PAM Kerberos Release Notes for HP-UX 11.0
PAM Kerberos Release Notes for HP-UX 11.0
Known Limitations
Chapter 1 13
Known Limitations
• Do not stack PAM Kerberos module (libpam_krb5.1) and DCE
plug-in module (libpam_dce.1) in the pam.conf file. This kind of
stacking produces unpredictable results.
The PAM Kerberos (libpam_krb5.1) module and the DCE
(libpam_dce.1) module use a different principal style and a
different credential file path. For the principal style, the DCE
Kerberos module uses cell name, whereas PAM Kerberos uses realm
name. For the credential cache file, DCE Kerberos stores its
credentials in the /var/opt/dce/creds path, while PAM Kerberos
stores them in the /tmp/pam_krb5/creds path.
• When you change passwords on a MIT KDC with a version prior to
1.1, up to 45 seconds may elapse before the password is actually
changed. This occurs due to the protocol selection mechanism of the
change password protocol.