Kerberos Server Version 3.1 Release Notes
HP Kerberos Server v3.1 Release Notes
Kerberos Server Version 3.1 Benefits and Features
Chapter 1 9
By integrating the Kerberos principals with the corresponding users in the LDAP
directory, you store data for mechanisms, such as UNIX and Kerberos in a common
repository. Also, you can secure user credentials by mandating users to use LDAP
credentials.
Kerberos server v3.1 is compatible with Netscape Directory server version 6.0 (J4258CA)
and later releases.
• HP Kerberos Administrator
The HP Kerberos Administrator is a GUI that you can use to administer the principal
database.
Use the Administrator to:
— Create and associate a principal with an LDAP DN
— Delete principals
NOTE When a Kerberos principal is deleted only the associated Kerberos
attributes are deleted. The LDAP object is not deleted. The system
administrator must manually delete this LDAP object.
— Alter principal account settings
— Assign administrative permissions
— Modify the default group principals
— Extract principals to service key table files
— Reset password of principals
Following are the different versions of the Administrator:
— kadminl_ui - local administrator
— kadmin_ui - remote administrator
This mechanism has been provided in this version of the Kerberos Server, by having the
parent process always monitor the server daemon. If the server daemon dies or crashes,
the parent process will automatically spawn a new server daemon.
The local administrator, kadminl_ui, is available only on the primary server.
The remote administrator, kadmin_ui, can be installed on secondary security servers and
clients to permit remote administration of the principal database.
Location