Kerberos Client Version C.1.3.5.06 Release Notes HP-UX 11i v1 Manufacturing Part Number: 5992-0789 May 2007 © Copyright 2007 Hewlett-Packard Development Company, L.P.
Legal Notices Copyright 2007 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
Kerberos Client C.1.3.5.06 Release Notes 1 Kerberos Client C.1.3.5.06 Release Notes Information in this document applies to Kerberos Client C.1.3.5.06 for HP-UX 11i v1.
Kerberos Client C.1.3.5.06 Release Notes Announcement Announcement HP-UX provides Kerberos Client software including libraries, header files, and utilities for implementing secured client/server applications in either 32-bit or 64-bit development environments. Kerberos Client (KRB5-Client) is a part of the core HP-UX 11i v1 operating system.
Kerberos Client C.1.3.5.06 Release Notes Announcement Table 1-1 lists the libraries that Kerberos Client supports on HP-UX 11i v1. The symbolic links are created for backward compatibility. Table 1-1 PA-RISC Architecture Chapter 1 Kerberos Client Libraries on HP-UX 11i v1 32-bit 64-bit Functionality /usr/lib/libkrb5.sl ->/usr/lib/libkrb5.1 /usr/lib/pa20_64/ libkrb5.sl -> /usr/lib/pa20_64/ libkrb5.
Kerberos Client C.1.3.5.06 Release Notes Announcement The client libraries are based on MIT Kerberos V5 1.3.5 release. The KRB5-Client libraries support DES, 3DES, RC4, and AES, as specified in RFC 1510 of the IETF. This release of Kerberos Client is interoperable with Microsoft Windows ® 2000 and 2003. Table 1-2 lists and describes the utilities that Kerberos Client includes.
Kerberos Client C.1.3.5.06 Release Notes What Is New in This Version What Is New in This Version Kerberos Client C.1.3.5.06 is a defect fix release and does not have any new features. Features Supported From Kerberos Client Version 1.3.5 Kerberos Client version C.1.3.5.06 also supports the following features from Kerberos Client version 1.3.
Kerberos Client C.1.3.5.06 Release Notes What Is New in This Version Encryption Types Supported by Kerberos Client Table 1-3 lists the encryption types supported by Kerberos Client C.1.3.5.06. Table 1-3 Encryption Types supported by Kerberos Client C.1.3.5.06 Encryption Type Description des-cbc-crc DES cbc mode with CRC-32 des-cbc-md4 DES cbc mode with RSA-MD4 des-cbc-md5 DES cbc mode with RSA-MD5 des DES cbc mode with RSA-MD5 This encryption type is an alias to the des-cbc-md5 encryption type.
Kerberos Client C.1.3.5.06 Release Notes What Is New in This Version Table 1-3 Encryption Types supported by Kerberos Client C.1.3.5.06 (Continued) Encryption Type rc4-hmac Description ArcFour with HMAC/md5 This encryption type is an alias to the arcfour-hmac encryption type. If you specify rc4-hmac in the configuration file, then it’s behavior is the same as arcfour-hmac. arcfour-hmac-md5 ArcFour with HMAC/md5 This encryption type is an alias to the arcfour-hmac encryption type.
Kerberos Client C.1.3.5.06 Release Notes What Is New in This Version Table 1-3 Encryption Types supported by Kerberos Client C.1.3.5.06 (Continued) Encryption Type aes128-cts Description AES-128 CTS mode with 96-bit SHA-1 HMAC This encryption type is an alias to the aes128-cts-hmac-sha1-96 encryption type. If you specify aes128-cts in the configuration file, then it’s behavior is the same as aes128-cts-hmac-sha1-96.
Kerberos Client C.1.3.5.06 Release Notes Known Problems and Workarounds Known Problems and Workarounds If a kernel threaded DCE application linking to libdcekt uses PAM Kerberos for authentication, it results in core dump. This occurs because of a symbol clash between PAM Kerberos and DCE kernel threads. HP has fixed PAM Kerberos v 1.24 and Kerberos Client C.1.3.5.06. However, you must also install PHSS_28871 to resolve this defect. NOTE Chapter 1 You must have PAM Kerberos v1.24, Kerberos Client C.1.3.
Kerberos Client C.1.3.5.06 Release Notes Installation Requirements for Kerberos Client C.1.3.5.06 on HP-UX 11i v1 Installation Requirements for Kerberos Client C.1.3.5.06 on HP-UX 11i v1 This section discusses the prerequisites for installing Kerberos Client version C.1.3.5.06 on HP-UX 11i v1. System Requirements Table 1-4 specifies the minimum system requirements for installing Kerberos Client C.1.3.5.06. Table 1-4 System Requirements for Installing Kerberos Client C.1.3.5.
Kerberos Client C.1.3.5.06 Release Notes Installation Requirements for Kerberos Client C.1.3.5.06 on HP-UX 11i v1 Patch Requirements Table 1-5 lists the patches you must install before installing Kerberos Client C.1.3.5.06 on HP-UX 11i v1.These patches are a part of the KRB5CLIENT bundle. Table 1-5 Required Patches for Kerberos Client C.1.3.5.
Kerberos Client C.1.3.5.06 Release Notes Installation Requirements for Kerberos Client C.1.3.5.06 on HP-UX 11i v1 Table 1-6 Additional Patches for Kerberos Client on HP-UX 11i v1 Patch /Product Description Included in the KRB5CLIENT Bundle? PHSS_29487 GSS-API Version 1.0 cumulative patch to enable 64-bit functionality of GSS-API with Kerberos backend Yes PHCO_25568 Patch to enable users to use files to resolve host entries.
Kerberos Client C.1.3.5.06 Release Notes Installation Requirements for Kerberos Client C.1.3.5.06 on HP-UX 11i v1 Table 1-6 Chapter 1 Additional Patches for Kerberos Client on HP-UX 11i v1 Patch /Product Description Transport Optional Upgrade Release (TOUR) Product that enables you to use IPv6 with Kerberos Client version C.1.3.5.05. It is available for download at: www.software.hp.
Kerberos Client C.1.3.5.06 Release Notes Defect Fixes in This Version Defect Fixes in This Version The following defect has been fixed in this version of Kerbers Client: 16 JAGag35361 KRB5-Client is unable to verify messages properly under certain conditions. JAGag29768 The kerberos and krb5.conf manpages, and the Release Notes provide information about the encryption types supported by Kerberos Client.
Kerberos Client C.1.3.5.06 Release Notes Known Limitation Known Limitation Kerberos Client Version C.1.3.5.06 libraries are not thread safe.
Kerberos Client C.1.3.5.06 Release Notes Related Documentation Related Documentation For more information about Kerberos Client, see Configuration Guide for Kerberos Client Products on HP-UX (5991-7718).
