HP-UX 11i Version 2 Release Notes (October 2003)
Security
Security Patch Check
Chapter 7
186
•In the /etc/pam.conf file, if the flag krb_prompt is added to either the login or
password entry, the prompt explicitly specifies kerberos as shown below:
$ old password <----- Previous output
$ old kerberos password <----- Output if krb_prompt is specified
Impact
By preventing a user from changing another user’s password, systems now conform to
standards and are now more secure.
Compatibility
There are no compatibility issues.
Performance
There are no performance issues.
Documentation
The pamkrbval manpage, pamkrbval (1M), is now available.
The pam_krb5 manpage, pam_krb5 (1), has been updated to reflect all changes.
Obsolescence
Not applicable.
Security Patch Check
Security Patch Check is a tool that analyzes the currency of a system with respect to
security patches. It recommends patches for security vulnerabilities that have not been
fixed by other patches currently on the system. Use of the Security Patch Check (SPC)
software tool can help efficiently improve system security, but does not guarantee system
security. SPC can be set up as part of the Bastille interactive configuration or manually.
Summary of Change
Previously available only via the Web, Security Patch Check version 1.3 is now included
in the HP-UX 11i v2 Operating Environments. This version of security patch check does
better corner-case handling, and incorporates a number of bug-fixes and clearer wording.
Impact
Security Patch Check simplifies the process of determining whether you have all the
relevant security patches on your HP-UX 11.x system.