Kerberos Client Version E.1.6.2.
© Copyright 2009 Hewlett-Packard Development Company, L.P Legal Notices Copyright 2009 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license.
Table of Contents 1 Kerberos Client E.1.6.2.03 Release Notes......................................................................................5 Announcement.....................................................................................................................5 Encryption Types Supported by Kerberos Client...........................................................9 What Is New in This Version..............................................................................................
List of Tables 1-1 1-2 1-3 1-4 4 Kerberos Client PA-RISC and Itanium Libraries..........................................................5 Kerberos Client Utilities................................................................................................8 Encryption Types supported by Kerberos Client E.1.6.2.03.........................................9 System Requirements for Installing Kerberos Client E.1.6.2.03..................................
1 Kerberos Client E.1.6.2.03 Release Notes Information in this document applies to the Web release of Kerberos Client E.1.6.2.03 for HP-UX 11i v3. Announcement Kerberos Client (krb5client) is a Web upgrade for KRB5-Client. KRB5-Client is a part of the core HP-UX 11i v3 operating system. HP-UX provides Kerberos Client software including libraries, header files, and utilities for implementing secured client/server applications in either 32-bit or 64-bit development environments.
Table 1-1 Kerberos Client PA-RISC and Itanium Libraries (continued) Architecture Library Name / Location Functionality PA-RISC 32–bit • /usr/lib/libk5crypto.sl -> /usr/lib/ libk5crypto.1 • /usr/lib/libk5crypto.1 -> /opt/ krb5client/lib/libk5crypto.1 64–bit • /usr/lib/pa20_64/libk5crypto.sl -> /usr/lib/pa20_64/libk5crypto.1 • /usr/lib/pa20_64/libk5crypto.1 -> /opt/ krb5client/lib/pa20_64/libk5crypto.
Table 1-1 Kerberos Client PA-RISC and Itanium Libraries (continued) Architecture Library Name / Location Functionality Itanium 32–bit Authenticate users, verify • /usr/lib/hpux32/libkrb5.so -> /usr/lib/ tickets, create authenticator, and manage the context. hpux32/libkrb5.so.1 • /usr/lib/hpux32/ libkrb5.so.1 -> /opt/ krb5client/lib/hpux32/libkrb5.so.1 64–bit • /usr/lib/hpux64/libkrb5.so -> /usr/lib/ hpux64/libkrb5.so.1 • /usr/lib/hpux64/libkrb5.so.1 -> /opt/ krb5client/lib/hpux64/libkrb5.so.
Table 1-1 Kerberos Client PA-RISC and Itanium Libraries (continued) Architecture Library Name / Location Functionality Itanium 32–bit Kerberos-mechanism specific • /usr/lib/hpux32/libgss.so –> /usr/lib/ library used by GSSAPI (/usr/lib/libgss.sl) hpux32/libgss.so.1 • /usr/lib/hpux32/libgss.so.1 –> /opt/ krb5client/lib/hpux32/gss/ libgssapi_krb5.so.1 64–bit • /usr/lib/hpux64/libgss.so -> /usr/lib/ hpux64/libgss.so.1 • /usr/lib/hpux64/libgss.so.1 -> /opt/ krb5client/lib/hpux64/gss/ libgssapi_krb5.so.
Table 1-2 Kerberos Client Utilities (continued) Utility Function /usr/bin/kcpytkt ->/opt/krb5client/bin/ kcpykt Copies the service ticket between credential caches /usr/bin/kdeltkt ->/opt/krb5client/bin/ kdeltkt Deletes the service ticket from the credential cache 1 The -> symbol indicates that the core file links to the corresponding file in the krb5client product. Kerberos Client includes the following header files: • /usr/include/profile.h -> /opt/krb5client/include/profile.h • /usr/include/krb5.
Table 1-3 Encryption Types supported by Kerberos Client E.1.6.2.03 (continued) Encryption Type Description des-hmac-sha1 DES with HMAC/sha1 arcfour-hmac ArcFour with HMAC/md5 rc4-hmac ArcFour with HMAC/md5 This encryption type is an alias to the arcfour-hmac encryption type. If you specify rc4-hmac in the configuration file, then it’s behavior is the same as arcfour-hmac. arcfour-hmac-md5 ArcFour with HMAC/md5 This encryption type is an alias to the arcfour-hmac encryption type.
— Command for copying service ticket between credential caches - kcpytkt — Command for deleting service ticket from the credential cache - kdeltkt • Provides the following new functions, which are needed for NFSv4: — The gss_krb5_set_allowable_enctypes() function — The gss_krb5_export_lucid_sec_context() function • Provides a plug-in architecture that allows for extension modules to be loaded at run-time Partial client implementation to handle server name referrals • Features Supported From Kerberos Cl
For detailed product information, installing and configuring instructions, troubleshooting and sample configuration files, see Configuration Guide for Kerberos Client Products on HP-UX (5991-7718). Known Problems and Workarounds Following are the known problems and workarounds: • To use files to resolve host entries, you must add the following line to the /etc/ nsswitch.conf file: ipnodes : dns files Installation Requirements for Kerberos Client E.1.6.2.
5. Verify if the file downloaded correctly by entering the following command: # swlist -d @ /tmp/ The following output is displayed if the file is downloaded correctly: # Initializing... # Contacting target "localhost"... # # Target: localhost:/tmp/KRB5CLIENT.depot # # # Bundle(s): # KRB5CLIENT E.1.6.2.03 Kerberos V5 Client Version 1.6.2.03 NOTE: When using the swlist and swinstall commands, you must specify the absolute path of the source depot. 6.
QXCR1000851155 Symptom: The kinit application dumps core. Defect Description: The kinit application dumps core if the appdefaults section of the krb5.conf file has any options set. Resolution: The kinit application is fixed to resolve this issue. QXCR1000819795 Symptom: The Kerberos Client 1.6.2 fails to copy forwarded credentials. Defect Description: The Kerberos Client 1.6.2 fails to copy forwarded credentials. Resolution: The Kerberos Client is fixed to resolve this issue.
