Manualshelf

PAM Kerberos v 1.26 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX Kerberos Data Security Software
3456789101112
#
# Bundle(s):
#
PAMKerberos D.01.26 PAM-Kerberos Version 1.26
Known Problems and Limitations
Following are the known problems and limitations in PAM Kerberos v1.26:
If a kernel threaded DCE application linking to libdcekt uses PAM Kerberos for
authentication, it results in core dump. This occurs because of a symbol clash between PAM
Kerberos and DCE kernel threads. HP has fixed PAM Kerberos v1.26 and Kerberos Client
C.1.3.5.05 to avoid this core dump. However, you must also install linker patch PHSS_28871
or its superseding patches to resolve this defect.
If you are using PAM Kerberos on HP-UX 11i v3, you do not have to install the PHSS_28871
linker patch. The core Kerberos Client on HP-UX 11i v3 is also fixed to resolve this defect.
NOTE: This workaround is available in HP-UX 11i v1 and HP-UX 11i v3 operating systems
only.
The Kerberos system ftp service may list the /etc/issue file before the expected output.
For more information on Secure Internet Services (SIS), see the sis( 5) manpage.
If the password expires on a Microsoft Windows 2000 KDC, PAM Kerberos displays a
message stating that the account has expired. However, PAM Kerberos does not prompt for
a new password.
Stacking PAM Kerberos v1.26 module (libpam_krb5.1 on HP-UX 11i v1 and
libpam_krb5.so.1 on HP-UX 11i v2) and DCE plug-in module (libpam_dce.1 on
HP-UX 11i v1 and libpam_dce.so.1 on HP-UX 11i v2) in the pam.conf file can produce
unpredictable results.
The PAM Kerberos v1.26 module and the DCE module use a different principal style and
a different credential file path. For the principal style, the DCE Kerberos module uses the
cell name, whereas PAM Kerberos v 1.26 uses the realm name. For the credential cache file,
DCE Kerberos stores its credentials in the /var/opt/dce/creds directory, while PAM
Kerberos v1.26 stores them in the /tmp/pam_krb5/creds directory.
HP-UX 64-bit PAM delivers 64-bit versions of the PAM libraries to support 64-bit PAM
applications on some configurations of the HP-UX 11i v1 operating system. Consider the
following limitations before using the 64-bit PAM libraries on an HP-UX 11i v1 operating
system:
— The 64-bit PAM libraries can be installed only on HP-UX 11i v1 systems that support
64-bit applications.
— The 64-bit PAM libraries do not support 64-bit PAM applications in configurations
containing NIS, NIS+, or LDAP.
Per user configuration is not applicable on a 64-bit platform, because the 64-bit PAM product
does not support the libpam_updbe.1 library. For the 64-bit PAM product to work properly,
each occurrence of the libpam_krb5.1 library in the /etc/pam.conf file must be specified
as a relative path. To view a sample /etc/pam.conf file with the relative path, see the
pam.conf( 4) manpage.
Known Problems and Limitations 11