Manualshelf

Kerberos Client E.1.6.2.03 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX Kerberos Data Security Software
567891011121314
Command for copying service ticket between credential caches - kcpytkt
Command for deleting service ticket from the credential cache - kdeltkt
Provides the following new functions, which are needed for NFSv4:
The gss_krb5_set_allowable_enctypes() function
The gss_krb5_export_lucid_sec_context() function
Provides a plug-in architecture that allows for extension modules to be loaded at
run-time
Partial client implementation to handle server name referrals
Features Supported From Kerberos Client Version 1.3.5
Kerberos Client version E.1.6.2.03 also supports the following features from Kerberos
Client version 1.3.5:
SASL/GSS-API bind to Netscape Directory Server used to fail when SSL was
enabled
Support for powerful cryptographic algorithms
This version of Kerberos Client software supports 3DES, AES, and RC4
Support for IPv6
IPv6 support is enabled on this version of Kerberos Client software
Support for TCP
Kerberos Client libraries can now use TCP to connect to the Key Distribution Center
(KDC). Libraries can use TCP to communicate with Microsoft KDCs (domain
controllers) if they issue tickets with excess PAC data.
Security fixes up to version 1.6.2 made by MIT in the open source version of
Kerberos Client.
Administrators can now control the behavior of Kerberized login applications that
call the krb5_kuserok API provided by the libkrb5.sl library. In earlier
versions of Kerberos Client, krb5_kuserok checked the .k5login file in the
user's home directory for access permissions. This enabled users to modify the
.k5login file and allow access to other users.
Administrators can now create files with the name .k5login.<username> in
the /etc/krb5/ directory. Administrators can also create symbolic links pointing
to the .k5login file in the users home directory. If the/etc/krb5 directory does
not exist krb5_kuserokcontinues to check the .k5login file in the user's home
directory. If the/etc/krb5/ directory exists, the krb5_kuserokAPI ignores any
corresponding .k5login files in the user's home directory while making
authorization decisions. The format of the entries in the new files in /etc/krb5
continues to be the same as that of the .k5login file in the user's home directory.
What Is New in This Version 11