Configuration Guide for Kerberos Client Products on HP-UX
Introduction to the Kerberos Products and GSS-API
HP Kerberos Server
Chapter 2 65
Kerberos server v3.12 supersedes the earlier MIT based Kerberos server
(version 1.0), on HP-UX 11i. This version of the Kerberos server offers
many enhancements when compared to the previous version.
For information on previous Kerberos Server versions, see the Release
Notes at www.docs.hp.com/en/internet.html#Kerberos
.
Graphical User Interface (GUI) Based Administration tool
Use the GUI to create and manage principals in the Kerberos Realms.
This includes both the remote administrator, kadmin_ui, and the local
administrator, kadminl_ui. Following are the functions you can perform
using the GUI:
• create, modify and delete principals
• alter principal account key type settings
• assign administrative permissions
• modify the default group principals
• extract keys of principals to service key table files
• change the principal’s password
• add a new realm or delete existing realms
Multithreaded Server
Kerberos server version 3.12 is a pre-threaded concurrent server. This
feature enables the server to service multiple user requests in the KDC,
thus enhancing the performance of the server. The server uses kernel
space threads.
High Availability
The Kerberos server daemon (kdcd) is constantly monitored by a parent
process. If the child process dies or crashes, the parent process
automatically spawns a new server daemon. This provides for high
availability in the case of mission critical applications.
In addition, it allows for multiple secondary security servers to be
configured. The secondary security server services authentication
requests, once it has been configured to authenticate and receive
information propagated from the primary security server. This enables
load balancing for the primary server, with automatic incremental
propagation, without any performance degradation.