Planning and Configuring HP-UX DCE 2.0
About HP-UX DCE Version 2.0
Interoperability and Compatibility
Chapter 2 13
If a statically-linked HP-UX DCE 1.2, 1.2.1, 1.3.1, 1.4, 1.4.1, 1.4.2,
1.5, 1.6, or 1.7 application purges a login context (using
sec_login_purge_context) which an HP-UX DCE 2.0 application
has created or refreshed, one of the credential files will not be deleted
from the disk. This file is located in /var/opt/dce/security/creds.
The file name consists of the unique credential cache ID associated
with the login context and a .data.db suffix. Administrators can
choose to remove this file manually.
Source Code Compatibility with Previous HP-UX DCE
Releases
There are no known source code incompatibilities between HP-UX DCE
2.0 and previous releases.
Kerberos Authentication Protocol Compatibility
The DCE Security authentication service implements Kerberos Version
5. DCE Security does not provide backward compatibility support for
Kerberos Version 4.
DCE Support for Kerberos Applications and
Configuration Notes
HP-UX DCE 2.0 makes available enhanced configuration features
specific to Kerberos Version 5. Configuration with dce_config has been
updated to do the following for either a security server or client:
• Create a host principal, account and keytab entry for Secure Internet
Services (SIS) remote utilities.
• Create the file /etc/krb5.conf for use by Kerberos version V5
applications.
• Create the file /krb5/krb.realms for Kerberos V5 B4 applications.
• Add the entries klogin, kshell, ekshell, and eklogin as well as
kerberos5 and kerberos-sec to /etc/services.
• Link the /etc/krb5.keytab file, which is the default keytab used by
Kerberos V5 clients, to the /krb5/v5srvtab file, which is the default
keytab used by DCE clients.