Introduction to the Kerberos Products and GSS-API

HP Kerberos Server

Kerberos server v3.12 supersedes the earlier MIT based Kerberos server (version 1.0), on HP-UX 11i. This version of the Kerberos server offers many enhancements when compared to the previous version.

For information on previous Kerberos Server versions, see the Release Notes at www.docs.hp.com/en/internet.html#Kerberos.

Graphical User Interface (GUI) Based Administration tool

Use the GUI to create and manage principals in the Kerberos Realms. This includes both the remote administrator, kadmin_ui, and the local administrator, kadminl_ui. Following are the functions you can perform using the GUI:

create, modify and delete principals

alter principal account key type settings

assign administrative permissions

modify the default group principals

extract keys of principals to service key table files

change the principal’s password

add a new realm or delete existing realms

Multithreaded Server

Kerberos server version 3.12 is a pre-threaded concurrent server. This feature enables the server to service multiple user requests in the KDC, thus enhancing the performance of the server. The server uses kernel space threads.

High Availability

The Kerberos server daemon (kdcd) is constantly monitored by a parent process. If the child process dies or crashes, the parent process automatically spawns a new server daemon. This provides for high availability in the case of mission critical applications.

In addition, it allows for multiple secondary security servers to be configured. The secondary security server services authentication requests, once it has been configured to authenticate and receive information propagated from the primary security server. This enables load balancing for the primary server, with automatic incremental propagation, without any performance degradation.

Chapter 2

65