Administering the Kerberos Server
Chapter 8 127
You must enter the fqdn in lowercase letters, and the fqdn instance
must be the fully qualified domain name of the host system for the server
or service.
These principals are not automatically added to the principal database
when you install the Kerberos servers or application services.
Removing User Principals
You may need to delete user principals from the database. When you
delete a principal account from the database, the principal name,
attributes, and properties are removed from the database and you cannot
use the principal to authenticate to the Kerberos server. To delete a
principal, use the HP Kerberos Administrator or the command-line
interface administrative utility.
For user principals, you may need to perform additional steps to remove
the special privilege settings.
For user principals that use a UNIX system, every UNIX host that a
principal uses contains the host/service principal. If this system is
unused, delete the service key from the host and remove the
host/<fqdn> principal from the database.
Removing Special Privilege Settings
If the principal has special privileges, remove these privileges. Examples
of special privileges are as follows:
• Administrative principal that is aware of the UNIX root password.
Ensure that you change the root or administrator password
according to your password requirements.
• Administrative principal using kadmin. Ensure that you remove the
administrative principal entry in admin_acl_file.
NOTE When you delete an administrative principal using the HP Kerberos
Administrator, any reference to that principal is automatically removed
from admin_acl_file.