Manualshelf

HP-UX 11i June 2003 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU
261262263264265266267268269270
Security
HP-UX Kerberos Server Version 2.0
Chapter 13
267
HP-UX Kerberos Server Version 2.0
updated for June
2002
As of June 2002, HP-UX Kerberos Server 2.0 is available on the Application Release CD.
The current version of the Kerberos server supersedes the earlier MIT based Kerberos
server (version 1.0), on HP-UX 11i. This version of the Kerberos server offers many
enhancements when compared to the previous version. This section discusses the salient
features of HP's Kerberos server V 2.0. For further information, visit
http://docs.hp.com/hpux/onlinedocs/T1417-90003/T1417-90003.html.
NOTE For information on Kerberos Server version 1.0, as delivered on the Application Release
CD for previous releases of HP-UX 11i v1, see the HP-UX 11i September 2001 Release
Notes, available at http://docs.hp.com.
Single Sign-on
Using the Kerberos protocol, users have the foundation for secure single sign-on to
applications and resources. Clients initially use a password that is used to obtain an
initial ticket from the Kerberos Server. This ticket is then used to obtain further service
tickets to access any Kerberized application that is located on the network. In this way, a
single sign-on provides credentials to automatically access multiple applications and
services wherever they reside on the network.
Cross-realm Authentication
The server provides both an authentication service as well as acts as a key distribution
center (KDC). HP-UX Kerberos server supports cross-realm authentication. One use is
to work with Windows clients who gain Windows 2000 Kerberos credentials. These are
then used to authenticate the user to the HP-UX Kerberos server which, in turn, creates
credentials for HP-UX applications and services, all with a single sign-on.
GUI Based Administration tool
In the Kerberos Server version 1.0 release, the administration tool was a command-line
tool. This version of the Kerberos server (version 2.0) provides a GUI based tool to help
administer the Kerberos server.
Multithreaded Server
Multithreading capability is available for servicing the user requests in the Key
Distribution Center. Also, this version of the Kerberos Server uses a B+ Tree based
backend database. This helps improve the performance of the Kerberos Server.