Configuration Guide for Kerberos Client Products on HP-UX 11.0 | HP-UX 11i v1 | HP-UX 11i v1.6 | HP-UX 11i v2
Introduction to the Kerberos Products and GSS-API
Secure Internet Services
Chapter 2 43
Secure Internet Services
Although you may use Kerberos to authenticate a user to the local host,
most likely you want to authenticate the users on remote systems
without sending the password in clear text over the network. HP-UX
provides built-in support for the following secure Internet services
applications: ftp, rcp, rlogin, telnet, and remsh.
As shown in Figure 2-2, a secure environment consists of three kinds of
nodes: a KDC server, the application server (rlogind process), and the
application client (rlogin process). Notice that the application client is
not a KDC client under PAM Kerberos.
When using PAM Kerberos, users only configure the application server
as a KDC client. Users are prompted for a password when they first log
into the application client. The user has no credential and the their
password is sent in clear text to the application server. As shown in
Figure 2-2, the user sends a password to a remote system in Step 1. In
Step 2, the application server invokes libkrb5.sl through PAM to
request for authentication from the KDC. In Step 3, KDC replies with