Manualshelf

Configuration Guide for Kerberos Client Products on HP-UX 11.0 | HP-UX 11i v1 | HP-UX 11i v1.6 | HP-UX 11i v2

ManualsBrandsHP ManualsSoftwareHP-UX Kerberos Data Security Software
51525354555657585960
Introduction to the Kerberos Products and GSS-API
HP’s Kerberos Server Version 2.0
Chapter 2 59
Dynamic Propagation
In Kerberos server version 1.0, the entire database had to be periodically
dumped and propagated. This resulted in heavy network traffic and thus
reduced performance.
It is important that secondary servers are configured to act as
authentication servers. This allows the Primary Server to be available
for tasks other than authentication. When a secondary server is
configured, it is necessary that both the servers are in sync with each
other. If entries are updated on the Primary Server, they should be
updated on the secondary server as well. The databases on the primary
and the secondary servers are synchronized by a mechanism called
‘propagation’. A daemon name ‘kpropd’ running on the Primary Server
ensures that the data is synchronized with the other secondary server.
This dynamic propagation was not available in the previous version of
the Kerberos server.
This version of the Kerberos Server also supports hierarchical
propagation. The primary server need not propagate the database to all
the secondary servers in the realm, except for a designated secondary
server. This designated secondary server will then propagate the
database to the other secondary servers available in the realm. This is
possible by defining such a propagation hierarchy in the configuration
files. This is an enhanced feature that was not available in the earlier
version of the Kerberos Server.
Scalability
This version of the Kerberos Server is highly scalable, and has been
tested to support up to 2,000,000 (two million) users in the database.
Also, it supports simultaneous requests from multiple clients and
ensures that these queries are not lost even when the system is heavily
loaded.
Windows 2000
(R)
Interoperability
To enable the user to work in a mixed platform environment, this version
of the Kerberos Server is interoperable with the Windows 2000 Server
(R)
and client. A Kerberos Server in the Windows 2000
(R)
environment can
talk to the HP-UX Kerberos server, for cross-realm authentication.