Kerberos Client Version C.1.3.5.03 Release Notes HP-UX 11i v1, HP-UX 11i v2 September 2004 Manufacturing Part Number: J5849-90014 E0605 U.S.A. © Copyright 2005 Hewlett-Packard Development Company L.P.
Legal Notices The information contained herein is subject to change without notice. Hewlett-Packard makes no warranty of any kind with regard to this manual, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Hewlett-Packard shall not be held liable for errors contained herein or direct, indirect, special, incidental or consequential damages in connection with the furnishing, performance, or use of this material.
Reproduction, adaptation, or translation of this document without prior written permission is prohibited, except as allowed under the copyright laws. ©copyright 1979, 1980, 1983, 1985-93 Regents of the University of California This software is based in part on the Fourth Berkeley Software Distribution under license from the Regents of the University of California. ©copyright 1980, 1984, 1986 Novell, Inc. ©copyright 1986-1992 Sun Microsystems, Inc.
1 Kerberos Client C.1.3.5.03 Release Notes Information in this document applies to the Web release of Kerberos Client C.1.3.5.
Kerberos Client C.1.3.5.03 Release Notes release of the operating system.
Kerberos Client C.1.3.5.03 Release Notes Announcement Announcement Kerberos Client (krb5client) is a Web upgrade for KRB5-Client. KRB5-Client is a part of the core HP-UX 11i v1 and HP-UX 11i v2 operating systems. HP-UX provides Kerberos Client software including libraries, header files and utilities for implementing secured client/server applications in either 32-bit or 64-bit development environment.
Kerberos Client C.1.3.5.03 Release Notes Announcement Table 1-1 lists the libraries that Kerberos Client supports on PA-RISC (HP-UX 11i v1, and HP-UX 11i v2 September 2004) and Itanium (HP-UX 11i v2 September 2004) architecture. Table 1-1 PA-RISC Architecture 8 Kerberos Client Libraries on PA-RISC (PA) and Itanium (IA) Architecture 32-bit 64-bit Functionality /usr/lib/libkrb5.sl /usr/lib/pa20_64/ libkrb5.sl Authenticate users, verify tickets, create authenticator, and manage the context.
Kerberos Client C.1.3.5.03 Release Notes Announcement Table 1-1 Kerberos Client Libraries on PA-RISC (PA) and Itanium (IA) Architecture (Continued) Itanium Architecture 32-bit 64-bit Functionality /usr/lib/hpux32/ libkrb5.so /usr/lib/hpux64/ libkrb5.so Authenticate users, verify tickets, create authenticator, and manage the context. /usr/lib/hpux32/ libcom_err.so /usr/lib/hpux64/ libcom_err.so Print appropriate error messages to stderr based on the error code returned by the Kerberos APIs.
Kerberos Client C.1.3.5.03 Release Notes Announcement • /usr/bin/klist Lists cached Kerberos tickets. • /usr/bin/kvno Prints key version numbers of Kerberos principals. • /usr/bin/kpasswd Changes a user’s Kerberos password. • /usr/sbin/ktutil Maintains Kerberos keytab file. Kerberos Client includes the following header files: • /usr/include/profile.h • /usr/include/krb5.h • /usr/include/com_err.
Kerberos Client C.1.3.5.03 Release Notes What Is New in This Version What Is New in This Version Kerberos Client version C.1.3.5.03 supports the following features new from Kerberos Client version 1.0: • SASL/GSS-API bind to Netscape Directory Server used to fail when SSL was enabled. This problem has been fixed in this release. • Support for powerful cryptographic algorithms This version of Kerberos Client software supports 3DES, AES, and RC4.
Kerberos Client C.1.3.5.03 Release Notes Known Problems and Workarounds Known Problems and Workarounds There are no known problems and workarounds in this release of Kerberos Client.
Kerberos Client C.1.3.5.03 Release Notes Installation Requirements for Kerberos Client C.1.3.5.03 on HP-UX 11i v1 Installation Requirements for Kerberos Client C.1.3.5.03 on HP-UX 11i v1 This section details the prerequisites for installing Kerberos Client version C.1.3.5.03 on HP-UX 11i v1. Hardware Requirements HP 9000 workstations and servers with a minimum of 32 MB of memory and sufficient swap space. HP recommends that your servers or workstations have a minimum of 50 MB of memory.
Kerberos Client C.1.3.5.03 Release Notes Installation Requirements for Kerberos Client C.1.3.5.03 on HP-UX 11i v1 • PHCO_25568 Install this patch to use files to resolve host entries. Install the libnss_files cumulative patch PHCO_25568 on your system. Add the following line to the /etc/nsswitch.conf file: ipnodes : dns files NOTE • PHCO_31061 or a later patch Install this patch to use PAM Kerberos with this version of Kerberos Client.
Kerberos Client C.1.3.5.03 Release Notes Installation Requirements for Kerberos Client C.1.3.5.03 on HP-UX 11i v2 September 2004 Installation Requirements for Kerberos Client C.1.3.5.03 on HP-UX 11i v2 September 2004 This section details the prerequisites for installing Kerberos Client C.1.3.5.03 on HP-UX 11i v2 September 2004 release. Hardware Requirements HP 9000 workstations and servers with a minimum of 32 MB of memory and sufficient swap space.
Kerberos Client C.1.3.5.03 Release Notes Installation Requirements for Kerberos Client C.1.3.5.03 on HP-UX 11i v2 September 2004 Disk Space Requirements Minimum disk space required to install the product is 5 MB.
Kerberos Client C.1.3.5.03 Release Notes Defect Fixes in This Version Defect Fixes in This Version Table 1-2 describes the defects fixed in Kerberos Client version C.1.3.5.03. Table 1-2 Defect Fixes JAG ID JAGaf58980 DESCRIPTION User was unable to install the 64-bit shared library (krb5client.KRB5-64SLIB-A). This occurred when the KRB5-Client Japanese manpages (KRB5-JPN-E-MAN and KRB5-JPN-S-MAN) were not installed.
Kerberos Client C.1.3.5.03 Release Notes Defect Fixes in This Version Table 1-2 Defect Fixes (Continued) JAG ID JAGaf54263 DESCRIPTION When the primary administrative server is unavailable, the kpasswd utility times out instead of failing over to the secondary server. This defect has been fixed in this release of Kerberos. When the primary server fails, the kpasswd utility attempts to fail over to other administrative servers in the list by having a configurable timeout value called kpasswd_timeout.
Kerberos Client C.1.3.5.03 Release Notes Known Limitation Known Limitation Kerberos Client version C.1.3.5.03 libraries are not thread safe.
Kerberos Client C.1.3.5.03 Release Notes Related Documentation Related Documentation For more information about Kerberos Client, refer to Configuration Guide for Kerberos Products on HP-UX (J5849-90003).
