PAM Kerberos Release Notes for HP-UX 11i v2
PAM Kerberos Release Notes for HP-UX 11i v2
What’s in This Version
Chapter 1 7
What’s in This Version
The PAM service modules are implemented as a shared library: the Kerberos PAM library,
/usr/lib/security/$ISA/libpam_krb5.so.1, which uses KRB5-Client APIs. PAM
Kerberos for HP-UX 11i v2 consists of the following:
• libpam_krb5.so.1 library
• pam_krb5 man page
• PAM Kerberos configuration validation tool - pamkrbval
• sample pam.conf file
• pamkrbval man page
Benefits and Features
Using PAM Kerberos, HP-UX login can work with any Kerberos 5 Server, and passwords
can be effectively unified within a heterogeneous environment such as Microsoft Windows
2000. Furthermore, PAM Kerberos for HP-UX 11i v2 supports the password change protocol,
automating propagation of password changes. These two features can significantly reduce
user administration complexity in heterogeneous environments.
The credentials were previously created under /tmp/pam_krb5/creds directory that has the
sticky-bit set. The location path has been changed to /tmp, which does not have the sticky-bit
set.
NOTE If the administrators want to restrict access to this file from other users, the
sticky-bit has to be set for the /tmp directory.
For detailed product information, installing and configuring instructions, troubleshooting and
sample configuration files, refer to the document Configuration Guide for Kerberos Products
on HP-UX (Part Number T1417-90006).