Kerberos Server Version 3.2.2 Release Notes (5900-1855, July 2011)
Table 1 Versions of Administrator and their Locations (continued)
Absolute Path NameLocal or Remote?Administrator Name
/opt/krb5/bin/kadmin_uiRemote administrator can be installed on secondary
security servers and clients to permit remote
kadmin_ui
administration of the principal database. This is a
GUI-based administrator.
/opt/krb5/bin/kadminRemote administrator can be installed on secondary
security servers and clients to permit remote
kadmin
administration of the principal database. This is a
command- line based administrator.
Points to consider while using the administrator
Consider the following points while using the Kerberos Administrator:
• You must add the first administrative principal using the Local Administrator, kadminl or
kadminl_ui, located on the primary server before you can use the Remote Administrator,
kadmin or kadmin_ui from a secondary server or client.
• You do not need to log in to the Local Administrator. Any user with root access to the primary
security server can run the Local Administrator.
• To log in to the Remote Administrator, you must use a principal account that has an entry in
the admin_acl_file. For complete access to all the functions, use an unrestricted
administrative principal account, one with * permissions in the admin_acl_file. At a
minimum, this account must have inquire privileges.
For more information on Kerberos Server Version 3.2.2 features and functionality, see Kerberos
Server Version 3.2.1 Administrator’s Guide (5992-5338) at:
http://www.hp.com/go/hpux-security-docs
Migrating from previous Kerberos Server versions to Kerberos Server v3.2.2
Following are the migration paths that you can follow to migrate your Kerberos database formats
to v3.2.2:
• Kerberos database format v1.0->v3.0->v3.12->v3.2.2
• Kerberos database format v2.0->v3.0->v3.12->v3.2.2
Use the krb_2_ldap utility to migrate information of the previous version of the Kerberos server
to the LDAP database. The krb_2_ldap utility performs the following tasks, while migrating
information:
• Converts each entry of the dumpfile to ldif file entry. The new entries are dumped into an
LDIF file.
• Logs any log messages or errors and displays it in stdout format.
For more information on detailed migration procedures, see Kerberos Server Version 3.2.1
Administrator’s Guide (5992-5338) at:
http://www.hp.com/go/hpux-security-docs
Kerberos Server version 3.2.2 benefits and features 7