How to View a Kerberos Principal's Attributes

An example of the command-line equivalent follows this procedure.

1. If necessary, start the SEAM Tool.

   See How to Start the SEAM Tool for more information.

   $ /usr/sbin/gkadmin

2. Click the Principals tab.

3. Select the principal in the list that you want to view, then click Modify.

   The Principal Basics panel that contains some of the principal's attributes is displayed.

4. Continue to click Next to view all the principal's attributes.

   Three windows contain attribute information. Choose Context-Sensitive Help from the Help menu to get information about the various attributes in each window. Or, for all the principal attribute descriptions, go to SEAM Tool Panel Descriptions.

5. When you are finished viewing, click Cancel.

Example 25–2 Viewing a Kerberos Principal's Attributes

The following example shows the first window when you are viewing the jdb/admin principal.

Example 25–3 Viewing a Kerberos Principal's Attributes (Command Line)

In the following example, the get_principal command of kadmin is used to view the attributes of the jdb/admin principal.

kadmin: getprinc jdb/admin
Principal: jdb/admin@EXAMPLE.COM
Expiration date: [never]
Last password change: [never]
Password expiration date: Wed Apr 14 11:53:10 PDT 2011
Maximum ticket life: 1 day 16:00:00
Maximum renewable life: 1 day 16:00:00
Last modified: Mon Sep 28 13:32:23 PST 2009 (host/admin@EXAMPLE.COM)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 1
Key: vno 1, AES-256 CTS mode with 96-bit SHA-1 HMAC, no salt
Key: vno 1, AES-128 CTS mode with 96-bit SHA-1 HMAC, no salt
Key: vno 1, Triple DES with HMAC/sha1, no salt
Key: vno 1, ArcFour with HMAC/md5, no salt
Key: vno 1, DES cbc mode with RSA-MD5, no salt
Attributes: REQUIRES_HW_AUTH
Policy: [none]
kadmin: quit