HP-UX 11i September 2002 Release Notes

Security

Kerberos Client Software

Chapter 13

244

• /usr/bin/klist: list cached Kerberos tickets. See klist (1).

• /usr/bin/kdestroy: destroy Kerberos tickets. See kdestroy (1).

• /usr/bin/kvno: print key version numbers of Kerberos principals. See kvno (1).

• /usr/bin/kpasswd: change a user’s Kerberos password. See kpasswd (1).

• /usr/sbin/ktutil: Kerberos keytab file maintenance utility. See ktutil (1).

Manpages

• Manpages in /usr/share/man/man1.Z directory: kinit (1), klist (1), kdestroy (1),

kvno (1), kpasswd (1), and ktutil (1)

• Manpages in /usr/share/man/man4.Z directory: krb5.conf (4)

• Manpages in /usr/share/man/man3.Z directory: libkrb5 (3)

Special Considerations

Developing Secure Applications

Though Kerberos APIs are made available, these are for supporting existing Kerberos

Applications to HP-UX 11i. Application developers are strongly encouraged to use GSS

API for developing secure applications. See gssapi (5) for details.

libsis.sl

Most of the KRB-Support (libsis.sl) functionality is now available with Kerberos

Client Software. It is recommended that developers compile and link with these

libraries.

Unsupported Features

• Kerberos Client Software does not support Triple DES due to U.S. export

regulations.

• Kerberos Client libraries are not thread safe.

Size Requirement

Kerberos Client Software requires 5MB of disk space.

Compatibility Issues

• Kerberos V5 1.1.1 Client Software is compatible with earlier versions of the Kerberos

product supporting RFC 1510.

• Kerberos Client Software only supports the Kerberos 5 protocol as per RFC 1510.

The product does not support the Kerberos 4 protocol and Kerberos 4 to Kerberos 5

request conversions.