Change log for libpam-krb5 package in Ubuntu
| 1 → 46 of 46 results | First • Previous • Next • Last |
libpam-krb5 (4.11-1build3) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek <email address hidden> Sun, 31 Mar 2024 19:27:24 +0000
Available diffs
- diff from 4.11-1build2 to 4.11-1build3 (323 bytes)
libpam-krb5 (4.11-1build2) noble; urgency=high * No change rebuild against libkrb5-26t64-heimdal. -- Julian Andres Klode <email address hidden> Fri, 22 Mar 2024 18:18:09 +0100
Available diffs
| Deleted in noble-updates (Reason: superseded by release) |
| Superseded in noble-release |
| Published in mantic-release |
| Published in lunar-release |
| Obsolete in kinetic-release |
| Published in jammy-release |
| Deleted in jammy-proposed (Reason: Moved to jammy) |
libpam-krb5 (4.11-1build1) jammy; urgency=high * No change rebuild for ppc64el baseline bump. -- Julian Andres Klode <email address hidden> Thu, 24 Mar 2022 13:14:17 +0100
Available diffs
- diff from 4.11-1 (in Debian) to 4.11-1build1 (504 bytes)
libpam-krb5 (4.11-1) unstable; urgency=medium
* Upload to unstable.
* New upstream release.
- Do not destroy the ticket cache if pam_end was called with the
PAM_DATA_SILENT flag set.
* Set Upstream-Name in debian/copyright.
* Update standards version to 4.6.0 (no changes required).
* Refresh upstream signing key.
-- Russ Allbery <email address hidden> Sun, 17 Oct 2021 15:49:06 -0700
Available diffs
- diff from 4.9-2build1 (in Ubuntu) to 4.11-1 (156.0 KiB)
| Superseded in jammy-release |
| Obsolete in impish-release |
| Deleted in impish-proposed (Reason: Moved to impish) |
libpam-krb5 (4.9-2build1) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose <email address hidden> Thu, 07 Oct 2021 12:17:18 +0200
Available diffs
- diff from 4.9-2 (in Debian) to 4.9-2build1 (346 bytes)
libpam-krb5 (4.9-2) unstable; urgency=medium
* Apply upstream patch to avoid a double free if calling
krb5_cc_get_principal on the new cache fails.
-- Russ Allbery <email address hidden> Sun, 14 Mar 2021 12:31:39 -0700
Available diffs
- diff from 4.9-1 to 4.9-2 (1.1 KiB)
| Superseded in hirsute-release |
| Obsolete in groovy-release |
| Published in focal-release |
| Deleted in focal-proposed (Reason: moved to Release) |
libpam-krb5 (4.8-2ubuntu1) focal; urgency=medium
* SECURITY UPDATE: One-byte buffer overflow
- debian/patches/CVE-2020-10595.patch: checks prompts[i].reply->length
boundaries in prompting.c.
- CVE-2020-10595
-- <email address hidden> (Leonidas S. Barbosa) Wed, 25 Mar 2020 10:26:35 -0300
Available diffs
- diff from 4.8-2 (in Debian) to 4.8-2ubuntu1 (954 bytes)
| Superseded in impish-release |
| Obsolete in hirsute-release |
| Deleted in hirsute-proposed (Reason: moved to Release) |
libpam-krb5 (4.9-1) unstable; urgency=high
* New upstream release.
- Fix potential one-byte buffer overflow when relaying prompts from
the underlying Kerberos library. (CVE-2020-10595)
- Support use_pkinit with MIT Kerberos. (Closes: #871699)
- Reject passwords as long or longer than PAM_MAX_RESP_SIZE (512
octets) to avoid denial of service attacks.
- Use explicit_bzero to erase passwords before freeing.
- Return more accurate errors from the Kerberos prompter function.
- Fix an edge-case memory leak in pam_chauthtok.
* Update to debhelper compatibility level V12.
- Depend on debhelper-compat instead of debhelper.
* Update standards version to 4.5.0 (no changes required).
* Refresh upstream signing key.
-- Russ Allbery <email address hidden> Mon, 30 Mar 2020 19:46:43 -0700
Available diffs
- diff from 4.8-2ubuntu1 (in Ubuntu) to 4.9-1 (262.8 KiB)
libpam-krb5 (4.5-3ubuntu0.1) precise-security; urgency=medium
* SECURITY UPDATE: One-byte buffer overflow
- debian/patches/CVE-2020-10595.patch: checks prompts[i].reply->length
boundaries in prompting.c.
- CVE-2020-10595
-- <email address hidden> (Leonidas S. Barbosa) Tue, 24 Mar 2020 09:02:18 -0300
Available diffs
libpam-krb5 (4.8-2ubuntu0.1) eoan-security; urgency=medium
* SECURITY UPDATE: One-byte buffer overflow
- debian/patches/CVE-2020-10595.patch: checks prompts[i].reply->length
boundaries in prompting.c.
- CVE-2020-10595
-- <email address hidden> (Leonidas S. Barbosa) Tue, 24 Mar 2020 09:31:05 -0300
Available diffs
- diff from 4.8-2 (in Debian) to 4.8-2ubuntu0.1 (968 bytes)
libpam-krb5 (4.7-2ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: One-byte buffer overflow
- debian/patches/CVE-2020-10595.patch: checks prompts[i].reply->length
boundaries in prompting.c.
- CVE-2020-10595
-- <email address hidden> (Leonidas S. Barbosa) Tue, 24 Mar 2020 09:22:14 -0300
Available diffs
- diff from 4.7-2 (in Debian) to 4.7-2ubuntu0.1 (1002 bytes)
libpam-krb5 (4.8-1ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: One-byte buffer overflow
- debian/patches/CVE-2020-10595.patch: checks prompts[i].reply->length
boundaries in prompting.c.
- CVE-2020-10595
-- <email address hidden> (Leonidas S. Barbosa) Tue, 24 Mar 2020 09:23:58 -0300
Available diffs
- diff from 4.8-1 (in Debian) to 4.8-1ubuntu0.1 (960 bytes)
| Superseded in focal-release |
| Obsolete in eoan-release |
| Obsolete in disco-release |
| Obsolete in cosmic-release |
| Deleted in cosmic-proposed (Reason: moved to release) |
libpam-krb5 (4.8-2) unstable; urgency=medium
* Move canonical packaging repository to salsa.debian.org.
* Update standards version to 4.2.1.
- Enable verbose test output.
- Install the upstream release notes as NEWS.gz, not changelog.gz.
- Add Rules-Requires-Root: no.
* Add upstream release tag pattern to debian/gbp.conf.
* Bump watch file version to 4.
* Refresh upstream signing key.
-- Russ Allbery <email address hidden> Fri, 31 Aug 2018 10:57:00 -0700
Available diffs
- diff from 4.8-1 to 4.8-2 (3.0 KiB)
| Superseded in cosmic-release |
| Published in bionic-release |
| Deleted in bionic-proposed (Reason: moved to release) |
libpam-krb5 (4.8-1) unstable; urgency=medium
* New upstream release.
- Correctly set credential options when verifying that an expired
password can be used to get kadmin/changepw credentials.
- Report PKINIT failure reasons when built with new Heimdal versions.
- Better document that the default Kerberos library ticket cache
location is not used and why. (Closes: #872943)
* Update to debhelper compatibility level V11.
* Update standards version to 4.1.3.
- Change priority of libpam-heimdal to optional.
- Use https URLs in debian/copyright.
* Use https in the debian/watch URL.
* Remove now-unnecessary configuration to force xz compression.
* Refresh upstream signing key.
* Remove trailing whitespace from debian/changelog.
-- Russ Allbery <email address hidden> Sat, 30 Dec 2017 21:21:08 -0800
Available diffs
- diff from 4.7-4 to 4.8-1 (291.7 KiB)
| Superseded in bionic-release |
| Obsolete in artful-release |
| Obsolete in zesty-release |
| Deleted in zesty-proposed (Reason: moved to release) |
libpam-krb5 (4.7-4) unstable; urgency=medium
* Re-add libpam-heimdal now that Heimdal upstream has released a new
stable version and seems to be active again.
* Update to debhelper compatibility level V10.
- Remove explicit build dependency on dh-autoreconf.
- Remove explicit --parallel and autoreconf module flags.
* Drop "v5" from package long descriptions. Kerberos v5 is now the only
meaningful version of Kerberos, and there's no reason to qualify it.
* Remove libpam0g version qualification on dependency. The required
version is older than oldstable.
-- Russ Allbery <email address hidden> Sat, 31 Dec 2016 13:42:47 -0800
Available diffs
- diff from 4.7-3 to 4.7-4 (3.2 KiB)
libpam-krb5 (4.7-3) unstable; urgency=medium
* Drop libpam-heimdal since Heimdal is being removed from testing (and
possibly unstable) as being too buggy and too unsupported upstream for
Debian to support. See #837728. (Closes: #837716)
* Document restrictions around minimum_uid and pam-auth-update in
README.Debian (see #756880).
* Switch to the DEP-14 branch layout and update debian/gbp.conf and
Vcs-Git accordingly.
* Switch to https for all package metadata URLs.
* Run wrap-and-sort -ast on packaging files.
* Refresh upstream signing key.
* Update standards version to 3.9.8 (no changes required).
-- Russ Allbery <email address hidden> Wed, 19 Oct 2016 11:44:18 -0700
Available diffs
- diff from 4.7-2 to 4.7-3 (14.6 KiB)
| Superseded in zesty-release |
| Obsolete in yakkety-release |
| Published in xenial-release |
| Obsolete in wily-release |
| Deleted in wily-proposed (Reason: moved to release) |
libpam-krb5 (4.7-2) unstable; urgency=medium
* Upload to unstable.
* Refresh upstream signing key.
* Add debian/gbp.conf reflecting the branch layout of the default
packaging repository.
-- Russ Allbery <email address hidden> Sun, 26 Apr 2015 20:23:59 -0700
Available diffs
- diff from 4.6-3 to 4.7-2 (162.2 KiB)
| Superseded in wily-release |
| Obsolete in vivid-release |
| Obsolete in utopic-release |
| Deleted in utopic-proposed (Reason: moved to release) |
libpam-krb5 (4.6-3) unstable; urgency=medium
* Drop version qualifications on Build-Depends that are satisfied by
stable. Drop version qualifications on Depends that are satisfied by
oldstable.
* Add the upstream release signing key and verify it in debian/watch.
* Prefer *.tar.xz in debian/watch to match packaging.
* Convert debian/copyright to copyright-format 1.0.
* Specify the Debian packaging branch in the Vcs-Git control field.
* Update standards version to 3.9.5 (no changes required).
-- Russ Allbery <email address hidden> Sun, 13 Apr 2014 13:13:38 -0700
Available diffs
- diff from 4.6-2 to 4.6-3 (13.6 KiB)
| Superseded in utopic-release |
| Published in trusty-release |
| Obsolete in saucy-release |
| Deleted in saucy-proposed (Reason: moved to release) |
libpam-krb5 (4.6-2) unstable; urgency=low
* Apply upstream patch to add AM_PROG_AR to configure.ac, now apparently
required by Automake for the binutils in unstable. (Closes: #713296)
* Apply upstream patch to build with largefile support. This is
probably pointless for this module, but consistency is good.
* Canonicalize the Vcs-Git and Vcs-Browser URLs.
* Update standards version to 3.9.4 (no changes required).
-- Russ Allbery <email address hidden> Sun, 23 Jun 2013 12:33:04 -0700
Available diffs
- diff from 4.6-1 to 4.6-2 (1.6 KiB)
libpam-krb5 (4.6-1) unstable; urgency=low
* New upstream release.
- New anon_fast option to attempt anonymous authentication and use
those credentials to provide FAST armor. (Closes: #626509)
- New user_realm option to set the realm for unqualified user
principals without changing the default realm for all other
operations.
- New no_prompt option to suppress PAM prompting in favor of letting
the Kerberos library handle it. (Closes: #626506)
- New silent option that duplicates the behavior of PAM_SILENT.
- New trace option for preliminary support of Kerberos trace logging.
- Fix the doubled colon in password prompts from Heimdal.
- Preserve the realm of the authentication identity when forming an
alt_auth_map identity.
- Allow the alt_auth_map format to contain a realm to force all mapped
principals to be in that realm.
- Avoid a NULL pointer dereference if krb5_init_context fails.
(LP: #998525)
- Close memory leaks in search_k5login and alt_auth_map.
- Suppress bogus error messages about the realm option.
- Retry authentication under try_first_pass for several other error
conditions.
* Regenerate the Autotools build system with dh-autoreconf.
* Add krb5-config to Build-Depends so that the test programs don't abort
with errors about not having a Kerberos configuration.
* Switch to xz compression for the upstream and Debian tarballs.
* Enable parallel builds.
* Update standards version to 3.9.3 (no changes required).
-- Russ Allbery <email address hidden> Sat, 02 Jun 2012 19:20:27 -0700
Available diffs
- diff from 4.5-4 to 4.6-1 (92.3 KiB)
libpam-krb5 (4.5-4) unstable; urgency=low
* Enable bindnow hardening flags and fix the syntax of the
DEB_BUILD_MAINT_OPTIONS setting.
* Bump debhelper dependency to 9 now that compatibility mode V9 is no
longer experimental.
* Move single-debian-patch to local-options and patch-header to
local-patch-header so that they only apply to the packages I build and
NMUs get regular version-numbered patches.
-- Russ Allbery <email address hidden> Sat, 04 Feb 2012 13:27:02 -0800
Available diffs
- diff from 4.5-3 to 4.5-4 (1.3 KiB)
libpam-krb5 (4.5-3) unstable; urgency=low
* Fix build rule to not override CPPFLAGS, which deactivates some of the
options passed in by dpkg-buildflags. Instead, use --with-krb5-lib
and --with-krb5-include to locate the Kerberos headers and libraries.
Thanks, Moritz Muehlenhoff. (Closes: #654293)
-- Russ Allbery <email address hidden> Tue, 03 Jan 2012 13:38:12 -0800
Available diffs
- diff from 4.4-3 to 4.5-3 (301.9 KiB)
libpam-krb5 (4.4-3) unstable; urgency=low
* Change the pam-auth-update configuration to skip remaining password
stack by default modules if the Kerberos password change succeeds.
This is more useful behavior for the common case of Kerberos accounts
not having local passwords. See README.Debian.gz for information
about how to synchronize Kerberos and local passwords. (LP: #826989)
* Update README.Debian.gz documentation with more current options for
pam_unix and document password synchronization configuration.
* Convert to multiarch. Depend on the multiarch version of libpam0g,
install the modules into the multiarch version of /lib/security, and
declare the packages Multi-Arch: same.
* Update to debhelper compatibility level V9 (experimental).
- Build-Depend on debhelper 8.9.4 or later for hardening flags.
- Add Pre-Depends: ${misc:Pre-Depends}.
* Update standards version to 3.9.2 (no changes required).
* Fix formal name of the GPL in debian/copyright. (This will also be
done upstream in the next release.)
-- Russ Allbery <email address hidden> Mon, 26 Sep 2011 08:40:43 -0700
libpam-krb5 (4.4-1ubuntu1) oneiric; urgency=low * Search for heimdal and kerberos libraries in multiarch locations. -- Matthias Klose <email address hidden> Sat, 13 Aug 2011 10:58:29 +0200
Available diffs
- diff from 4.4-1 to 4.4-1ubuntu1 (620 bytes)
libpam-krb5 (4.4-1) unstable; urgency=low
* New upstream release.
- Do not prompt for a password when try_pkinit is set, removing a
spurious password prompt introduced in 4.1, but partly reintroducing
a bug causing the password to not be saved in the PAM data if
authentication falls back to password after a PKINIT failure.
- Organize the pam_krb5 man page into sections.
* Fix custom patch header to refer to pam-krb5, not remctl.
* Update standards version to 3.9.1.
- Refer to the GPL version 1 now that it's in common-licenses.
* Update to debhelper compatibility level V8 (no changes required).
Available diffs
- diff from 4.2-1 to 4.4-1 (48.3 KiB)
| Superseded in oneiric-release |
| Obsolete in natty-release |
| Obsolete in maverick-release |
| Obsolete in lucid-release |
libpam-krb5 (4.2-1) unstable; urgency=low
* New upstream release.
- New fail_pwchange option which treats expired passwords like
authentication failure and suppresses password change.
Available diffs
- diff from 3.15-1 to 4.2-1 (336.4 KiB)
libpam-krb5 (3.15-1) unstable; urgency=low
* New upstream release.
- Fix a segfault if pam-krb5 is configured with use_first_pass or
use_authtok and there is no stored password. Thanks, Jonathan
Guthrie. (Closes: #537729)
Available diffs
- diff from 3.13-2ubuntu2 to 3.15-1 (58.9 KiB)
| Superseded in karmic-release |
libpam-krb5 (3.13-2ubuntu2) karmic; urgency=low * No-change rebuild against libkrb5-3. -- Steve Langasek <email address hidden> Mon, 08 Jun 2009 11:02:00 +0000
Available diffs
- diff from 3.13-2ubuntu1 to 3.13-2ubuntu2 (315 bytes)
libpam-krb5 (3.13-2ubuntu1) jaunty; urgency=low
* Merge from Debian unstable, remaining changes:
- debian/{pam-auth-update,postinst,prerm}, debian/rules, debian/dirs:
enable pam_krb5 by default using the new pam-auth-update support.
- debian/control: depend on libpam-runtime (>= 1.0.1-6) for the
above.
* Logging is now done with the LOG_AUTHPRIV facility. LP: #227531.
Available diffs
- diff from 3.11-4ubuntu1 to 3.13-2ubuntu1 (27.3 KiB)
| Superseded in jaunty-release |
libpam-krb5 (3.11-4ubuntu1) jaunty; urgency=low
* Merge from debian unstable, remaining changes:
- debian/libpam-krb5.{pam-auth-update,install,postinst,prerm},
debian/rules, debian/dirs: enable pam_krb5 by default using the new
pam-auth-update support. LP: #275169.
- debian/control: depend on libpam-runtime (>= 1.0.1-4ubuntu1) for the
above.
-- Marc Deslauriers <email address hidden> Thu, 12 Feb 2009 03:55:42 +0000
Available diffs
- diff from 3.11-3ubuntu1 to 3.11-4ubuntu1 (2.2 KiB)
libpam-krb5 (3.10-1ubuntu0.8.04.1) hardy-security; urgency=low
* SECURITY UPDATE: local privilege escalation from incorrect API when used
with setuid applications.
- context.c, options.c: use krb5_init_secure_context() if we are setuid or
setgid.
- CVE-2009-0360
* SECURITY UPDATE: local file overwrite by pam_setcred when used with setuid
applications and KRB5CCNAME environment variable.
- api-auth.c: bail out in pam_sm_setcred() if we are setuid or setgid.
- CVE-2009-0361
-- Marc Deslauriers <email address hidden> Wed, 11 Feb 2009 08:21:28 -0500
Available diffs
libpam-krb5 (3.10-1ubuntu0.8.10.1) intrepid-security; urgency=low
* SECURITY UPDATE: local privilege escalation from incorrect API when used
with setuid applications.
- context.c, options.c: use krb5_init_secure_context() if we are setuid or
setgid.
- CVE-2009-0360
* SECURITY UPDATE: local file overwrite by pam_setcred when used with setuid
applications and KRB5CCNAME environment variable.
- api-auth.c: bail out in pam_sm_setcred() if we are setuid or setgid.
- CVE-2009-0361
-- Marc Deslauriers <email address hidden> Wed, 11 Feb 2009 08:21:28 -0500
Available diffs
| Superseded in jaunty-release |
libpam-krb5 (3.11-3ubuntu1) jaunty; urgency=low
* debian/libpam-krb5.{pam-auth-update,install,postinst,prerm},
debian/rules, debian/dirs: enable pam_krb5 by default using the new
pam-auth-update support. LP: #275169.
* debian/control: depend on libpam-runtime (>= 1.0.1-4ubuntu1) for the
above.
-- Steve Langasek <email address hidden> Thu, 08 Jan 2009 09:42:55 +0000
Available diffs
- diff from 3.11-3 to 3.11-3ubuntu1 (1.2 KiB)
libpam-krb5 (3.11-3) unstable; urgency=low
* Fix segfault after detection of unsafe .k5login ownership when
search_k5login is set. Thanks, Andrew Deason. (Closes: #499479)
Available diffs
- diff from 3.10-1 to 3.11-3 (58.9 KiB)
libpam-krb5 (3.10-1) unstable; urgency=low
* New upstream release.
- If no_ccache is set, don't fail if we can't find module data.
- Better error handling when reading keytabs.
* Document in README.Debian that accounts must still exist in
/etc/shadow when following the standard configuration and suggest an
alternate configuration when that isn't appropriate. Thanks, Raoul
Borenius. (Closes: #452592)
* No longer build-depend on comerr-dev, since the module no longer links
to it directly.
* Update standards version to 3.7.3 (no changes required).
-- Matthias Klose <email address hidden> Fri, 08 Feb 2008 09:14:35 +0000
libpam-krb5 (3.9-1) unstable; urgency=low
* New upstream release.
- If use_authtok is set, fail if we retrieve a NULL password, since
that's how pam_cracklib rejects passwords. (Closes: #447306)
- Add clear_on_fail option to clear the password on failed password
change to force later password modules using use_authtok to fail.
- Fix parsing of the keytab PAM option.
- Return PAM_AUTHINFO_UNAVAIL when unable to resolve the realm.
- Additional debugging information in README.
* Add Homepage control field.
-- Ubuntu Archive Auto-Sync <email address hidden> Thu, 15 Nov 2007 10:52:56 +0000
libpam-krb5 (3.8-1) unstable; urgency=low
* New upstream release.
- Restore prompting for expired passwords. (Closes: #444740)
- Correctly handle a negative minimum UID setting.
libpam-krb5 (3.5-1) unstable; urgency=low
* New upstream release.
- Fix compilation errors with Heimdal. (Closes: #413553)
- Document that ChallengeResponseAuthentication must be enabled in
sshd to prompt users to change expired passwords. (Closes: #411816)
- Support specifying a keytab other than the system keytab to use to
verify passwords. (Partly addresses #399002)
- New ticket_lifetime, banner, and expose_account config options.
- Honor PAM_SILENT where appropriate.
- Prefix the default cache type with FILE: to be explicit.
- If PAM_USER is set to a fully-qualified principal that the Kerberos
library can map to a local account name, reset PAM_USER to that
local account name after authentication.
- Return better PAM error codes for authentication failures.
- Fix various memory leaks and memory handling problems.
- Better error message handling with later Kerberos releases.
- Various improvements to debug logging.
* Update debhelper compatibility level to V5.
-- Ubuntu Archive Auto-Sync <email address hidden> Fri, 27 Apr 2007 00:28:23 +0100
libpam-krb5 (2.6-1) unstable; urgency=low
* New upstream release.
- Don't assume the return from pam_get_user will persist.
- Avoid a use of freed memory when debugging is enabled.
- Bind function calls within the PAM module where possible.
-- Ubuntu Archive Auto-Sync <email address hidden> Wed, 06 Dec 2006 13:05:28 +0000
libpam-krb5 (2.5-1) unstable; urgency=low
* New upstream release.
- Don't free the results of pam_get_item on password changes. Thanks,
Arne Nordmark. (Closes: #395041)
- Be more paranoid when checking authorization in pam_sm_acct_mgmt.
- Zero passwords before freeing them.
-- Ubuntu Archive Auto-Sync <email address hidden> Tue, 07 Nov 2006 02:36:49 +0000
libpam-krb5 (2.4-1) unstable; urgency=low
* New upstream release.
- Fix compilation with Heimdal. (Closes: #391276)
- Better error handling and several uninitialized variable fixes.
- Log when an unknown option is passed to the module.
libpam-krb5 (1.2.0-3) unstable; urgency=low
* Only call krb5_kuserok when the account to which we're authenticating
is a local account to allow use of pam_krb5 for application
authentication of users without local accounts. (Closes: #354133)
* Restructure the code to do user validation after obtaining their
initial tickets. This eliminates a lot of confusing special cases and
deferred checking and makes it easier to audit the code.
* Don't create the ticket cache until after successful authentication.
Otherwise, we leave files behind in /tmp.
* Document what principals libpam_krb5.so looks for in the system keytab
to do ticket validation. (Closes: #350556)
libpam-krb5 (1.2.0-1) unstable; urgency=low
* New upstream maintainer and version.
- Now supports reinitialization of credentials properly, allowing
programs such as xlock to refresh credentials. (Closes: #309345)
This currently only works with versions of xlock that try to refresh
credentials (xlockmore does not).
- Do not include the principal name in the prompt. This breaks some
SSH clients and isn't necessary. (Closes: #321319)
- New ignore_root option to skip this module for root authentication,
ameliorating pam_krb5 problems when the network is down. Partially
addresses #315622.
* Bug fixes to upstream version (all sent back to the maintainer):
- Succeed silently in account management if Kerberos wasn't used.
- Parse ccache_dir correctly.
- Bring the man page up to date.
- Link with -z defs to ensure all symbols were found.
* Readd the ccache option with a better implementation and allow for
randomization of the filename using mkstemp even if ccache is used.
* Add search_k5login option to allow authentication based on the
principals listed in ~/.k5login when the local account name doesn't
easily map to the Kerberos principal.
* Add specific configuration recommendations to README.Debian.
* Install upstream changelog now that there is one.
* Add a watch file.
* Update standards version to 3.6.2 (no changes required).
* Remove maintainer from uploaders; dak can handle this properly.
* Update uploader address.
* Remove unnecessary code from debian/rules.
-- Russ Allbery <email address hidden> Fri, 18 Nov 2005 14:48:57 -0800
libpam-krb5 (1.0-12) unstable; urgency=low
* Revert the PAM_REINITIALIZE_CREDS change as it breaks sshd with
UsePAM. Add a source comment explaining the confusion about the
meaning of this flag.
-- Russ Allbery <email address hidden> Wed, 13 Apr 2005 16:01:45 -0700
libpam-krb5 (1.0-10) unstable; urgency=low
* Free authentication context used to prevent KDC spoofing, fixing a
file descriptor leak. Thanks, Martin Kggggggler. (Closes: #194542)
* Fix use_first_pass and try_first_pass for password changes and report
password change errors via the PAM conversation. Thanks, Martin Mares.
(Closes: #133461)
* Return PAM_USER_UNKNOWN and PAM_AUTHINFO_UNAVAIL where appropriate
when authenticating. Thanks, Roland Bauerschmidt. (Closes: #239399)
* Add missing includes to eliminate warnings.
* Update standards version to 3.6.1.
- Build with -g -O2 by default and support requesting no optimization.
* Simplified the build system. The copy of source files into a
subdirectory isn't needed since we don't apply patches at build time,
so the package can be built normally with a regular make invocation.
* Be sure not to pass -I/usr/include to the compiler.
* Updated the build system to debhelper 4.
- Removed unneeded call to dh_suidregister.
- Use dh_installman rather than dh_installmanpages.
* Flesh out the package description.
* Removed stray ex.doc-base.package file.
* Refer to /usr/share/common-licenses in debian/copyright for the GPL
and remove dh_make boilerplate language.
-- Russ Allbery <email address hidden> Mon, 6 Sep 2004 16:39:13 -0400
libpam-krb5 (1.0-8) unstable; urgency=low * Don't require user to exist in NSS, Closes: #141288 * Conflict with libpam-heimdal, Closes: #146279 * Fix pam_silent handling thanks to <email address hidden>, Closes: #114475 -- Sam Hartman <email address hidden> Sun, 4 Aug 2002 17:57:28 -0400
| 1 → 46 of 46 results | First • Previous • Next • Last |
