HP-UX 11i June 2002 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU

231

232

233

234

235

236

237

238

239

240

Security

Kerberos Client Software

Chapter 13

233

Kerberos Client Software

new at 11i

original release

Kerberos is a network authentication protocol. Kerberos Client Software, now provided

with HP-UX 11i, enables integrating HP-UX into a secure enterprise environment. It

provides tools and libraries to perform authentication and secure communication.

The Kerberos protocol is designed to provide strong authentication for client/server

applications by using secret-key cryptography. It uses strong cryptography so that a

client can prove its identity to a server and vice versa across an insecure network

connection. After the client and the server have established their identities, they can

also encrypt all of their communications to assure privacy and data integrity.

Kerberos Client Software is based on MIT Kerberos V5 1.1.1. It consists of libraries,

header files, manpages, and Kerberos utilities which help in performing command line

or programmatic authentication. Data encryption APIs can be used to protect data

transmitted over the Internet. Kerberos Client Software supports both 32- and 64-bit

development. The 64-bit libraries are placed in the /usr/lib/pa20_64 directory.

Libraries

The following libraries are included:

• /usr/lib/libkrb5.sl, /usr/lib/pa20_64/libkrb5.sl:

All of the Kerberos APIs are implemented by this library. This library implements

APIs for authentication, verifying tickets, creating authenticator, context

management, etc. For more information see libkrb5 (3).

• /usr/lib/libcom_err.sl, /usr/lib/pa20_64/libcom_err.sl:

This library implements com_err APIs. The com_err() functions print appropriate

error messages to the stderr based on the error code returned by Kerberos APIs. For

more information see libkrb5 (3).

• /usr/libk5crypto.sl, /usr/lib/pa20_64/libk5crypto.sl:

This library provides APIs for encryption and decryption. Internally, it uses DES

(Data Encryption Standard). Currently, it supports 56-bit DES and is used by the

Kerberos APIs. For more information see libkrb5 (3).

• /usr/lib/gss/libgssapi_krb5.sl, /usr/lib/pa20_64/gss/libgssapi_krb5.sl:

This contains the Kerberos support for GSS API as per RFC 2743/2744. This library

is used by /usr/lib/libgss.sl, which is part of the GSS API product. For more

information, see libgss (4) and gssapi (5) and the previous section.

Header Files

• /usr/include/krb5.h

• /usr/include/profile.h

• /usr/include/com_err.h

Utilities

• /usr/bin/kinit: obtain and cache the Kerberos ticket-granting ticket. See kinit (1).