Attributes

To retrieve a listing of the attributes and/or policies associated with a principal, use the kadmin get_principal command, which requires the "inquire" administrative privilege. The syntax is:

     get_principal principal
     

The get_principal command has the alias getprinc.

For example, suppose you wanted to view the attributes of the principal
jennifer/[email protected]. You would type:

     shell% kadmin
     kadmin: getprinc jennifer/root
     Principal: jennifer/[email protected]
     Expiration date: [never]
     Last password change: Mon Jan 31 02:06:40 EDT 2002
     Password Expiration date: [none]
     Maximum ticket life: 0 days 10:00:00
     Maximum renewable life: 7 days 00:00:00
     Last modified: Wed Jul 24 14:46:25 EDT 2002 (joeadmin/[email protected])
     Last successful authentication: Mon Jul 29 18:20:17 EDT 2002
     Last failed authentication: Mon Jul 29 18:18:54 EDT 2002
     Failed password attempts: 3
     Number of keys: 2
     Key: vno 2, Triple DES cbc mode with HMAC/sha1, no salt
     Key: vno 2, DES cbc mode with CRC-32, no salt
     Attributes: DISALLOW_FORWARDABLE, DISALLOW_PROXIABLE
     Policy: [none]
     kadmin:
     

The get_principal command has a -terse option, which lists the fields as a quoted, tab-separated string. For example:

     kadmin: getprinc -terse jennifer/root
     jennifer/[email protected]	0	1027458564
     0	36000	 (joeadmin/[email protected]
     1027536385	18	2	0	[none]	604800	1027980137
     1027980054	3	2	1	2	16	0	1
     2	1	0
     kadmin: