2.3 Principal Objects
A principal is a fundamental entity in Kerberos. All the services, clients, and users are represented as principals in Kerberos. Principals are associated with keys.
2.3.1 Principal Attributes
The following table describes the principal attributes:
Table 2-6 Principal Attributes
|
Principal name |
Name of the principal. This is used to uniquely identify a principal within a realm. |
|
Principal expiration |
The time when the principal expires. |
|
Password expiration |
The time when the principal’s password expires. |
|
Principal (secret) key |
A set of all the secret keys that are associated with a principal. The version, type, and other information about the keys are stored in this attribute. |
|
Universal Password enabled |
Specifies whether to use the Universal Password of the user as the Kerberos password. |
|
Last Password change |
The time when the principal password was last changed. |
2.3.2 Principal Associations
The following table describes the object you can associate a principal to:
Table 2-7 Principal Associations
|
Ticket policy |
Reference to a ticket policy object that is applicable to a particular principal. |
|
Password policy |
Reference to a Kerberos password policy object that is applicable to a particular principal. |