Manualshelf

PAM Kerberos v 1.26 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX Kerberos Data Security Software
12345678910
For more information on KRB5CCNAME, see “Notes, Cautions, and Warnings” (page 12).
Account Management Module
The account management module retrieves the users expiration information and verifies that
the user account and password have not expired.
Session Management Module
The session management module provides functions to initiate and terminate sessions. The
session is terminated to clean the credentials created by the pam_sm_set_cred module.
Password Management Module
The password management module provides a function to change passwords in the Kerberos
password database.
See the sample /etc/pam.conf file for a configuration example. Additional examples are
provided under “Notes, Cautions, and Warnings” (page 12). For more information, see the
pam_krb5( 5) manpage.
Options Supported by the PAM Kerberos Modules
The PAM Kerberos modules support the following options:
use_first_pass
try_first_pass
renewable=<time>
forwardable
proxiable
ignore
debug
krb_prompt
For more information on these options, see Configuration Guide for Kerberos Client Products on
HP-UX (5991-7718) at: www.docs.hp.com
What Is in This Version
PAM Kerberos v 1.26 includes only defect fixes.
Defect Fixes in PAM Kerberos v 1.26
Table 1-3 lists the defect fixes in PAM Kerberos v1.26 available on the HP-UX operating systems.
Table 1-3 Defect Fixes in PAM Kerberos v1.26
DescriptionIdentifier
On HP-UX 11i v1, HP-UX 11i v2, and HP-UX 11i v3 operating systems, any PAMized setuid
application, which uses environment variables may be vulnerable.
QXCR1000900218
On HP-UX 11i v2 and HP-UX 11i v3 operating systems, the sample PAM configuration file,
/etc/pam.krb5 need to be updated for sshd entries.
QXCR1000901435
On HP-UX 11i v2 and HP-UX 11i v3 operating systems, the dtlogin (CDE) ignores the user
entries present in the /etc/pam_user.conf file.
QXCR1000584992
Defect Description: System login using su on all HP-UX operating systems fails when PAM
Kerberos v1.25 is installed.
Resolution: PAM Kerberos is fixed to resolve this issue.
QXCR1000924790
8 PAM Kerberos v1.26 Release Notes