Manualshelf

Kerberos Client Version E.1.6.2.10 Release Notes (December 2012, 5900-2550)

ManualsBrandsHP ManualsSoftwareHP-UX Kerberos Data Security Software
12345678910
Table 3 Encryption types supported by Kerberos Client E.1.6.2.10 (continued)
DescriptionEncryption Type
This encryption type is an alias to the aes128-cts-hmac-sha1-96 encryption
type. If you specify aes128-cts in the configuration file, then it’s behavior
is the same as aes128-cts-hmac-sha1-96.
AES-256 CTS mode with 96-bit SHA-1 HMACaes256-cts-hmac-sha1-96
AES-256 CTS mode with 96-bit SHA-1 HMACaes256-cts
This encryption type is an alias to the aes256-cts-hmac-sha1-96 encryption
type. If you specify aes256-cts in the configuration file, then it’s behavior
is the same as aes256-cts-hmac-sha1-96.
What is new in this Version
Kerberos Client E.1.6.2.10 is a defect-fix release and does not contain any new features. For more
information on the defects fixed in this release, see “Defect Fixes in this Version (page 10).
Kerberos Client E.1.6.2.10 includes the following new features introduced in E.1.6.2:
Provides thread safety for Kerberos libraries
Provides the following new client commands:
Command for copying service ticket between credential caches - kcpytkt
Command for deleting service ticket from the credential cache - kdeltkt
Provides the following new functions, which are needed for NFSv4:
The gss_krb5_set_allowable_enctypes() function
The gss_krb5_export_lucid_sec_context() function
Provides a plug-in architecture that allows for extension modules to be loaded at run-time
Partial client implementation to handle server name referrals
Security fixes up to version 1.6.2 made by MIT in the open source version of Kerberos Client.
Kerberos Client version E.1.6.2.09 also supports the following features from Kerberos Client version
1.3.5:
SASL/GSS-API bind to Netscape Directory Server used to fail when SSL was enabled
Support for powerful cryptographic algorithms
This version of Kerberos Client software supports 3DES, AES, and RC4
Support for IPv6
IPv6 support is enabled on this version of Kerberos Client software
Support for TCP
Kerberos Client libraries can now use TCP to connect to the Key Distribution Center (KDC).
Libraries can use TCP to communicate with Microsoft KDCs (domain controllers) if they issue
tickets with excess PAC data.
Administrators can now control the behavior of Kerberized login applications that call the
krb5_kuserok API provided by the libkrb5.sl library. In earlier versions of Kerberos
Client, krb5_kuserok checked the .k5login file in the user's home directory for access
permissions. This enabled users to modify the .k5login file and allow access to other users.
Administrators can now create files with the name .k5login.<username> in the /etc/
krb5/ directory. Administrators can also create symbolic links pointing to the .k5login file
8 Kerberos Client E.1.6.2.10 release notes