OSF DCE Administration Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series

401

402

403

404

405

406

407

408

409

410

Creating and Maintaining Accounts

__________________________________________________________________

Option Meaning

__________________________________________________________________

A ﬂag that determines whether or not tickets with

a start time in the future can be issued to the

account’s principal. The default is no.

-postdatedtkt {yes|no}

__________________________________________________________________

A ﬂag determines whether or not a new ticket

with a different network address than the present

ticket can be issued to the account’s principal.

(The -forwardabletkt attribute option performs

the same function for ticket-granting tickets.) The

default is no.

-proxiabletkt {yes|no}

__________________________________________________________________

A ﬂag that determines whether the current

password is valid. If this ﬂag is set to no, the

account password has expired and the principal

will be prompted to change it the next time that

the principal logs into the account. The default is

yes .

-pwdvalid {yes|no}

__________________________________________________________________

The Kerberos V5 renewable ticket feature is not

currently used by DCE; any use of the renewable

ticket attribute is unsupported at the present time.

-renewabletkt {yes|no}

__________________________________________________________________

A ﬂag that indicates whether or not the account is

for a principal that can act as a server. If the

account is for a server that engages in

authenticated communications, set this ﬂag to

yes. The default is yes.

-server {yes|no}

__________________________________________________________________

The shell that is executed when a principal logs

in.

-shell path_to_shell

__________________________________________________________________

A ﬂag that determines whether or not tickets

issued to the account’s principal can use the

ticket-granting-ticket authentication mechanism.

The default is yes.

-stdtgtauth {yes|no}

__________________________________________________________________

The maximum ticket lifetime. This is the

maximum amount of time in hours that a ticket

can be valid. When a client requests a ticket to a

server, the lifetime granted to the ticket takes into

account the maxtktlife attribute value for both

the server and the client. In other words, the

lifetime cannot exceed the shorter of the server’s

or client’s maximum ticket lifetime.

If you do not specify a maxtktlifetime attribute

value for an account, the maxtktlifetime

attribute value deﬁned for the registry

authorization policy is used. (See Chapter 35.)

-maxtktlife hours

__________________________________________________________________

124243 Tandem Computers Incorporated 31−9