Kerberos Server Version 3.2.
Legal Notices © Copyright 2003-2010 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor’s standard commercial license. The information contained herein is subject to change without notice.
Table of Contents 1 Announcement................................................................................................................5 What's in This Version............................................................................................................................6 Supported Encryption Types.............................................................................................................6 Kerberos Server Version 3.2.1 Benefits and Features..............................
List of Tables 1-1 4 Versions of Administrator and their Locations...............................................................................
1 Announcement HP Kerberos Server v3.2.1 is based on the client-server architecture. It ensures secure communication in a networked environment by leveraging individual trust relationships. It then brokers this trust across enterprise-wide distributed client-server networks. The communication between client and server is secured using the Kerberos protocol. HP Kerberos Server allows entities to authenticate themselves, without having to transmit their passwords in clear text form, over the network.
What's in This Version Starting with the Kerberos Server v3.2.1 release, IPv6 addresses are supported. Internet Services protocols are now compliant with Kerberos Server in an IPv6 environment.
Kerberos Server Version 3.2.1 Benefits and Features The Kerberos Server is primarily a centralized network authentication system providing security solutions to geographically dispersed organizations. Following are some of the key features in Kerberos Server v3.2.1: • Strong Authentication Using the Kerberos Server, you can be assured that users, who logon to your network are who they claim to be, to access the services, databases and applications on your client-server network.
NOTE: • DES, is still used as the default encryption key type, for backward compatibility. Windows 2000 interoperability Enables cross realm authentication with Windows 2000 servers, to allow you to work in a mixed platform environment. • Pre-threaded Concurrent Server A pool of threads is available to simultaneously service multiple client requests in the key distribution center, for enhanced system performance.
The following libraries are updated to support IPv6 addresses: • • • • • libk5.sl — core library that includes all core networking functions. It includes wrappers written for standard networking functions, such as, gethostbyname, getservbyport, gethostbyaddr, and getservbyname. libk5srv.sl — library that includes database accessing function for administration. libkadm.sl — library that implements parsing of kadmin request. libkpwd.sl — library that handles change passwd request. libkpropd.
Use the krb_2_ldap utility to migrate information of the previous version of the Kerberos server to the LDAP database. The krb_2_ldap utility performs the following tasks, while migrating information: • • Converts each entry of the dumpfile to ldif file entry. The new entries are dumped into an LDIF file. Logs any log messages or errors and displays it in stdout format. For more information on detailed migration procedures, see Kerberos Server Version 3.2.
Defect Fixes The following defect is fixed in Kerberos Client Version 3.2.1: • QXCR1000885313 Symptom HP-UX Kerberos Sever and HP-UX Kerberos Client cannot communicate using DES3 encryption standard. Defect description HP-UX Kerberos Sever and HP-UX Kerberos Client does not support a common DES3 encryption algorithm. Resolution HP-UX Kerberos Sever is fixed to support the encryption type DES3-CBC-RAW, which is also supported by the HP-UX Kerberos Client.
Known Problems and Workarounds • Problem If the hpKrbPrincipal attribute is not indexed, the performance of the Kerberos server may degrade. Workaround Index the LDAP database with the Principal names. • Problem If the connection to the LDAP server is terminated the Kerberos server may fail to respond to client requests. Workaround Restart the Kerberos server. • Problem The kpasswd command is not supported in the IPv6 environment. Workaround No workaround is available.
Compatibility Information and Installation Requirements Installation Requirements Before you install the server, it is recommended that you: • • • • • Ensure that you have the HP-UX 11i v3 operating system installed on your system. You can check the version of the HP-UX operating system by using the uname -r command. Ensure that the Kerberos Server is installed on a system that is physically secure and has restricted access to it.
4. 5. 6. 7. Highlight KerberosSvr in the Software Selection dialog box. Select Mark For Install from the Actions menu to install all filesets in the bundle. When you have marked the product components you want to install, select ‘Install (analysis)’ from the ‘Actions’ menu. When you have successfully completed the analysis, click OK from the Analysis dialog box to load the Kerberos Server filesets. The swinstall utility loads the filesets. Estimated installation time is five minutes.
Software Availability in Native Languages There is no information in non-English languages for this version of Kerberos server v3.2.1.
