Kerberos Client Version D.1.6.2.04 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX Kerberos Data Security Software

The client libraries are based on MIT Kerberos V5 1.6.2 release. The KRB5-Client libraries support

DES, 3DES, RC4, and AES, as specified in RFC 1510 of the IETF. This release of Kerberos Client

is interoperable with Microsoft Windows ® 2000 and 2003.

Table 1-2 lists and describes the utilities that Kerberos Client includes.

Table 1-2 Kerberos Client Utilities

FunctionUtility

Obtains and caches the Kerberos ticket-granting ticket

/usr/bin/kinit ->/opt/krb5client/bin/kinit

Lists cached Kerberos tickets

/usr/bin/klist -> /opt/krb5client/bin/klist

Prints key version numbers of Kerberos principals

/usr/bin/kvno -> /opt/krb5client/bin/kvno

Changes a user’s Kerberos password

/usr/bin/kpasswd -> /opt/krb5client/bin/

kpasswd

Maintains the Kerberos keytab file

/usr/sbin/ktutil -> /opt/krb5client/sbin/

ktutil

Destroys the user’s active Kerberos tickets

/usr/bin/kdestroy -> /opt/krb5client/bin/

kdestroy

1 The -> symbol indicates that the core file links to the corresponding file in the krb5client product.

Kerberos Client includes the following header files:

• /usr/include/profile.h -> /opt/krb5client/include/profile.h

• /usr/include/krb5.h -> /opt/krb5client/include/krb5.h

• /usr/include/com_err.h -> /opt/krb5client/include/com_err.h

• /usr/include/krb5/gssapi.h -> /opt/krb5client/include/krb5/gssapi.h

Encryption Types Supported by Kerberos Client

Table 1-3 lists the encryption types supported by Kerberos Client D.1.6.2.04.

Table 1-3 Encryption Types supported by Kerberos Client D.1.6.2.04

DescriptionEncryption Type

DES cbc mode with CRC-32des-cbc-crc

DES cbc mode with RSA-MD4des-cbc-md4

DES cbc mode with RSA-MD5des-cbc-md5

DES cbc mode with RSA-MD5

This encryption type is an alias to the des-cbc-md5 encryption type. If

you specify des in the configuration file, then it’s behavior is the same

as des-cbc-md5.

des

DES cbc mode rawdes-cbc-raw

Triple DES cbc mode rawdes3-cbc-raw

Triple DES cbc mode with HMAC/sha1des3-cbc-sha1

Triple DES cbc mode with HMAC/sha1

This encryption type is an alias to the des3-cbc-sha1 encryption type. If

you specify des3-hmac-sha1 in the configuration file, then it’s behavior

is the same as des3-cbc-sha1.

des3-hmac-sha1

Triple DES cbc mode with HMAC/sha1

This encryption type is an alias to the des3-cbc-sha1 encryption type. If

you specify des3-cbc-sha1-kd in the configuration file, then it’s behavior

is the same as des3-cbc-sha1.

des3-cbc-sha1-kd

6 Kerberos Client D.1.6.2.04 Release Notes