HP-UX 11i December 2004 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU

131

132

133

134

135

136

137

138

139

140

Table Of Contents

HP-UX 11i Version 1 Operating Environment Applications

HP-UX 11i v1 Foundation Operating Environment

Chapter 6

135

updated for

September 2002

Now included with PAM Kerberos is the pamkrb5val tool, which will help

administrators validate the PAM Kerberos setup. The tool validates the following files

for PAM Kerberos-related entries:

• /etc/pam.conf

• /etc/pam_user.conf

• /etc/krb5.conf

• /etc/krb5.keytab

Also included is a sample pam.conf file.

Installation Requirements

The minimum disk space required to install the product is 1MB. Additional disk space of

about 1KB per user in the system /tmp file is required to store initial Ticket Granting

Tickets in the credential cache file.

Impact

HP-UX PAM Kerberos is implemented under the PAM framework, which allows the new

authentication service module to be plugged in and made available without modifying

the application or rebooting the system.

PAM Kerberos works on HP servers and workstations with a minimum of 32MB of

memory and sufficient swap space (a minimum of 50MB is recommended).

NOTE PAM Kerberos is not thread safe.

Coexistence Issues

PAM Kerberos (libpam_krb5.1) and PAM DCE (libpam_dce.1) plug-in modules can not

be stacked together in the pam.conf file because of different principal styles and

credential file paths. If so stacked, the results will be unpredictable.

If the password has expired on a Microsoft Windows 2000 KDC, you will not be asked for

a new password and will not be allowed to log in. When changing passwords on a MIT

KDC with a version prior to 1.1, up to 45 seconds may elapse before the password is

actually changed due to the selection mechanism of the change password protocol.

Documentation

The following documentation is available:

• The newly created manpage for pam_kerberos is available at

/usr/share/man/man5.Z/pam_krb5.5.

• New for September 2002 is the manpage for pamkrbval.

• The white paper, Network Security Features of HP-UX 11i, is available at

http://www.unix.hp.com/operating/hpux11i/infolibrary/.

•The PAM Kerberos Release Notes for HP-UX 11i is available at

http://docs.hp.com.