HP-UX 11i December 2006 Release Notes
Security
PAM Kerberos
Chapter 8
150
PAM Kerberos
Pluggable Authentication Module (PAM) is an easily configurable framework that
provides support for multiple authentication technologies on HP-UX. PAM Kerberos
v1.24 is the PAM module that provides support for Kerberos authentication protocol as
specified in Open group RFC 86.0. PAM allows multiple authentication technologies to
co-exist.
Summary of Change
Although PAM Kerberos has been previously delivered on the Application Release
media, this is the first time the product is being delivered on the Operating
Environments media for HP-UX 11i v1.
Following enhancements have been added to this release of PAM Kerberos:
•The pamkrbval tool checks the ownership of the rc_host_0 file when a user tries to
rlogin into a system. If rc_host_0 is owned by anyone other than root, a warning is
issued.
•The pamkrbval tool now issues a warning message if the keytable entry is not found
for the host service principal. Earlier, the pamkrbval tool used to successfully
execute without giving a warning, giving the impression that the setup is correct,
even though in most cases the host principal will have to be working.
• PAM Kerberos provides an appropriate message when user’s ADC account is locked
or has expired.
• PAM Kerberos delivers the 64 bit /usr/lib/security/pa20_64/libpam_krb5.1
library to provide Kerberos authentication to the 64-bit PAM applications running
on HP-UX 11i v1.
Some defects have also been fixed in this release of PAM Kerberos. For more information
on new features and defect fixes, see PAM Kerberos v1.24 Release Notes available on
http://docs.hp.com.
Impact
There are no known impacts other than those previously described.
Compatibility
There are no known compatibility issues.
Performance
There are no known performance issues.
Documentation
•Manpages:
— pamkrbval (1M)