Kerberos Client C.1.3.5.09 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX Kerberos Data Security Software

Kerberos Client Version C.1.3.5.09

Release Notes

HP Part Number: 5900-0128

Published: July 2009

Edition: HP-UX 11i v1

Summary of content (12 pages)

PAGE 1
Kerberos Client Version C.1.3.5.
PAGE 2
© Copyright 2009 Hewlett-Packard Development Company, L.P Legal Notices Copyright 2009 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license.
PAGE 3
Table of Contents 1 Kerberos Client C.1.3.5.09 Release Notes.....................................................................................5 Announcement.....................................................................................................................5 What Is New in This Version................................................................................................6 Features Supported From Kerberos Client Version 1.3.5................................................
PAGE 4
List of Tables 1-1 1-2 1-3 1-4 1-5 1-6 4 Kerberos Client Libraries on HP-UX 11i v1..................................................................5 Kerberos Client Utilities................................................................................................6 Encryption Types supported by Kerberos Client C.1.3.5.09.........................................7 System Requirements for Installing Kerberos Client C.1.3.5.09...................................9 Required Patches for Kerberos Client C.
PAGE 5
1 Kerberos Client C.1.3.5.09 Release Notes Information in this document applies to the Web release of Kerberos Client C.1.3.5.09 for HP-UX 11i v1. Announcement HP-UX provides Kerberos Client software including libraries, header files, and utilities for implementing secured client/server applications in either 32-bit or 64-bit development environments. Kerberos Client (KRB5-Client) is a part of the core HP-UX 11i v1 operating system.
PAGE 6
Table 1-2 Kerberos Client Utilities Utility Function /usr/bin/kinit ->/opt/krb5client/bin/ kinit Obtains and caches the Kerberos ticket-granting ticket /usr/bin/klist -> /opt/krb5client/bin/ klist Lists cached Kerberos tickets /usr/bin/kvno -> /opt/krb5client/bin/kvno Prints key version numbers of Kerberos principals /usr/bin/kpasswd -> /opt/krb5client/bin/ Changes a user’s Kerberos password kpasswd /usr/sbin/ktutil -> /opt/krb5client/sbin/ Maintains the Kerberos keytab file ktutil /usr/bin/kdestroy -
PAGE 7
• Support for TCP Kerberos Client libraries can now use TCP to connect to the Key Distribution Center (KDC). Libraries can use TCP to communicate with Microsoft KDCs (domain controllers) if they issue tickets with excess PAC data. • Security fixes up to version 1.3.5 made by MIT in the open source version of Kerberos Client.
PAGE 8
Table 1-3 Encryption Types supported by Kerberos Client C.1.3.5.09 (continued) Encryption Type Description rc4-hmac ArcFour with HMAC/md5 This encryption type is an alias to the arcfour-hmac encryption type. If you specify rc4-hmac in the configuration file, then its behavior is the same as arcfour-hmac. arcfour-hmac-md5 ArcFour with HMAC/md5 This encryption type is an alias to the arcfour-hmac encryption type.
PAGE 9
NOTE: You must install PAM Kerberos v1.24 or later, Kerberos Client C.1.3.5.06 or later, and patch PHSS_28871 or later on your system. Known Limitation Kerberos Client Version C.1.3.5.09 libraries are not thread safe. Installation Requirements for Kerberos Client C.1.3.5.09 on HP-UX 11i v1 This section discusses the prerequisites for installing Kerberos Client version C.1.3.5.09 on HP-UX 11i v1. System Requirements Table 1-4 specifies the minimum system requirements for installing Kerberos Client C.1.3.
PAGE 10
Table 1-5 Required Patches for Kerberos Client C.1.3.5.09 (continued) PHNE_27796 DNS backend patch PHSS_39774 KRB5-Client Version 1.0 cumulative patch to patch the core KRB5-Client when the Web upgrade is installed on the system PHSS_39774 is a part of the KRB5CLIENT bundle.
PAGE 11
Installing Kerberos Client C.1.3.5.09 To install Kerberos Client C.1.3.5.09, complete the following steps: 1. 2. 3. 4. 5. Log in as superuser. Download the depot from the Software Depot at: http://h20293.www2.hp.com/. Fill out the registration form, and ensure that you select HP-UX 11i v1 as the operating system. Download the Kerberos Client Software Depot and move it to the /tmp directory. Verify if the file downloaded correctly by entering the following command: # swlist -d @ /tmp/
PAGE 12
QXCR1000918642 Symptom: Under certain conditions Kerberos applications crash. Defect Description: Under certain conditions Kerberos applications crash. Resolution: The Kerberos Client is fixed to resolve this problem. Related Documentation For more information about Kerberos Client, see Configuration Guide for Kerberos Client Products on HP-UX (5991-7718). 12 Kerberos Client C.1.3.5.