Contact Us Contact Us

Kerberos Client

  Software Depot
Electronic download
Frequently asked questions
Product details & specifications
Receive for Free
Overview

Kerberos Client (KRB5CLIENT) is a web upgrade for KRB5-Client. KRB5-Client is a part of the core HP-UX 11i v1, HP-UX 11i v2, and HP-UX 11i v3 operating systems.

Table 1 lists the core and web upgrade Kerberos Client versions on HP-UX 11i v1, HP-UX 11i v2, and HP-UX 11i v3.

Table 1. Core and web upgrade Kerberos Client Versions on HP-UX Operating Systems

Version of Kerberos Client

KRB5-Client (core product)

KRB5CLIENT (web upgrade)

HP-UX 11i v1

1.0

C.1.3.5.11

HP-UX 11i v2

1.0

D.1.6.2.09

HP-UX 11i v3

1.3.5.03

E.1.6.2.10

HP provides Kerberos Client (KRB5CLIENT) software, including libraries, header files, and utilities for implementing secured client/server applications in either 32-bit or 64-bit development environment. Kerberos Client libraries support DES, 3DES, AES, and RC4 encryption types.

Table 2 lists the various Kerberos Client libraries on PA-RISC and Itanium architecture.

Table 2. Client Libraries on PA-RISC and Itanium Architecture

PA-RISC  Architecture

Itanium Architecture

libkrb5.1

libkrb5.so.1

libcom_err.1

libcom_err.so.1

libk5crypto.1

libk5crypto.so.1

libgssapi_krb5.1

libgssapi_krb5.so.1

libkrb5support.1 *

libkrb5support.so.1 *

Note: The libkrb5support.1/libkrb5support.so.1 library is available only on Kerberos Client versions D.1.6.2 or later and E.1.6.2 or later.

Following lists the utilities included with Kerberos Client:

  • kinit
  • klist
  • kvno
  • kpasswd
  • kdestroy
  • ktutil
  • kcpytkt - available only on Kerberos Client versions D.1.6.2 or later and E.1.6.2 or later
  • kdeltkt - available only on Kerberos Client versions D.1.6.2 or later and E.1.6.2 or later

Following lists the features of Kerberos Client:

  • Provides thread safety for Kerberos libraries
  • Provides the following new client commands:
    • Command for copying service ticket between credential caches - kcpytkt
    • Command for deleting service ticket from the credential cache - kdeltkt
  • Provides the following new functions, which are needed for NFSv4:
    • The gss_krb5_set_allowable_enctypes() function
    • The gss_krb5_export_lucid_sec_context() function
  • Provides a plug-in architecture that allows for extension modules to be loaded at run-time
  • Partial client implementation to handle server name referrals

·         SASL/GSS-API bind to Netscape Directory Server no longer fails when SSL is enabled.

·         Support for powerful cryptographic algorithms like 3DES, RC4, and AES

·         Support for IPv6

·         Support for TCP
Kerberos Client libraries can now use TCP to connect to KDC. This may be necessary for the libraries to communicate with Microsoft KDCs (domain controllers) if they issue tickets with excessive PAC data.

·         Security fixes up to version 1.6.2 made by MIT in the open source version of Kerberos Client

·         Administrators can now control the behavior of Kerberized login applications that call the krb5_kuserok() API provided by the libkrb5.sl library. In earlier versions of Kerberos Client, krb5_kuserok()checked the .k5login file in the user's home directory for access permissions. This enabled users to modify the .k5login file and allow access to other users.

Administrators can now create files with the name .k5login.<username> in the /etc/krb5/ directory. Administrators can also create symbolic links pointing to the .k5login file in the user’s home directory. If the /etc/krb5 directory does not exist krb5_kuserok() continues to check the .k5login file in the user's home directory. If the /etc/krb5/ directory exists, the krb5_kuserok() API ignores any corresponding .k5login files in the user's home directory while making authorization decisions. The format of the entries in the new files in /etc/krb5 continues to be the same as that of the .k5login file in the user's home directory.

what is new in this release

Kerberos Client version C.1.3.5.11 is a defect-fix release and does not contain any new features.

Kerberos Client version D.1.6.2.09 is a defect-fix release and does not contain any new features.

Kerberos Client version E.1.6.2.10 is a defect-fix release and does not contain any new features.

additional documentation

 
Additional product information
Product #: KRB5CLIENT
Version: C.1.3.5.11/D.1.6.2.09/E.1.6.2.10
Software specification: HP-UX 11i v1 - C.1.3.5.11(KRB5CLIENT_C.1.3.5.11_HP-UX_B.11.11_32_64.depot)
HP-UX 11i v2 - D.1.6.2.09(KRB5CLIENT_D.1.6.2.09_HP-UX_B.11.23_IA_PA.depot)
HP-UX 11i v3 - E.1.6.2.10(KRB5CLIENT_E.1.6.2.10_HP-UX_B.11.31_IA_PA.depot)
Installation
Receive for Free