HP-UX 11i December 2004 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU

131

132

133

134

135

136

137

138

139

140

Table Of Contents

HP-UX 11i Version 1 Operating Environment Applications

HP-UX 11i v1 Foundation Operating Environment

Chapter 6

134

Documentation

For more information see the following:

• Perl Programming, Third Edition, by Larry Wall, Tom Christiansen, and Jon

Orwant. O’Reilly and Associates, Inc. USBN 0-596-00027-8

•the perl (1) manpage (points you to related perl manpages)

•the /opt/perl/bin/perldoc file

For further information, see the following URLs:

http://www.perl.org

www.activestate.com

http://learn.perl.org

Pluggable Authentication Module (PAM) Kerberos

Pluggable Authentication Module (PAM) Kerberos version 11i is a service for

authenticating users or services across an open network. HP-UX 11i provides Kerberos

authentication through a Kerberos-Client product which is a part of the HP-UX base

operating system. Kerberos, the primary authentication mechanism for Windows 2000,

is integrated with Active Directory Service to provide enterprise-wide account

management. This necessitates the implementation of the Kerberos authentication

mechanism on HP-UX as a Pluggable Authentication Module.

Pluggable Authentication Module (PAM) [OSF RFC 86.0] is the standard framework,

and is easily configurable to support multiple authentication technologies on HP-UX.

PAM Kerberos provides the PAM mechanism using Kerberos.

The PAM service module was implemented as a shared library, libpam_krb5.1. This

library is built by linking with libkrb5.sl, and is therefore not dependent on the

libsys.sl library.

The HP-UX 11i implementation of Kerberos version 5 protocol provides enterprise-wide

strong user authentication. Using encryption during the user authentication process,

Kerberos infrastructure provides privacy and integrity of user login information since

passwords are no longer communicated in clear text over the network.

HP-UX system entry services can work with any Kerberos v5 Server, namely, MIT

Kerberos and Microsoft Windows 2000. Thus, passwords can be effectively unified in an

Intranet with heterogeneous systems such as UNIX and Microsoft Windows 2000.

Furthermore, support of password change protocol has been implemented. These two

features can significantly reduce user administration complexity in a heterogeneous

environment.

The HP-UX applications using PAM include telnet, login, remsh, ftp, rexec, rlogin,

dtlogin, and rcp. PAM Kerberos interoperates with a Key Distribution Center (KDC)

operating on either a UNIX or a Microsoft Windows 2000 server.

The PAM Kerberos module is compliant with IETF RFC 1510 and Open Group RFC

86.0. PAM Kerberos is also available under the product number J5849AA on the

Applications Software CD. This product provides a libpam_krb5.1 library, a pam_krb5

(1) manpage, and a release note document.