Manualshelf

HP-UX 11i March 2002 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU
71727374757677787980
HP-UX 11i Operating Environment Applications
HP-UX 11i Operating Environment
Chapter 4
76
operating system. Kerberos, the primary authentication mechanism for Windows 2000,
is integrated with Active Directory Service to provide enterprise-wide account
management. This necessitates the implementation of the Kerberos authentication
mechanism on HP-UX as a Pluggable Authentication Module.
Pluggable Authentication Modules (PAM) [OSF RFC 86] is the standard authentication
mechanism, and is easily configurable to support multiple authentication technologies
on HP-UX.
PAM Kerberos provides the PAM mechanism and encryption support.
The PAM service modules were implemented as a shared library, libpam_krb5.1. This
library is built by linking with libkrb5.1, and is therefore not dependent on the
libsys.sl library.
The HP-UX 11i implementation of Kerberos version 5 protocol provides enterprise-wide
strong user authentication. Using encryption during the user authentication process,
Kerberos infrastructure provides privacy and integrity of user login information since
passwords are no longer communicated in clear text over the network.
HP-UX system entry services can work with any Kerberos v5 Server, namely, MIT
Kerberos and Microsoft Windows 2000. Thus, passwords can be effectively unified in an
Intranet with heterogeneous systems such as UNIX and Microsoft Windows 2000.
Furthermore, support of password change protocol automates propagation of password
changes. These two features can significantly reduce user administration complexity in a
heterogeneous environment.
The HP-UX applications using PAM include telnet, login, remsh, ftp, rexec, rlogin,
dtlogin, and rcp. PAM Kerberos interoperates with a Key Distribution Center (KDC)
operating on either a UNIX or a Microsoft Windows 2000 server.
The PAM Kerberos module is compliant with IETF RFC 1510 and Open Group RFC 86.
PAM Kerberos is also available under the product number J5849AA on the Applications
Software CD. This product provides a libpam_krb5.1 library, a pam_krb5 (1) manpage,
and a release note document.
Installation Requirements
The minimum disk space required to install the product is 1MB. Additional disk space of
about 1KB per user in the system /tmp file is required to store initial Ticket Granting
Tickets in the credential cache file.
Impact
HP-UX PAM Kerberos is implemented under the PAM framework, which allows new
authentication service modules to be plugged in and made available without modifying
the application or rebooting the system.
PAM Kerberos works on HP 9000 servers and workstations with a minimum of 32MB of
memory and sufficient swap space (a minimum of 50MB is recommended).
NOTE PAM Kerberos is not thread safe.