PAM Kerberos Release Notes for HP-UX 11i HP 9000 Systems Manufacturing Part Number: J5849-90002 E1200 U.S.A.
Legal Notices The information in this document is subject to change without notice. Hewlett-Packard makes no warranty of any kind with regard to this manual, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Hewlett-Packard shall not be held liable for errors contained herein or direct, indirect, special, incidental or consequential damages in connection with the furnishing, performance, or use of this material. Warranty.
©copyright 1980, 1984, 1986 Novell, Inc. ©copyright 1986-1992 Sun Microsystems, Inc. ©copyright 1985-86, 1988 Massachusetts Institute of Technology. ©copyright 1989-93 The Open Software Foundation, Inc. ©copyright 1986 Digital Equipment Corporation. ©copyright 1990 Motorola, Inc.
1 PAM Kerberos Release Notes for HP-UX 11i Announcement PAM Kerberos, PAM-KRB5, is supported on the HP-UX 11i system. It is based on Kerberos Authentication System V5, developed by Massachusetts Institute of Technology (MIT). The PAM Kerberos module is compliant with IETF RFC 1510 and Open Group RFC 86. HP-UX PAM Kerberos is implemented under the PAM (Pluggable Authentication Module) framework. PAM Kerberos works with Microsoft Windows 2000 and MIT Kerberos V5 KDC.
PAM Kerberos Release Notes for HP-UX 11i What’s in This Version What’s in This Version The PAM service modules are implemented as a shared library: the Kerberos PAM library, /usr/lib/security/libpam_krb5.1, which uses Krb5 APIs. PAM Kerberos for HP-UX 11i consists of the libpam_krb5.1 library, the pam_krb5 man page, and a release note. PAM-KRB-SHLIB /usr/lib/security/libpam_krb5.1 PAM-KRB-MAN /usr/share/doc/PAMKerberosRelNotes.pdf /usr/share/man/man5.Z/pam_krb5.
PAM Kerberos Release Notes for HP-UX 11i Known Problems and Workarounds Known Problems and Workarounds • The Kerberos system ftp service may list the /etc/issue file before the expected output. Refer to SIS (5) man page for more details on Secure Internet Services (SIS). • If the password has expired on a Microsoft Windows 2000 KDC, the user is not prompted for a new password and cannot log in. This is a known problem in Microsoft Windows 2000.
PAM Kerberos Release Notes for HP-UX 11i Compatibility Information and Installation Requirements Compatibility Information and Installation Requirements Hardware Requirements HP 9000 workstations and servers with a minimum of 32 MB of memory and sufficient swap space (a minimum of 50 MB is recommended). Operating System Requirements HP-UX 11i Disk Space Requirements Minimum disk space required to install the product is 1 MB.
PAM Kerberos Release Notes for HP-UX 11i Notes, Cautions and Warnings Notes, Cautions and Warnings • For each user, make sure that the UNIX uid, home directory, and shell information exist in the UNIX repository, /etc/passwd. • The Kerberos PAM module sets and uses an environment variable, KRB5CCNAME, during authentication. Concurrent execution in the same shell environment of any PAM modules may result in unexpected behavior.
PAM Kerberos Release Notes for HP-UX 11i Patches and Fixes in This Version Patches and Fixes in This Version All patches have been incorporated into this release.
PAM Kerberos Release Notes for HP-UX 11i Known Limitations Known Limitations • Do not stack PAM Kerberos module (libpam_krb5.1) and DCE plug-in module (libpam_dce.1) in the pam.conf file. This kind of stacking produces unpredictable results. The PAM Kerberos (libpam_krb5.1) module and the DCE (libpam_dce.1) module use a different principal style and a different credential file path. For the principal style, the DCE Kerberos module uses cellname, whereas PAM Kerberos uses realm name.
PAM Kerberos Release Notes for HP-UX 11i Related Documentation Related Documentation The list below contains documentation related to the PAM Kerberos product: • PAM Kerberos Release Note for HP-UX 11i (J5849-90002) - this document /usr/share/docs/PAM KerberosRelNotes.pdf • Configuration Guide for Kerberos Products on HP-UX (J5849-90003) • HP-UX 11i Enterprise Release Delta Document • Man Pages: krb5.conf (4), kerberos (9), pam.conf (4), pam_user.conf (4), pam (3).
