PAM Kerberos v 1.24 Release Notes

Announcement

PAM Kerberos v 1.24 is implemented under the Pluggable Authentication Module

(PAM) framework. It is based on the Kerberos Authentication System V5, developed

by Massachusetts Institute of Technology (MIT). The PAM Kerberos v 1.24 module is

compliant with IETF RFC 1510 The Kerberos Network Authentication Service (V5) and

Open Group RFC 86.0.

PAM Kerberos v 1.24 supports HP-UX Kerberos Server Version 3.12, Microsoft

Windows® 2000 and Microsoft Windows 2003, and MIT Kerberos V5 Key Distribution

Center (KDC).

NOTE: PAM Kerberos v 1.24 does not support HP-UX Distributed Computing

Environment (DCE) KDC.

Overview

PAM Kerberos v 1.24 is a shared library, which is implemented using the PAM service

modules. The following shared PAM Kerberos library files use the KRB5-Client APIs

for authentication:

• The /usr/lib/security/libpam_krb5.1 and

/usr/lib/security/pa20_64/libpam_krb5.1 files on HP-UX 11i v1

• The /usr/lib/security/$ISA/libpam_krb5.so.1 file on HP-UX 11i v2

and HP-UX 11i v3

Features and Benefits

PAM Kerberos v 1.24 offers the following features and benefits:

• PAM Kerberos works in heterogeneous environments.

Using PAM Kerberos, the HP-UX login(1) can work with any Kerberos 5 Server

and passwords can be effectively unified with Microsoft Windows 2000.

• PAM Kerberos supports the password change protocol.

This feature automates the propagation of password changes.

Files and Filesets in PAM Kerberos v 1.24

PAM Kerberos v 1.24 contains the following files:

• The libpam_krb5.1 library on HP-UX 11i v1, the libpam_krb5.so.1 library

on HP-UX 11i v2 and HP-UX 11i v3.

• The pamkrbval PAM Kerberos v 1.24 configuration validation tool

• The sample /etc/pam.conf file

• The pam_krb5(5) manpage

• The pamkrbval(1m) manpage

8 PAM Kerberos v 1.24 Release Notes