PAM Kerberos Release Note, HP 9000 Networking
Chapter 1 7
PAM Kerberos Release Note
Announcement
1 PAM Kerberos Release Note
Announcement
PAM Kerberos is now supported on HP-UX 11.0 systems. It is based on Kerberos
Authentication System V5, developed by Massachusetts Institute of Technology (MIT). This
PAM Kerberos supports Microsoft Windows 2000 and MIT Kerberos V5 Key Distribution
Center (KDC).
Kerberos is an authentication service for authenticating users or services across an open
network. It works by assigning a unique shared secret key and issues a token called a ticket to
each client that logs on to the network. The ticket is then embedded in messages to identify
the sender of the message.
Under Kerberos, a client (generally either a user or a service) sends a request for a ticket to
the Key Distribution Center (KDC). The KDC creates a ticket-granting ticket (TGT) for the
client, encrypts it using the KDC key, and sends the encrypted TGT back to the client. The
client uses the TGT to obtain further service tickets, which provide the proof of the client's
identify.
HP-UX PAM Kerberos is implemented under the PAM (Pluggable Authentication Module)
framework. PAM gives the system administrators the flexibility of choosing any
authentication service available on the system to perform authentication. The PAM
framework also allows new authentication service modules to be plugged in and made
available without modifying the applications or rebooting the system.