Manualshelf

Kerberos Client Version D.1.6.2.04 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX Kerberos Data Security Software
12345678910
Support for TCP
Kerberos Client libraries can now use TCP to connect to the Key Distribution Center (KDC).
Libraries can use TCP to communicate with Microsoft KDCs (domain controllers) if they
issue tickets with excess PAC data.
Security fixes up to version 1.6.2 made by MIT in the open source version of Kerberos Client.
Administrators can now control the behavior of Kerberized login applications that call the
krb5_kuserok API provided by the libkrb5.sl library. In earlier versions of Kerberos
Client, krb5_kuserokchecked the .k5login file in the user's home directory for access
permissions. This enabled users to modify the .k5login file and allow access to other users.
Administrators can now create files with the name .k5login.<username> in the /etc/
krb5/ directory. Administrators can also create symbolic links pointing to the .k5login
file in the users home directory. If the/etc/krb5 directory does not exist
krb5_kuserokcontinues to check the .k5login file in the user's home directory. If
the/etc/krb5/ directory exists, the krb5_kuserokAPI ignores any corresponding
.k5login files in the user's home directory while making authorization decisions. The
format of the entries in the new files in /etc/krb5 continues to be the same as that of the
.k5login file in the user's home directory.
For detailed product information, installing and configuring instructions, troubleshooting and
sample configuration files, see Configuration Guide for Kerberos Client Products on HP-UX
(5991-7718), at: http://docs.hp.com/en/internet.html#Kerberos.
Known Problems and Workarounds
Following are the known problems and workarounds:
To use files to resolve host entries, you must add the following line to the /etc/
nsswitch.conf file:
ipnodes : dns files
Installation Requirements for Kerberos Client D.1.6.2.04 on HP-UX 11i v2
This section discusses the prerequisites for installing Kerberos Client version D.1.6.2.04 on HP-UX
11i v2.
System Requirements
Table 1-4 specifies the minimum system requirements for installing Kerberos Client D.1.6.2.04.
Table 1-4 System Requirements for Installing Kerberos Client D.1.6.2.04
RequirementComponent
HP-UX 11i v2Operating system
HP 9000 workstations and servers with a minimum of 32 MB of
memory and sufficient swap space. HP recommends that your servers
or workstations have a minimum of 50 MB of memory.
Hardware requirement
5 MBDisk space requirement for the krb5client
product
36 MBDisk space requirement for the complete
KRB5CLIENT bundle
English onlySoftware availability in native languages
Patch Requirements
You must install patch PHSS_39765 before installing Kerberos Client D.1.6.2.04.
8 Kerberos Client D.1.6.2.04 Release Notes