PAM Kerberos Release Notes for HP-UX 11i v2
PAM Kerberos Release Notes for HP-UX 11i v2
Product Description
Chapter 18
Product Description
PAM Kerberos, HP product number J5849AA, contains the following filesets as shown under
HP-Software Distributor (SD):
PAM Kerberos Library
This library supports all the four module types. To configure for PAM Kerberos, the system
administrator must point PAM authentication management, account management, session
management and password management to the corresponding applications.
Authentication Module
The Authentication Module verifies the identity of a user and sets the user specific
credentials. It authenticates the user to KDC with a password. If the password matches, the
user is authenticated and a Ticket Granting Ticket (TGT) is granted.
The credential management function sets user specific credentials. It stores the credentials in
a cache file and exports an environment variable, KRB5CCNAME, to identify the cache file.
See “Notes, Cautions and Warnings” on page 14 for additional information related to the
variable KRB5CCNAME.
Whenever a user logs into the system using any system entry service such as login, ftp, rlogin,
telnet, a unique credential file, owned by the user, will be created in /tmp directory.
The Authentication Module supports use_first_pass, try_first_pass, renewable=<time>,
forwardable, proxiable, debug, krb_prompt and ignore options.
use_first_pass This option uses the user’s previous password (entered to the first module in
the stack). If the user cannot be authenticated, PAM quits without
prompting for a password.
PAM-KRB-SHLIB /usr/lib/security/$ISA/libpam_krb5.so.1
PAM-KRB-MAN /usr/share/man/man5.Z/pam_krb5.5
/usr/share/man/man1m.z/pamkrbval.1m
PAM-KRB-RUN /usr/sbin/pamkrbval
PAM-KRB-DEMO /etc/pam.krb5