PAM Kerberos Release Notes for HP-UX 11i
Chapter 1 11
PAM Kerberos Release Notes for HP-UX 11i
Known Limitations
Known Limitations
• Donot stack PAM Kerberos module (libpam_krb5.1) and DCE plug-in module
(libpam_dce.1)inthepam.conf file. This kind of stacking produces unpredictable results.
The PAM Kerberos (libpam_krb5.1) module and the DCE (libpam_dce.1) module use a
different principal style and a different credential file path. For the principal style, the
DCE Kerberos module uses cellname, whereas PAM Kerberos uses realm name. For the
credential cache file, DCE Kerberos puts its credentials in the /var/opt/dce/creds path,
while PAM Kerberos stores them in /tmp/pam_krb5/creds path.
• Due to the protocol selection mechanism of the change password protocol, when you
change passwords on a MIT KDC with a version prior to 1.1, up to 45 seconds may elapse
before the password is actually changed.