HP-UX 11i September 2002 Release Notes
Security
Kerberos Client Software
Chapter 13
244
• /usr/bin/klist: list cached Kerberos tickets. See klist (1).
• /usr/bin/kdestroy: destroy Kerberos tickets. See kdestroy (1).
• /usr/bin/kvno: print key version numbers of Kerberos principals. See kvno (1).
• /usr/bin/kpasswd: change a user’s Kerberos password. See kpasswd (1).
• /usr/sbin/ktutil: Kerberos keytab file maintenance utility. See ktutil (1).
Manpages
• Manpages in /usr/share/man/man1.Z directory: kinit (1), klist (1), kdestroy (1),
kvno (1), kpasswd (1), and ktutil (1)
• Manpages in /usr/share/man/man4.Z directory: krb5.conf (4)
• Manpages in /usr/share/man/man3.Z directory: libkrb5 (3)
Special Considerations
Developing Secure Applications
Though Kerberos APIs are made available, these are for supporting existing Kerberos
Applications to HP-UX 11i. Application developers are strongly encouraged to use GSS
API for developing secure applications. See gssapi (5) for details.
libsis.sl
Most of the KRB-Support (libsis.sl) functionality is now available with Kerberos
Client Software. It is recommended that developers compile and link with these
libraries.
Unsupported Features
• Kerberos Client Software does not support Triple DES due to U.S. export
regulations.
• Kerberos Client libraries are not thread safe.
Size Requirement
Kerberos Client Software requires 5MB of disk space.
Compatibility Issues
• Kerberos V5 1.1.1 Client Software is compatible with earlier versions of the Kerberos
product supporting RFC 1510.
• Kerberos Client Software only supports the Kerberos 5 protocol as per RFC 1510.
The product does not support the Kerberos 4 protocol and Kerberos 4 to Kerberos 5
request conversions.