Kerberos Server Version 3.1 Release Notes
HP Kerberos Server v3.1 Release Notes
Kerberos Server Version 3.1 Benefits and Features
Chapter 110
Local Administrator on the primary security server:
/opt/krb5/admin/kadminl_ui
Remote Administrator on secondary security servers and clients:
/opt/krb5/bin/kadmin_ui
NOTE You must add the first administrative principal using the Local
Administrator, kadminl or kadminl_ui, located on the primary server
before you can use the Remote Administrator, kadmin or kadmin_ui from a
secondary server or client.
You do not need to log in to the Local Administrator. Any user with root access to the
primary security server can run the Local Administrator.
To log in to the Remote Administrator, you must use a principal account that has an entry
in the admin_acl_file. For complete access to all the functions, use an unrestricted
administrative principal account, one with * permissions in the admin_acl_file. At a
minimum, this account must have inquire privileges.
For more information on Kerberos Server Version 3.1 features and functionality, refer to
the Kerberos Server Version 3.1 Administrator’s Guide (T1417-90009).
Migrating from Previous Kerberos Server Versions to Kerberos
Server v3.1
If you want to use the Kerberos server with LDAP as the backend database, migrate your
existing Kerberos server to Kerberos server v3.0.
Use the krb_2_ldap utility to migrate information of the previous version of the Kerberos
server to the LDAP database. The krb_2_ldap utility performs the following tasks, while
migrating information:
• Converts each entry of the version 2.0 or 3.0 dumpfile to ldif file entry. The new entries
are dumped into an LDIF file.
• Logs any log messages or errors and displays it in stdout format.
Complete the following steps to migrate from Kerberos server v3.0 to v3.1:
Step 1. Dump the database on the v3.0 server.
On the Kerberos server v3.0, dump the database with the default dump version.
The dump file must contain the default header, “kdb5_util load_dump version
5.0”.