Kerberos Server Version 3.0 Release Notes
HP’s Kerberos Server V 3.0 Release Notes
What’s in This Version
Chapter 1 7
What’s in This Version
The following new features are added in Kerberos Server Version 3.0:
• In Kerberos Server Version 2.x, the password policy was based on the instance name to
which the principal was belonging to. Starting from Kerberos Server Version 3.0, the
password policy is not based on the instance name but is based on the policy to which the
principal is subscribed to. This provides the flexibility for a principal to subscribe to any
policy in the /opt/krb5/password.policy file.
However, the reserved service principals, which are automatically created when a new
realm is created, subscribe to a fixed policy. HP recommends not to change the policies for
these reserved service principals. Following are the reserved service principals:
— K/M
— default
— kadmin/<realm_name>
— kadmin/chagepw
— kcpwd/<realm_name>
— krbtgt/<realm_name>
• From Kerberos Server 3.0, you cannot subscribe a principal to a NULL policy. If you do
not specify a password policy name for a principal, the default policy name is applied.
• Starting from this version, kernel threads are used for multithreading which is used to
service user requests in the KDC.
• Kerberos Server Version 2.0 is not compatible with the Kerberos Server Version 3.0
administrative tool, kadmin and Kerberos Server Version 3.0 is not compatible with the
Kerberos Server Version 2.0 administrative tool, kadmin.
• A context sensitive online help is available with the Kerberos Server administrative tools
kadminl_ui and kadmin_ui.