Configuration Guide for Kerberos Client Products on HP-UX 11.0 | HP-UX 11i v1 | HP-UX 11i v1.6 | HP-UX 11i v2

Introduction to the Kerberos Products and GSS-API
HP’s Kerberos Server Version 2.0
Chapter 258
This enables the user to create and manage the principals in the
Kerberos Realms. This includes both the remote administrator,
kadmin_ui, and the local administrator, kadminl_ui. Kerberos
administrators use this utility to:
create, modify and delete principals
alter principal account key type settings
assign administrative permissions
modify the default group principals
extract keys of principals to service key table files
change the principal’s password
add a new realm or delete existing realms
Multithreaded Server
HP’s Kerberos server version 2.0 is a pre-threaded concurrent server.
This feature enables the server to service multiple user requests in the
KDC, thus enhancing performance of the server. The server uses
user-space threads. This is an enhanced feature that was not available in
the previous version of the Kerberos server. The previous version did not
support multiple threads and was handling client requests serially.
High Availability
The Kerberos server daemon (kdcd) is constantly monitored by a parent
process. If the child process dies or crashes, the parent process
automatically spawns a new server daemon. This provides for high
availability in the case of mission critical applications.
Also, it allows for multiple Secondary Security Servers to be configured.
The Secondary Security Server services authentication requests, once it
has been configured to authenticate and receive information propagated
from the Primary Security Server. This enables load balancing for the
Primary Server, with automatic incremental propagation, without any
performance degradation.
The Secondary Security Server also provides redundancy against a
single point of failure. The Kerberos Server also allows administrators to
organize realms according to the types of users or services.