Kerberos Client Version D.1.3.5.06 Release Notes HP-UX 11i v2 Manufacturing Part Number: 5992-0788 May 2007 © Copyright 2007 Hewlett-Packard Development Company, L.P.
Legal Notices Copyright 2007 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
Kerberos Client D.1.3.5.06 Release Notes 1 Kerberos Client D.1.3.5.06 Release Notes Information in this document applies to the Web release of Kerberos Client D.1.3.5.06 for HP-UX 11i v2.
Kerberos Client D.1.3.5.06 Release Notes Announcement Announcement Kerberos Client (krb5client) is a Web upgrade for KRB5-Client. KRB5-Client is a part of the core HP-UX 11i v1 and HP-UX 11i v2 operating systems. The previous version of Kerberos Client, KRB5-Client, was released as part of the core HP-UX 11i v2 operating system.
Kerberos Client D.1.3.5.06 Release Notes Announcement Table 1-1 lists the libraries that Kerberos Client supports on HP-UX 11i v2. Table 1-1 PA-RISC Architecture Chapter 1 Kerberos Client Libraries on PA-RISC (PA) and Itanium (IA) Architecture 32-bit 64-bit Functionality /usr/lib/libkrb5.sl -> /opt/krb5client/lib/ libkrb5.1 /usr/lib/pa20_64/ libkrb5.sl -> /opt/krb5client/li b/pa20_64/libkrb5. 1 Authenticate users, verify tickets, create authenticator, and manage the context. /usr/lib/ libcom_err.
Kerberos Client D.1.3.5.06 Release Notes Announcement Table 1-1 Itanium Architecture Kerberos Client Libraries on PA-RISC (PA) and Itanium (IA) Architecture (Continued) 32-bit 64-bit Functionality /usr/lib/hpux32/libk rb5.so -> /opt/krb5client/lib/ hpux32/libkrb5.so.1 /usr/lib/hpux64/li bkrb5.so -> /opt/krb5client/li b/hpux64/libkrb5.s o.1 Authenticate users, verify tickets, create authenticator, and manage the context. /usr/lib/hpux32/ libcom_err.so -> /opt/krb5client/lib/ hpux32/libcom_err.so .
Kerberos Client D.1.3.5.06 Release Notes Announcement Table 1-2 lists and describes the utilities that Kerberos Client includes.
Kerberos Client D.1.3.5.06 Release Notes Announcement Encryption Types Supported by Kerberos Client Table 1-3 lists the encryption types supported by Kerberos Client D.1.3.5.06. Table 1-3 Encryption Types supported by Kerberos Client D.1.3.5.06 Encryption Type Description des-cbc-crc DES cbc mode with CRC-32 des-cbc-md4 DES cbc mode with RSA-MD4 des-cbc-md5 DES cbc mode with RSA-MD5 des DES cbc mode with RSA-MD5 This encryption type is an alias to the des-cbc-md5 encryption type.
Kerberos Client D.1.3.5.06 Release Notes Announcement Table 1-3 Encryption Types supported by Kerberos Client D.1.3.5.06 (Continued) Encryption Type rc4-hmac Description ArcFour with HMAC/md5 This encryption type is an alias to the arcfour-hmac encryption type. If you specify rc4-hmac in the configuration file, then it’s behavior is the same as arcfour-hmac. arcfour-hmac-md5 ArcFour with HMAC/md5 This encryption type is an alias to the arcfour-hmac encryption type.
Kerberos Client D.1.3.5.06 Release Notes Announcement Table 1-3 Encryption Types supported by Kerberos Client D.1.3.5.06 (Continued) Encryption Type aes128-cts Description AES-128 CTS mode with 96-bit SHA-1 HMAC This encryption type is an alias to the aes128-cts-hmac-sha1-96 encryption type. If you specify aes128-cts in the configuration file, then it’s behavior is the same as aes128-cts-hmac-sha1-96.
Kerberos Client D.1.3.5.06 Release Notes What Is New in This Version What Is New in This Version Kerberos Client D.1.3.5.06 supports the following new features: • Administrators can now patch the core Kerberos Client even if the Web upgrade is installed on the system. Patch PHSS_34991 patches the core Kerberos Client. This patch is a part of the KRB5CLIENT bundle, and is a prerequisite for installing Kerberos Client D.1.3.5.06.
Kerberos Client D.1.3.5.06 Release Notes What Is New in This Version Example 1-3 If /etc/krb5/.k5login.user1 exists as a symbolic link to the .k5login file in the user’s home directory If user1 attempts to login, the krb5_kuserok() API processes /etc/krb5/.k5login.user1 only if it is owned by root, and if the .k5login file in the user’s home directory is owned by root or the user. Only superusers must have permissions to write to this file. Features Supported From Kerberos Client Version 1.3.
Kerberos Client D.1.3.5.06 Release Notes Known Problems and Workarounds Known Problems and Workarounds Following are the known problems and workarounds: • If a kernel threaded DCE application linking to libdcekt uses PAM Kerberos for authentication, it results in core dump. This occurs because of a symbol clash between PAM Kerberos and DCE kernel threads. HP has fixed PAM Kerberos v 1.24 and Kerberos Client D.1.3.5.06.
Kerberos Client D.1.3.5.06 Release Notes Installation Requirements for Kerberos Client D.1.3.5.06 on HP-UX 11i v2 Installation Requirements for Kerberos Client D.1.3.5.06 on HP-UX 11i v2 This section discusses the prerequisites for installing Kerberos Client version D.1.3.5.06 on HP-UX 11i v2. System Requirements Table 1-4 specifies the minimum system requirements for installing Kerberos Client D.1.3.5.06. Table 1-4 System Requirements for Installing Kerberos Client D.1.3.5.
Kerberos Client D.1.3.5.06 Release Notes Installing Kerberos Client D.1.3.5.06 Installing Kerberos Client D.1.3.5.06 To install Kerberos Client D.1.3.5.06, complete the following steps: Step 1. Log in as superuser. Step 2. Download the depot from the Software Depot at: http://h20293.www2.hp.com/. Step 3. Fill out the registration form, and ensure that you select HP-UX 11i v2 as the operating system. Step 4. Download the Kerberos Client Software Depot and move it to the /tmp directory. Step 5.
Kerberos Client D.1.3.5.06 Release Notes Installing Kerberos Client D.1.3.5.06 The swinstall window is displayed. Step 7. Select Mark for Install in the Action menu to select the bundle and the patches that you want to install. Step 8. Select Install in the Action menu. The Install Analysis window is displayed. Step 9. Select OK when the Status Field displays a Ready message. The Install window is displayed and the Kerberos Client installation starts. Step 10.
Kerberos Client D.1.3.5.06 Release Notes Defect Fixes in This Version Defect Fixes in This Version The following defect has been fixed in this version of Kerberos Client: Chapter 1 JAGag35361 KRB5-Client is unable to verify messages properly under certain conditions. JAGag29768 The kerberos and krb5.conf manpages, and the Release Notes provide information about the encryption types supported by Kerberos Client.
Kerberos Client D.1.3.5.06 Release Notes Known Limitation Known Limitation Kerberos Client Version D.1.3.5.06 libraries are not thread safe.
Kerberos Client D.1.3.5.06 Release Notes Related Documentation Related Documentation For more information about Kerberos Client, see Configuration Guide for Kerberos Client Products on HP-UX (5991-7718).
