Manualshelf

Kerberos Client Version E.1.6.2.09 Release Notes (5990-1526, January 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Kerberos Data Security Software
12345678910
Table 3 Encryption types supported by Kerberos Client E.1.6.2.09 (continued)
DescriptionEncryption Type
Exportable ArcFour with HMAC/md5
This encryption type is an alias to the arcfour-hmac-exp encryption type.
If you specify arcfour-hmac-md5-exp in the configuration file, then it’s
behavior is the same as arcfour-hmac-exp.
arcfour-hmac-md5-exp
AES-128 CTS mode with 96-bit SHA-1 HMACaes128-cts-hmac-sha1-96
AES-128 CTS mode with 96-bit SHA-1 HMAC
This encryption type is an alias to the aes128-cts-hmac-sha1-96 encryption
type. If you specify aes128-cts in the configuration file, then it’s behavior
is the same as aes128-cts-hmac-sha1-96.
aes128-cts
AES-256 CTS mode with 96-bit SHA-1 HMACaes256-cts-hmac-sha1-96
AES-256 CTS mode with 96-bit SHA-1 HMAC
This encryption type is an alias to the aes256-cts-hmac-sha1-96 encryption
type. If you specify aes256-cts in the configuration file, then it’s behavior
is the same as aes256-cts-hmac-sha1-96.
aes256-cts
What is new in this Version
Kerberos Client E.1.6.2.09 is a defect-fix release and does not contain any new features. For more
information on the defects fixed in this release, see “Defect Fixes in this Version (page 10).
Kerberos Client E.1.6.2.09 includes the following new features introduced in E.1.6.2:
Provides thread safety for Kerberos libraries
Provides the following new client commands:
Command for copying service ticket between credential caches - kcpytkt
Command for deleting service ticket from the credential cache - kdeltkt
Provides the following new functions, which are needed for NFSv4:
The gss_krb5_set_allowable_enctypes() function
The gss_krb5_export_lucid_sec_context() function
Provides a plug-in architecture that allows for extension modules to be loaded at run-time
Partial client implementation to handle server name referrals
Security fixes up to version 1.6.2 made by MIT in the open source version of Kerberos Client.
Kerberos Client version E.1.6.2.09 also supports the following features from Kerberos Client version
1.3.5:
SASL/GSS-API bind to Netscape Directory Server used to fail when SSL was enabled
Support for powerful cryptographic algorithms
This version of Kerberos Client software supports 3DES, AES, and RC4
Support for IPv6
IPv6 support is enabled on this version of Kerberos Client software
8 Kerberos Client E.1.6.2.09 release notes