Configuration Guide for Kerberos Client Products on HP-UX 11.0 | HP-UX 11i v1 | HP-UX 11i v1.6 | HP-UX 11i v2
Introduction to the Kerberos Products and GSS-API
HP’s Kerberos Server Version 2.0
Chapter 260
C-Tree database
The Kerberos server maintains the complete information of all the
principals with their keys in a database in the machine on which the
Kerberos server is run. C-Tree database is used as the backend database,
which is based on the B+ Tree algorithm. This database is faster when
compared to the DBM-based database that was used in the earlier
version of the Kerberos Server. Besides, the C-Tree database has a
built-in support for multiple threads, which helps the multithreaded
server.
Migration tool - kdb_migrate
The format of the Kerberos server version 1.0 database and version 2.0
are incompatible. To help customers migrate from version 1.0 to the new
version, a migration tool, /opt/krb5/admin/kdb_migrate is now
available.
This tool will help migrate the version 1.0 Kerberos database to version
2.0 Kerberos database. However, this tool will not migrate the policy
information, the ACL information and the configuration files. These will
have to be manually migrated. Also, this tool will migrate a maximum of
two types of keys per principal.
Auto-Configuration Tool
An automated tool named, krbsetup, has been provided to
auto-configure your Kerberos Server. Using this tool, you can configure;
un-configure; start and stop the kdcd and the kadmind daemons. This
tool is installed at the following directory:
/opt/krb5/sbin
This tool will automaticallycreate yourconfiguration files, krb.conf and
krb.realms, kpropd.ini files and places them in the /opt/krb5
directory. The sections in the configuration files will be set to its default
values. If you want to customize these sections, you will have to
manually edit the configuration files and restart the kdcd and kadmind
daemons using this tool.
Using this tool, you can also configure your Secondary Security Servers.