Configuration Guide for Kerberos Client Products on HP-UX 11.0 | HP-UX 11i v1 | HP-UX 11i v1.6 | HP-UX 11i v2

Overview

Kerberos Products and GSS-API on HP-UX

Chapter 1 23

Kerberos Products and GSS-API on HP-UX

HP-UX supports Kerberos products with a set of three software packages

and Generic Security Service Application Programming Interface for

HP-UX 11.0 onwards. These products are:

• PAM Kerberos (PAM-Kerberos)

• Kerberos Client Software

• HP’s Kerberos Server Version 2.0

• Generic Security Service Application Programming Interface

(GSS-API)

All HP-UX Kerberos products conform to the IETF RFC 1510

speciﬁcation for Kerberos Version 5.

Application programmers can create “Kerberized” applications using

either the GSS-APIs or the Kerberos APIs. However, HP recommends

that GSS-APIs be used for application development. HP provides the

following Kerberized applications through Secure Internet Services (SIS):

ftp, rcp, remsh, rlogin, and telnet.

The HP-UX Kerberos-related products and GSS-API are:

• PAM Kerberos (PAM-Kerberos) : is the Kerberos implementation of

the PAM Framework based on the RFC 86.0 of Open Group. PAM

allows multiple authentication technologies to co-exist on HP-UX.

• Kerberos Client Software : includes libraries, header ﬁles and

utilities for implementing Kerberized client/server applications in

either 32-bit or 64-bit development environment.

The client libraries are based on MIT Kerberos V5 1.1.1 release. The

KRB5-Client libraries support DES encryption as speciﬁed in RFC

1510 of the IETF.

The Kerberos Client utilities are as follows:

— kinit, klist, and kdestroy to manage credentials

— kpasswd to change Kerberos passwords

— ktutil to maintain keytab ﬁle