Configuring the Kerberos Environment

 

 

 

 

Configuration Files for GSS-API

Table 3-2

Entries in the mech file (Continued)

 

 

 

 

 

 

 

 

Column

 

Description

 

 

 

 

 

 

Third column

Contains the name of the shared library that

 

 

 

implements the back-end security mechanism for

 

 

 

GSSAPI.

 

 

 

 

The back-end library must be placed in the

 

 

 

/usr/lib/gss path for 32-bit and the

 

 

 

/usr/lib/pa20_64/gss path for 64-bit versions

 

 

 

on PA-RISC based systems.

 

 

 

 

The back-end library has to be placed in the

 

 

 

/usr/lib/hpux32/gss path for 32-bit and the

 

 

 

/usr/lib/hpux64/gss path for 64-bit versions on

 

 

 

Itanium based systems.

 

 

 

 

 

 

 

Fourth

This is an optional field. In HP-UX 11i v3, this

 

 

column

field lists the krb5 kernel module.

 

 

 

 

 

 

You can use the GSSAPI_MECH_CONF environment variable to change the

 

path of the mechanism file (/etc/gss/mech) file.

 

Example mech File on HP-UX 11.0 and HP-UX 11i v1

 

# Mechanism Name

Object Identifier

Shared Library

 

#

 

 

 

 

 

krb5_mech

 

1.2.840.113554.1.2.2

libgssapi_krb5.sl

 

Example mech File on HP-UX 11i v2

 

 

 

# Mechanism Name

Object Identifier

Shared Library

 

#

 

 

 

 

 

krb5_mech

 

1.2.840.113554.1.2.2

libgssapi_krb5.so

Example mech File on HP-UX 11i v3

#

Mechanism Name

Object Identifier

Shared Library

Kernel Module

#

 

 

 

 

krb5_mech

1.2.840.113554.1.2.2

libgssapi_krb5.so

krb5

The /etc/gss/qop File

The /etc/gss/qop file contains information about the GSSAPI-based

Quality Of Protection (QOP) for each underlying security mechanism.

Chapter 3

83