Manualshelf

Configuration Guide for Kerberos Client Products on HP-UX

ManualsBrandsHP ManualsSoftwareHP-UX Kerberos Data Security Software
61626364656667686970
Introduction to the Kerberos Products and GSS-API
HP Kerberos Server
Chapter 266
The secondary security server also provides redundancy against a single
point of failure. The Kerberos Server also allows administrators to
organize realms according to the types of users or services.
Dynamic Propagation
In Kerberos server version 1.0, the entire database had to be periodically
dumped and propagated. This resulted in heavy network traffic and thus
reduced performance.
It is important that secondary servers are configured to act as
authentication servers. This allows the primary server to be available for
tasks other than authentication. When a secondary server is configured,
both the servers must be synchronized with each other. If entries are
updated on the primary server, they must be updated on the secondary
server as well. The databases on the primary and the secondary servers
are synchronized by a mechanism called propagation. The kpropd
daemon running on the primary server ensures that the data is
synchronized with the other secondary server.
Kerberos Server version 3.12 also supports hierarchical propagation. The
primary server need not propagate the database to all the secondary
servers in the realm, except for a designated secondary server. This
designated secondary server will then propagate the database to the
other secondary servers available in the realm. This is possible by
defining such a propagation hierarchy in the configuration files.
Scalability
This version of the Kerberos Server is highly scalable, and has been
tested to support up to 2,000,000 (two million) users in the database. In
addition, it supports simultaneous requests from multiple clients and
ensures that these queries are not lost even when the system is heavily
loaded.
Windows 2000
(R)
Interoperability
To enable the user to work in a mixed platform environment, this version
of the Kerberos Server is interoperable with the Windows 2000 Server
(R)
and client. A Kerberos Server in the Windows 2000
(R)
environment can
talk to the HP-UX Kerberos server, for cross-realm authentication.