Manualshelf

PAM Kerberos v 1.24 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX Kerberos Data Security Software
12345678910
Table 1-2 PAM Kerberos v 1.24 Filesets on HP-UX 11i v2 and HP-UX 11i v3. (continued)
Library NameDescriptionFileset Name
/usr/sbin/pamkrbval
PAM-Kerberos
Runtime
Validation Tool
PAM-KRB-RUN
/usr/lib/security/
libpam_krb5.so.1>/usr/lib/security/
libpam_krb5.1
PAM-Kerberos
32-bit Shared
Library
PAM-KRB-SHLIB
Modules Supported by PAM Kerberos v 1.24
The PAM Kerberos v1.24 library supports the following modules:
Authentication module
Account management module
Session management module
Password management module
To configure these modules for PAM Kerberos v 1.24, the system administrator must
point the required PAM module to the corresponding applications.
Authentication Module
The Authentication Module verifies the identity of a user and sets the user-specific
credentials. It authenticates the user to KDC with a password. If the password matches,
the user is authenticated and a Ticket Granting Ticket (TGT) is granted.
The credential management function sets user-specific credentials. It stores the
credentials in a cache file and exports KRB5CCNAME, an environment variable, to identify
the credential cache file. This unique credential file is created in the /tmp directory
when a user logs in to the system using system entry services such as login, ftp, rlogin,
or telnet.
For more information on KRB5CCNAME, see “Notes, Cautions, and Warnings” (page 16).
Account Management Module
The account management module retrieves the users expiration information and
verifies that the users account and password have not expired.
Session Management Module
The session management module provides functions to initiate and terminate sessions.
The session is terminated to clean the credentials created by the pam_sm_set_cred
module.
10 PAM Kerberos v 1.24 Release Notes