Kerberos Release Notes 11311

ManualsBrandsHP ManualsSoftwareHP-UX Kerberos Data Security Software

The following libraries are updated to support IPv6 addresses:

• libk5.sl — core library that includes all core networking functions. It includes wrappers

written for standard networking functions, such as, gethostbyname, getservbyport,

gethostbyaddr, and getservbyname.

• libk5srv.sl — library that includes database accessing function for administration.

• libkadm.sl — library that implements parsing of kadmin request.

• libkpwd.sl — library that handles change passwd request.

• libkpropd.sl — library that handles incoming propagation data.

Table 1-1 lists the different versions of the Administrator and their locations.

Table 1-1 Versions of Administrator and their Locations

Absolute Path NameLocal or Remote?Administrator Name

/opt/krb5/admin/kadminl_ui

Local administrator available only on the primary

server- GUI based administrator

kadminl_ui

/opt/krb5/admin/kadminl

Local administrator available only on the primary

server- Command-line based administrator

kadminl

/opt/krb5/bin/kadmin_ui

Remote administrator can be installed on

secondary security servers and clients to permit

remote administration of the principal database.

This is a GUI-based administrator.

kadmin_ui

/opt/krb5/bin/kadmin

Remote administrator can be installed on

secondary security servers and clients to permit

remote administration of the principal database.

This is a command- line based administrator.

kadmin

Points to Consider While Using the Administrator

Consider the following points while using the Kerberos Administrator:

• You must add the first administrative principal using the Local Administrator, kadminl or

kadminl_ui, located on the primary server before you can use the Remote Administrator,

kadmin or kadmin_ui from a secondary server or client.

• You do not need to log in to the Local Administrator. Any user with root access to the

primary security server can run the Local Administrator.

• To log in to the Remote Administrator, you must use a principal account that has an entry

in the admin_acl_file. For complete access to all the functions, use an unrestricted

administrative principal account, one with * permissions in the admin_acl_file. At a

minimum, this account must have inquire privileges.

For more information on Kerberos Server Version 3.2.1 features and functionality, see Kerberos

Server Version 3.2.1 Administrator’s Guide (5992-5338) at:

http://www.docs.hp.com/en/internet.html

Migrating from Previous Kerberos Server Versions to Kerberos Server v3.2.1

Following are the migration paths that you can follow to migrate your Kerberos database formats

to v3.2.1:

• Kerberos database format v1.0->v3.0->v3.12->v3.2.1

• Kerberos database format v2.0->v3.0->v3.12->v3.2.1

Kerberos Server Version 3.2.1 Benefits and Features 9