Introduction to the Kerberos Products and
HP Kerberos Server
The secondary security server also provides redundancy against a single point of failure. The Kerberos Server also allows administrators to organize realms according to the types of users or services.
Dynamic Propagation
In Kerberos server version 1.0, the entire database had to be periodically dumped and propagated. This resulted in heavy network traffic and thus reduced performance.
It is important that secondary servers are configured to act as authentication servers. This allows the primary server to be available for tasks other than authentication. When a secondary server is configured, both the servers must be synchronized with each other. If entries are updated on the primary server, they must be updated on the secondary server as well. The databases on the primary and the secondary servers are synchronized by a mechanism called ‘propagation’. The kpropd daemon running on the primary server ensures that the data is synchronized with the other secondary server.
Kerberos Server version 3.12 also supports hierarchical propagation. The primary server need not propagate the database to all the secondary servers in the realm, except for a designated secondary server. This designated secondary server will then propagate the database to the other secondary servers available in the realm. This is possible by defining such a propagation hierarchy in the configuration files.
Scalability
This version of the Kerberos Server is highly scalable, and has been tested to support up to 2,000,000 (two million) users in the database. In addition, it supports simultaneous requests from multiple clients and ensures that these queries are not lost even when the system is heavily loaded.
Windows 2000(R) Interoperability
To enable the user to work in a mixed platform environment, this version of the Kerberos Server is interoperable with the Windows 2000 Server(R)
and client. A Kerberos Server in the Windows 2000(R) environment can talk to the
66 | Chapter 2 |