PAM Kerberos v1.
© Copyright 2009 Hewlett-Packard Development Company, L.P Legal Notices Confidential Computer Software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.11 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor’s standard commercial license. The information contained herein is subject to change without notice.
Table of Contents 1 PAM Kerberos v1.26 Release Notes.............................................................................5 Announcement.......................................................................................................................................6 Overview.................................................................................................................................................6 Features and Benefits .......................................................
List of Tables 1-1 1-2 1-3 1-4 4 PAM Kerberos v 1.26 File sets on HP-UX 11i v1.............................................................................6 PAM Kerberos v 1.26 File sets on HP-UX 11i v2 and HP-UX 11i v3...............................................7 Defect Fixes in PAM Kerberos v1.26...............................................................................................8 System Requirements for Installing PAM Kerberos v1.26..........................................................
1 PAM Kerberos v1.26 Release Notes This document discusses the most recent product information for PAM Kerberos v1.26 that is supported on HP-UX 11i v1, HP-UX 11i v2, and HP-UX 11i v3. This document addresses the following topics: • “Announcement” (page 6) • “Overview” (page 6) • “What Is in This Version” (page 8) • “Defect Fixes in PAM Kerberos v 1.26” (page 8) • “Installing PAM Kerberos v1.
Announcement PAM Kerberos v1.26 is implemented under the Pluggable Authentication Module (PAM) framework. It is based on the Kerberos Authentication System v5, developed by Massachusetts Institute of Technology (MIT). The PAM Kerberos v 1.26 module is compliant with IETF RFC 1510 The Kerberos Network Authentication Service (V5) and Open Group RFC 86.0. PAM Kerberos v1.26 supports HP-UX Kerberos Server version 3.
Table 1-1 PAM Kerberos v 1.26 File sets on HP-UX 11i v1 (continued) File Set Name Description Library Name PAM-KRB-RUN PAM-Kerberos Runtime Validation Tool /usr/sbin/pamkrbval PAM-KRB-SHLIB PAM-Kerberos 32-bit /usr/lib/security/libpam_krb5.1 Shared Library Table 1-2 lists the file sets in PAM Kerberos v 1.26 on HP-UX 11i v2 and HP-UX 11i v3. Table 1-2 PAM Kerberos v 1.26 File sets on HP-UX 11i v2 and HP-UX 11i v3.
For more information on KRB5CCNAME, see “Notes, Cautions, and Warnings” (page 12). Account Management Module The account management module retrieves the user’s expiration information and verifies that the user account and password have not expired. Session Management Module The session management module provides functions to initiate and terminate sessions. The session is terminated to clean the credentials created by the pam_sm_set_cred module.
Installing PAM Kerberos v1.26 This section describes how to install PAM Kerberos v1.26 on HP-UX 11i v1 , HP-UX 11i v2, and HP-UX 11i v3 operating systems. It also discusses the system requirements for installing PAM Kerberos v1.26. System Requirements Table 1-4 lists the minimum system requirements for installing PAM Kerberos v1.26. Table 1-4 System Requirements for Installing PAM Kerberos v1.
Match the result with the fingerprint provided in the Electronic Delivery Receipt. If the result does not match, download the depot again. NOTE: The HP-UX MD5 Secure Checksum software is not installed by default on the system. It is available for download at: http://h20293.www2.hp.com/ 14. To install PAM Kerberos v1.26, run the following command at the HP-UX prompt: # swinstall -s The swinstall window is displayed. 15. Press the space bar to select the depot name. 16.
# # Bundle(s): # PAMKerberos D.01.26 PAM-Kerberos Version 1.26 Known Problems and Limitations Following are the known problems and limitations in PAM Kerberos v1.26: • If a kernel threaded DCE application linking to libdcekt uses PAM Kerberos for authentication, it results in core dump. This occurs because of a symbol clash between PAM Kerberos and DCE kernel threads. HP has fixed PAM Kerberos v1.26 and Kerberos Client C.1.3.5.05 to avoid this core dump.
Notes, Cautions, and Warnings Following are some notes, cautions, and warnings related to PAM Kerberos v1.26: • • • For each user, ensure that the UNIX uid, home directory, and shell information exist in the UNIX repository, /etc/passwd or any name service database. The Kerberos PAM module sets and uses KRB5CCNAME during authentication. If applications accessing KRB5CCNAME execute simultaneously in the same shell environment, there can be unexpected results.
