Introduction to the Kerberos Products and GSS-API

PAM Kerberos

 

The PAM Framework

 

Figure 2-1 shows the relationship between the PAM Kerberos Library

 

and various authentication modules that HP-UX provides. Note that the

 

PAM Kerberos Library is one of the many authentication modules that

 

PAM can invoke based on what is defined under the PAM configuration

 

file: /etc/pam.conf.

Figure 2-1

HP-UX authentication modules under

 

PAM

login su passwd

PAM library

Authentication Service

telnet

Use the PAM configuration file, pam.conf, to indicate which authentication module

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

UNIX

 

 

DCE

 

Kerberos

 

LDAP

 

NTLM

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

libpam_

 

unix.1

 

 

 

 

 

 

 

 

 

 

 

 

 

libpam_krb5.1

 

libpam_ntlm.1

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

libpam_dce.1

libpam_ldap.1

PAM Kerberos is invoked for user authentication, when PAM’s authentication-management module is pointed to the shared dynamically loadable PAM Kerberos library, libpam_krb5. Table 2-1 indicates the location of the library on both Itaniumand PA-RISC based platforms.

34

Chapter 2