Manualshelf

HP-UX 11i June 2001 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU
81828384858687888990
HP-UX 11i Operating Environment Applications
HP-UX 11i Operating Environment (new at 11i original release)
Chapter 482
Pluggable Authentication Modules (PAM) [OSF RFC 86] is the standard
authentication mechanism which is easily configurable to support
multiple authentication technologies on HP-UX.
PAM Kerberos provides the PAM mechanism and encryption support.
The PAM service modules were implemented as a shared library,
libpam_krb5.1. This library is built by linking with libkrb5.1, and is
therefore not dependent on the libsys.sl library.
The HP-UX 11i implementation of Kerberos Version 5 protocol provides
enterprise-wide strong user authentication. Using encryption during the
user authentication process, Kerberos infrastructure provides privacy
and integrity of user login information since passwords are no longer
communicated in clear text over the network.
HP-UX system entry services can work with any Kerberos V5 Server,
namely, MIT Kerberos and Microsoft Windows 2000. Thus, passwords
can be effectively unified in an Intranet with heterogeneous systems
such as UNIX and Microsoft Windows 2000. Furthermore, support of
password change protocol automates propagation of password changes.
These two features can significantly reduce user administration
complexity in a heterogeneous environment.
The HP-UX applications using PAM include telnet, login, remsh, ftp,
rexec, rlogin, dtlogin, and rcp. PAM Kerberos interoperates with a
Key Distribution Center (KDC) operating on either a UNIX or a
Microsoft Windows 2000 server.
The PAM Kerberos module is compliant with IETF RFC 1510 and Open
Group RFC 86. PAM Kerberos is also available under the product
number J5849AA on the Applications Software CD. This product
provides a libpam_krb5.1 library, a pam_krb5 (1) manpage and a
release note document.
Installation Requirements
The minimum disk space required to install the product is 1MB.
Additional disk space of about 1KB per user in the system /tmp file is
required to store initial Ticket Granting Ticket in the credential cache
file.
Impact
HP-UX PAM Kerberos is implemented under the PAM framework that
allows new authentication service modules to be plugged in and made