Administering the Kerberos Server
Chapter 8 121
A principal is a specific entity to which you can assign a set of
credentials. Principals are users and network services that are included
in your security network.
The general syntax for a principal is as follows:
identifier Specifies the name of the network service or a user.
This parameter is mandatory and you must specify the
/instance Specifies the group used to further identify the name.
The instance can identify the duties, organization, or
any other information about the principal.
For a user, the instance is often used to describe the
intended use of the corresponding credentials.
For a host, the instance is the fully qualified domain
name. You can specify up to 255 instances. You must
precede each additional instance with a slash (/).
The commands rlogind, ftpd, rshd, rcpd, and
telnetd use the instance to indicate the name of the
system on which the network service resides.
An instance may also imply special privileges. For
example, a security administrator can have a principal
account with an admin instance to use when
performing administration tasks.
The /instance parameter is not mandatory.
Realm Specifies the realm in which the principal resides. By
convention, realm names are the fully qualified domain
name of the primary security server.
This parameter is mandatory and you must specify the
realm name.
When creating principal names, ensure that a principal name: