System administrators can improve system security by using Kerberos V5 authentication, privacy, and integrity. NFS is an example of an application that is secured with Kerberos V5.
The following list highlights the new features of Kerberos V5.
Kerberos V5 Server – The server includes the following components:
Principal (user) administration system – Includes a centralized server for local and remote administration of principals and security policies. The system includes both a GUI and a CLI administration tool.
Key Distribution Center (KDC) – Uses the principal database information that was created by the administration server. Issues tickets for clients.
Principal database replication system – Duplicates the KDC database to a backup server.
MIT and Microsoft Windows 2000 password change interoperability – Kerberos V5 passwords can now be changed from a Solaris client to an MIT Kerberos server and Microsoft Windows 2000.
Tuned DES – Kerberos V5 kernel DES operations have been optimized for the Sun4u architecture.
Kerberos-encrypted communications now supported with the Solaris core – An encryption module that supports Kerberos encrypted-communications is available in the Solaris 9 operating environment. Previously, an encryption module was available only on the Solaris Encryption Kit CD-ROM or through a web download.
Addressless tickets – System administrators and users can now specify addressless tickets. This ability can be necessary in multihomed and NAT network environments.
Kerberos V5 PAM module supports password aging – The pam_krb5 module supports password aging that is set in the KDC for each user principal.
For further information, see “Administering the Kerberos Database” in System Administration Guide: Security Services.