the new policy before you create the new principal. Go to "How to Create a New Policy".

  2. Click the Principals tab.

  3. Click New.

    The Principal Basics panel that contains some attributes for a principal is displayed.

  4. Specify a principal name and a password.

    Both the principal name and password are mandatory.

  5. Specify values for the principal's attributes, and continue to click Next to specify more attributes.

    Three windows contain attribute information. Choose Context-Sensitive Help from the Help menu to get information about the various attributes in each window. Or, for all the principal attribute descriptions, go to "SEAM Tool Panel Descriptions".

  6. Click Save to save the principal, or click Done on the last panel.

  7. If needed, set up Kerberos administration privileges for the new principal in the /etc/krb5/kadm5.acl file.

    See "How to Modify the Kerberos Administration Privileges" for more details.

Example--Creating a New Principal

The following example shows the Principal Basics panel when a new principal called pak is created. The policy is set to testuser.

Example--Creating a New Principal (Command Line)

In the following example, the add_principal command of kadmin is used to create a new principal called pak. The principal's policy is set to testuser.

kadmin: add_principal -policy testuser pak
Enter password for principal "pak@EXAMPLE.COM": <type the password>
Re-enter password for principal "pak@EXAMPLE.COM": <type the password again>
Principal "pak@EXAMPLE.COM" created.
kadmin: quit

How to Duplicate a Principal

This procedure explains how to use all or some of the attributes of an existing principal to create a new principal. No command-line equivalent exists for this procedure.

  1. If necessary, start the SEAM Tool.

    See "How to Start the SEAM Tool" for details.

  2. Click the Principals tab.

  3. Select the principal in the list that you want to duplicate, then click Duplicate.

    The Principal Basics panel is displayed. All the attributes of the selected principal are duplicated except for the Principal Name and Password fields, which are empty.

  4. Specify a principal name and a password.

    Both the principal name and the password are mandatory. To make an exact duplicate of the principal you selected, click Save and skip to Step 7.

  5. Specify different values for the principal's attributes, and continue to click Next to specify more attributes.

    Three windows contain attribute information. Choose Context-Sensitive Help from the Help menu to get information about the various attributes in each window. Or, for all the principal attribute descriptions, go to "SEAM Tool Panel Descriptions".

  6. Click Save to save the principal, or click Done on the last panel.

  7. If needed, set up Kerberos administration privileges for the principal in /etc/krb5/kadm5.acl file.

    See "How to Modify the Kerberos Administration Privileges" for more details.

How to Modify a Principal

An example of the command-line equivalent follows this procedure.

  1. If necessary, start the SEAM Tool.

    See "How to Start the SEAM Tool" for details.

  2. Click the Principals tab.

  3. Select the principal in the list that you want to modify, then click Modify.

    The Principal Basics panel that contains some of the attributes for the principal is displayed.

  4. Modify the principal's attributes, and continue to click Next to modify more attributes.

    Three windows contain attribute information. Choose Context-Sensitive Help from the Help menu to get information about the various attributes in each window. Or, for all the principal attribute descriptions, go to "SEAM Tool Panel Descriptions".

    Note - You cannot modify a principal's name. To rename a principal, you must duplicate the principal, specify a new name for it, save it, and then delete the old principal.

  5. Click Save to save the principal, or click Done on the last panel.

  6. Modify the Kerberos administration privileges for the principal in the /etc/krb5/kadm5.acl file.

    See "How to Modify the Kerberos Administration Privileges" for more details.

Example--Modifying a Principal's Password (Command Line)

In the following example, the change_password command of kadmin is used to modify the password for the jdb principal. The change_password command does not let you change the password to a password that is in the principal's password history.

kadmin: change_password jdb
Enter password for principal "jdb": <type the new password>
Re-enter password for principal "jdb": <type the password again>
Password for "jdb@EXAMPLE.COM" changed.
kadmin: quit

To modify other attributes for a principal, you must use the modify_principal command of kadmin.

How to Delete a Principal

An example of the command-line equivalent follows this procedure.

  1. If necessary, start the SEAM Tool.

    See "How to Start the SEAM Tool" for details.

  2. Click the Principals tab.

  3. Select the principal in the list that you want to delete, then click Delete.

    After you confirm the deletion, the principal is deleted.

  4. Remove the principal from the Kerberos access control list (ACL) file, /etc/krb5/kadm5.acl.

    See "How to Modify the Kerberos Administration Privileges" for more details.

 		 
 
  Previous   Contents   Next