Manualshelf

PAM Kerberos Release Note, HP 9000 Networking

ManualsBrandsHP ManualsSoftwareHP-UX Kerberos Data Security Software
12345678910
Chapter 1 9
PAM Kerberos Release Note
Product Description
Product Description
The PAM Kerberos consists of a shared PAM Kerberos library,
/usr/lib/security/libpam_krb5.1, which provides functionality for all four PAM modules:
authentication, account management, session management and password management.
PAM Kerberos, HP product number J5849AA, contains the following filesets as shown under
HP-Software Distributor (SD):
PAM Kerberos Library
To configure for PAM Kerberos, the system administrator must point PAM authentication
management, account management, session management and password management to the
shared, dynamically loaded PAM Kerberos library /usr/lib/security/libpam_krb5.1 in
the PAM configuration file /etc/pam.conf.
Authentication Module
The Authentication Module verifies the identity of a user and sets the user specific
credentials. It authenticates the user to KDC with a password. If the password matches, the
user is authenticated and a Ticket Granting Ticket (TGT) is granted.
The credential management function sets user specific credentials. It stores the credentials in
a cache file and exports an environment variable, KRB5CCNAME, to identify the cache file.
See “Notes, Cautions and Warnings” for additional information related to the variable
KRB5CCNAME.
Whenever a user logs into the system using any system entry service such as login, ftp, rlogin,
telnet, a unique credential file, owned by the user, will be created in /tmp/pam_krb5/creds
directory.
The Authentication Module supports use_first_pass, try_first_pass, renewable=<time>,
forwardable, proxiable, debug and ignore options.
use_first_pass This option uses the user's previous password (entered to the first module
in the stack). If the user cannot be authenticated, PAM quits without
prompting for a password.
In the following pam.conf configuration example, both the libpam_krb5.1
PAM-KRB-SHLIB /usr/lib/security/libpam_krb5.1
PAM-KRB-MAN /usr/share/man/man5.Z/pam_krb5.5 (man page)
/usr/share/doc/PAMKerberosRelNotes.pdf (this file)