Manualshelf

Kerberos Server Version 3.1.2 Release Notes (5900-1856, July 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Kerberos Data Security Software
12345678910
Kerberos server v3.1.2 is compatible with Netscape Directory server version 6.0 (J4258CA)
and later releases.
HP Kerberos Administrator
The HP Kerberos Administrator is a GUI that you can use to administer the principal database.
Use the Administrator to:
Create and associate a principal with an LDAP DN
Delete principals
NOTE: When a Kerberos principal is deleted only the associated Kerberos attributes
are deleted. The LDAP object is not deleted. The system administrator must manually
delete this LDAP object.
Alter principal account settings
Assign administrative permissions
Modify the default group principals
Extract principals to service key table files
Reset password of principals
Following are the different versions of the Administrator:
kadminl_ui - local administrator
kadmin_ui - remote administrator
This mechanism has been provided in this version of the Kerberos Server, by having the parent
process always monitor the server daemon. If the server daemon dies or crashes, the parent
process will automatically spawn a new server daemon.
The local administrator, kadminl_ui, is available only on the primary server.
The remote administrator, kadmin_ui, can be installed on secondary security servers and
clients to permit remote administration of the principal database.
Location
Local Administrator on the primary security server:
/opt/krb5/admin/kadminl_ui
Remote Administrator on secondary security servers and clients:
/opt/krb5/bin/kadmin_ui
NOTE: You must add the first administrative principal using the Local Administrator, kadminl
or kadminl_ui, located on the primary server before you can use the Remote Administrator,
kadmin or kadmin_ui from a secondary server or client.
You do not need to log in to the Local Administrator. Any user with root access to the primary
security server can run the Local Administrator.
To log in to the Remote Administrator, you must use a principal account that has an entry in
the admin_acl_file. For complete access to all the functions, use an unrestricted
administrative principal account, one with * permissions in the admin_acl_file. At a
minimum, this account must have inquire privileges.
For more information on Kerberos Server Version 3.1.2 features and functionality, see Kerberos
Server Version 3.1.1 Administrator’s Guide (T1417-90009) at:
http://www.hp.com/go/hpux-security-docs
6 HP Kerberos Server v3.1.2 Release Notes