Configuration Guide for Kerberos Client Products on HP-UX 11.0 | HP-UX 11i v1 | HP-UX 11i v1.6 | HP-UX 11i v2

Introduction to the Kerberos Products and GSS-API

PAM Kerberos

Chapter 2 27

PAM Kerberos

HP-UX provides Kerberos authentication as part of the Pluggable

Authentication Module (PAM) architecture as speciﬁed in RFC 86.0, of

the Open Group. PAM allows multiple authentication technologies to

co-exist on HP-UX. The conﬁguration ﬁle, /etc/pam.conf, determines

the authentication module to be used in a manner transparent to the

applications that use the PAM library.

This product consists of the following:

• PAM Kerberos library - libpam_krb5

• PAM Kerberos Conﬁguration validation tool - pamkrbval. Refer to

“pamkrbval” on page 40, for more information.

The PAM Framework

Figure 2-1 shows the relationship between the PAM Kerberos Library

and various authentication modules that HP-UX provides. Notice that

the PAM Kerberos Library is one of the many authentication modules

that PAM can invoke based on what is deﬁned under the PAM

conﬁguration ﬁle: /etc/pam.conf.

PAM Kerberos is invoked for user authentication, when PAM’s

authentication-management module is pointed to the shared

dynamically loadable PAM Kerberos library, libpam_krb5. Table 2-1

indicates the location of the library on both Itanium and PA-RISC

based platforms.

Table 2-1 PAM Kerberos Library libpam_krb5

Platform Location

Itanium -

based platform

/usr/lib/security/$ISA/libpam_krb5.so.1

PA-RISC

platform

/usr/lib/security/libpam_krb5.1