Kerberos Client Version E.1.6.2.
© Copyright 2010, 2011 Hewlett-Packard Development Company, L.P Legal Notices Copyright 2010, 2011Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license.
Contents 1 Kerberos Client E.1.6.2.09 release notes........................................................4 Announcement.........................................................................................................................4 Encryption types supported by Kerberos Client.........................................................................7 What is new in this Version........................................................................................................
1 Kerberos Client E.1.6.2.09 release notes Information in this document applies to the Web release of Kerberos Client E.1.6.2.09 for HP-UX 11i v3. Announcement Kerberos Client (krb5client) is a Web upgrade for KRB5-Client. KRB5-Client is a part of the core HP-UX 11i v3 operating system. HP-UX provides Kerberos Client software including libraries, header files, and utilities for implementing secured client/server applications in either 32-bit or 64-bit development environments.
Table 1 Kerberos Client PA-RISC and Itanium Libraries (continued) Architecture Library Name / Location Functionality PA-RISC 32–bit Encrypt (DES, 3DES, AES, and RC4) and decrypt all communication between users to ensure privacy and data integrity. • /usr/lib/libk5crypto.sl -> /usr/lib/ libk5crypto.1 • /usr/lib/libk5crypto.1 -> /opt/krb5client/ lib/libk5crypto.1 64–bit • /usr/lib/pa20_64/libk5crypto.sl -> /usr/lib/ pa20_64/libk5crypto.1 • /usr/lib/pa20_64/libk5crypto.
Table 1 Kerberos Client PA-RISC and Itanium Libraries (continued) Architecture Library Name / Location Functionality 32–bit Encrypt (DES, 3DES, AES, and • /usr/lib/hpux32/libk5crypto.so -> /usr/lib/ RC4) and decrypt all communication between users to hpux32/libk5crypto.so.1 ensure privacy and data integrity. • /usr/lib/hpux32/libk5crypto.so.1 -> /opt/ krb5client/lib/hpux32/libk5crypto.so.1 64–bit • /usr/lib/hpux64/libk5crypto.so -> /usr/lib/ hpux64/libk5crypto.so.1 • /usr/lib/hpux64/libk5crypto.so.
1 The -> symbol indicates that the core file links to the corresponding file in the krb5client product. Kerberos Client includes the following header files: • /usr/include/profile.h -> /opt/krb5client/include/profile.h • /usr/include/krb5.h -> /opt/krb5client/include/krb5.h • /usr/include/com_err.h -> /opt/krb5client/include/com_err.h • /usr/include/krb5/gssapi.h -> /opt/krb5client/include/krb5/gssapi.
Table 3 Encryption types supported by Kerberos Client E.1.6.2.09 (continued) Encryption Type Description arcfour-hmac-md5-exp Exportable ArcFour with HMAC/md5 This encryption type is an alias to the arcfour-hmac-exp encryption type. If you specify arcfour-hmac-md5-exp in the configuration file, then it’s behavior is the same as arcfour-hmac-exp.
• Support for TCP Kerberos Client libraries can now use TCP to connect to the Key Distribution Center (KDC). Libraries can use TCP to communicate with Microsoft KDCs (domain controllers) if they issue tickets with excess PAC data. • Administrators can now control the behavior of Kerberized login applications that call the krb5_kuserok API provided by the libkrb5.sl library. In earlier versions of Kerberos Client, krb5_kuserok checked the .k5login file in the user's home directory for access permissions.
Installing Kerberos Client E.1.6.2.09 To install Kerberos Client E.1.6.2.09, complete the following steps: 1. 2. 3. 4. 5. Log in as superuser. Download the depot from the Software Depot at: http://h20293.www2.hp.com/. Fill the registration form, and ensure that you select HP-UX 11i v3 as the operating system. Download the Kerberos Client Software Depot and move it to the /tmp directory. Verify if the file downloaded correctly by entering the following command: # swlist -d @ /tmp/
