Manualshelf

Kerberos Client Version D.1.6.2.08 release notes (5900-0877), July 2010

ManualsBrandsHP ManualsSoftwareHP-UX Kerberos Data Security Software
12345678910
Table 1-3 Encryption types supported by Kerberos Client D.1.6.2.08 (continued)
DescriptionEncryption Type
AES-128 CTS mode with 96-bit SHA-1 HMAC
This encryption type is an alias to the aes128-cts-hmac-sha1-96
encryption type. If you specify aes128-cts in the configuration file, then
it’s behavior is the same as aes128-cts-hmac-sha1-96.
aes128-cts
AES-256 CTS mode with 96-bit SHA-1 HMACaes256-cts-hmac-sha1-96
AES-256 CTS mode with 96-bit SHA-1 HMAC
This encryption type is an alias to the aes256-cts-hmac-sha1-96
encryption type. If you specify aes256-cts in the configuration file, then
it’s behavior is the same as aes256-cts-hmac-sha1-96.
aes256-cts
What is new in this version
Kerberos Client D.1.6.2.08 is a defect-fix release and does not contain any new features. For more
information on the defects fixed in this release, see “Defect Fixes in this Version” (page 10).
Features supported from Kerberos Client Version 1.3.5
Kerberos Client D.1.6.2.08 includes the following new features introduced in D.1.6.2:
Provides thread safety for Kerberos libraries
Provides the following new client commands:
— Command for copying service ticket between credential caches - kcpytkt
— Command for deleting service ticket from the credential cache - kdeltkt
Provides the following new functions, which are needed for NFSv4:
— The gss_krb5_set_allowable_enctypes() function
— The gss_krb5_export_lucid_sec_context() function
Provides a plug-in architecture that allows for extension modules to be loaded at run-time
Partial client implementation to handle server name referrals
Security fixes up to version 1.6.2 made by MIT in the open source version of Kerberos Client.
Kerberos Client version D.1.6.2.08 also supports the following features from Kerberos Client
version 1.3.5:
SASL/GSS-API bind to Netscape Directory Server used to fail when SSL was enabled
Support for powerful cryptographic algorithms
This version of Kerberos Client software supports 3DES, AES, and RC4
Support for IPv6
IPv6 support is enabled on this version of Kerberos Client software
Support for TCP
Kerberos Client libraries can now use TCP to connect to the Key Distribution Center (KDC).
Libraries can use TCP to communicate with Microsoft KDCs (domain controllers) if they
issue tickets with excess PAC data.
Security fixes up to version 1.6.2 made by MIT in the open source version of Kerberos Client.
Administrators can now control the behavior of Kerberized login applications that call the
krb5_kuserok API provided by the libkrb5.sl library. In earlier versions of Kerberos
Client, krb5_kuserokchecked the .k5login file in the user's home directory for access
permissions. This enabled users to modify the .k5login file and allow access to other users.
Administrators can now create files with the name .k5login.<username> in the /etc/
krb5/ directory. Administrators can also create symbolic links pointing to the .k5login
8 Kerberos Client D.1.6.2.08 release notes