Manualshelf

Kerberos Server Version 3.1.2 Release Notes (5900-1856, July 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Kerberos Data Security Software
12345678910
should be aware of. Proper protection of this authentication information is a critical aspect of
enabling the best security that can be provided.
Scalability
One of the primary benefits of the Kerberos Server is that it is highly customizable and offers
the following advantages:
Multiple secondary security servers that enable load balancing with automatic incremental
propagation, without any performance degradation. This feature is disabled if
NOTE: You opt for LDAP as the backend database.
Realms that can be organized according to types of users or services
Multithreading
Services the user requests in the Key Distribution Center. This enhances the performance of
the Kerberos Server.
High Availability
This mechanism has been provided in this version of the Kerberos Server, by having the parent
process always monitor the server daemon. If the server daemon dies or crashes, the parent
process will automatically spawn a new server daemon.
Dynamic Propagation
Automatically propagates incremental changes from the Primary server to the associated
Secondary servers, thus synchronizing both the Primary and the Secondary servers.
NOTE: Propagation is disabled if you select LDAP as your backend database. Check with
your LDAP administrator, for more information about propagation of information on the LDAP
Server.
3DES Encryption
Provides 3DES encryption type for secret key technology. 3DES is a much stronger encryption
type than the 56 bit DES encryption algorithm. You can configure your server to be either DES
or 3DES.
NOTE: DES, is still used as the default encryption key type, for backward compatibility.
Windows 2000 interoperability
Enables cross realm authentication with Windows 2000 servers, to allow you to work in a
mixed platform environment.
Pre-threaded Concurrent Server
A pool of threads is available to simultaneously service multiple client requests in the key
distribution center, for enhanced system performance.
C-Tree database
You can configure your Kerberos Server with a C-Tree database as the backend database.
This database uses B+ Tree algorithm.
LDAP database
You can, optionally, configure your Kerberos Server with LDAP as the backend database.
By integrating the Kerberos principals with the corresponding users in the LDAP directory, you
store data for mechanisms, such as UNIX and Kerberos in a common repository. Also, you
can secure user credentials by mandating users to use LDAP credentials.
Kerberos Server version 3.1.2 benefits and features 5