PAM Kerberos Release Notes for HP-UX 11.0 HP 9000 Systems Manufacturing Part Number: J5849-90015 E0905 U.S.A. © Copyright 2005 © Hewlett-Packard Development Company, L.P.
Legal Notices The information in this document is subject to change without notice. Hewlett-Packard makes no warranty of any kind with regard to this manual, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Hewlett-Packard shall not be held liable for errors contained herein or direct, indirect, special, incidental or consequential damages in connection with the furnishing, performance, or use of this material.
©copyright 1980, 1984, 1986 Novell, Inc. ©copyright 1986-1992 Sun Microsystems, Inc. ©copyright 1985-86, 1988 Massachusetts Institute of Technology. ©copyright 1989-93 The Open Software Foundation, Inc. ©copyright 1986 Digital Equipment Corporation. ©copyright 1990 Motorola, Inc.
1 PAM Kerberos Release Notes for HP-UX 11.0 Information in this document applies to the Web release of PAM Kerberos v 1.12 for HP-UX 11.0.
PAM Kerberos Release Notes for HP-UX 11.0 Announcement Announcement PAM-Kerberos is based on Kerberos Authentication System V5, developed by Massachusetts Institute of Technology (MIT). The PAM Kerberos module is compliant with IETF RFC 1510 and Open Group RFC 86.HP-UX PAM Kerberos is implemented under the PAM (Pluggable Authentication Module) framework. PAM Kerberos works with Microsoft Windows 2000 and MIT Kerberos V5 KDC. However, it is not intended to work with the HP-UX DCE KDC.
PAM Kerberos Release Notes for HP-UX 11.0 What's in This Version What's in This Version The HP-UX 11.0 PAM-Kerberos bundle contains Kerberos Client and Generic Security Services Application Programming Interface (GSSAPI) products. The PAM service modules are implemented as a shared library listed below: • The Kerberos PAM library • The /usr/lib/security/libpam_krb5.1 library, which uses Krb5 APIs, and the pam_krb5 manpage. Table 1-2 lists the filesets that are included in PAM Kerberos v 1.12.
PAM Kerberos Release Notes for HP-UX 11.0 What's in This Version These two features can significantly reduce user administration complexity in heterogeneous environments. For detailed product information, installing and configuring instructions, troubleshooting and sample configuration files, refer to Configuration Guide for Kerberos Client Products on HP-UX (# T1417-90006).
PAM Kerberos Release Notes for HP-UX 11.0 Known Problems and Workarounds Known Problems and Workarounds Chapter 1 • The Kerberos system ftp service may list the /etc/issue file before the expected output. Refer to SIS (5) manpage for more details on Secure Internet Services (SIS). • If the password has expired on a Microsoft Windows 2000 KDC, the user is not prompted for a new password and cannot log in. This is a known problem in Microsoft Windows 2000.
PAM Kerberos Release Notes for HP-UX 11.0 Compatibility Information and Installation Requirements Compatibility Information and Installation Requirements This section details the prerequisites for installing PAM Kerberos v1.12 on HP-UX 11.0. Hardware Requirements HP 9000 servers with a minimum of 32 MB of memory and sufficient swap space (a minimum of 50 MB is recommended). Operating System Requirements HP-UX 11.0 Disk Space Requirements Minimum disk space required to install the product is 1 MB.
PAM Kerberos Release Notes for HP-UX 11.0 Notes, Cautions and Warnings Notes, Cautions and Warnings • For each user, make sure that the UNIX uid, home directory, and shell information exist in the UNIX repository, /etc/passwd. • The Kerberos PAM module sets and uses an environment variable, KRB5CCNAME, during authentication. Concurrent execution in the same shell environment of any PAM modules may result in unexpected behavior.
PAM Kerberos Release Notes for HP-UX 11.0 Patches and Fixes in This Version Patches and Fixes in This Version All patches have been incorporated into this release. Defect Fix in This Version The following defect has been fixed in this version of PAM Kerberos: JAGaf64805 12 KRB5-Client was unable to receive packets properly under certain conditions.
PAM Kerberos Release Notes for HP-UX 11.0 Known Limitations Known Limitations • Do not stack PAM Kerberos module (libpam_krb5.1) and DCE plug-in module (libpam_dce.1) in the pam.conf file. This kind of stacking produces unpredictable results. The PAM Kerberos (libpam_krb5.1) module and the DCE (libpam_dce.1) module use a different principal style and a different credential file path. For the principal style, the DCE Kerberos module uses cell name, whereas PAM Kerberos uses realm name.
PAM Kerberos Release Notes for HP-UX 11.0 Related Documentation Related Documentation The list below contains documentation related to the PAM Kerberos product: 14 • Configuration Guide for Kerberos Client Products on HP-UX (J5849-90006) • The krb5.conf (4), kerberos (9), pam.conf (4), pam_user.conf (4), and pam (3)manpages.
