HP-UX 11i Version 2 September 2006 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i v2 Foundation OE LTU

141

142

143

144

145

146

147

148

149

150

Security

PAM Kerberos

Chapter 8

148

PAM Kerberos

PAM Kerberos provides Kerberos authentication as per the Pluggable Authentication

Module (PAM) architecture that is specified in Open Group RFC 86.0. PAM allows

multiple authentication technologies to coexist. PAM Kerberos is one of the

authentication modules that PAM can invoke based on the authentication method

defined in the /etc/pam.conf PAM configuration file. If the shared, dynamically

loadable PAM Kerberos library (for example, /usr/lib/security/libpam_krb5.1) is

defined for the PAM authentication module, PAM Kerberos is invoked for user

authentication.

Summary of Change

As of the September 2006 release, PAM Kerberos is delivered on the HP-UX 11i v2

Operating Environments. PAM Kerberos v 1.24 contains the following enhancements:

•The pamkrbval (1M) tool displays an error message when the keytable entry is not

found for the host service principal.

•The pamkrbval (1M) tool checks the ownership of the /usr/tmp/rc_host_0 file for

better troubleshooting.

• PAM Kerberos provides an appropriate message when the user’s ADC account is

locked or has expired.

• The bundle name for PAM Kerberos has changed from “J5849AA” to

“PAMKerberos”.

Impact

There are no impacts other than those described previously.

Compatibility

There are no known compatibility issues.

Performance

There are no known performance issues.

Documentation

For further information, see the PAM Kerberos v 1.24 Release Notes (available at

http://www.docs.hp.com/en/internet.html#Kerberos), as well as the following

manpages:

• krb5.conf (4)

• kerberos (9)

• pam.conf (4)

• pam_user.conf (4)