Manualshelf

Kerberos Release Notes 11311

ManualsBrandsHP ManualsSoftwareHP-UX Kerberos Data Security Software
12345678910
NOTE: DES, is still used as the default encryption key type, for backward compatibility.
Windows 2000 interoperability
Enables cross realm authentication with Windows 2000 servers, to allow you to work in a
mixed platform environment.
Pre-threaded Concurrent Server
A pool of threads is available to simultaneously service multiple client requests in the key
distribution center, for enhanced system performance.
C-Tree database
You can configure your Kerberos Server with a C-Tree database as the backend database.
This database uses B+ Tree algorithm.
LDAP database
You can, optionally, configure your Kerberos Server with LDAP as the backend database.
By integrating the Kerberos principals with the corresponding users in the LDAP directory,
you store data for mechanisms, such as UNIX and Kerberos in a common repository. Also,
you can secure user credentials by mandating users to use LDAP credentials.
Kerberos server v3.2.1 is compatible with Netscape Directory server version 6.0 (J4258CA)
and later releases.
HP Kerberos Administrator
Use the Administrator to:
— Create and associate a principal with an LDAP DN
— Delete principals
NOTE: When a Kerberos principal is deleted only the associated Kerberos attributes are
deleted. The LDAP object is not deleted. The system administrator must manually delete
this LDAP object.
— Alter principal account settings
— Assign administrative permissions
— Modify the default group principals
— Extract principals to service key table files
— Reset password of principals
IPv6
Starting with Kerberos Server v3.2.1 release, IPv6 addresses are supported. The Kerberos
Server now runs independent of IPv4, IPv6, or a dual stack node.
The Kerberos Server authenticates client requests received from IPv4 or IPv6 network.
All the Kerberos Server components such as, kadmind, kpropd, kdcd, kadmin, and
kadmin_ui work in the IPv6 environment similar to how they work in the IPv4 environment.
The Kerberos Server creates the ticket properly with IPv6 addresses.
The following daemons and utilities are updated to support IPv6 addresses:
kdcd
kadmind
kpropd
kadmin or kadmin_ui
8 Announcement