Ubuntu
libpam-krb5 package

libpam-krb5 1.2.0-3 source package in Ubuntu

Changelog

libpam-krb5 (1.2.0-3) unstable; urgency=low

  * Only call krb5_kuserok when the account to which we're authenticating
    is a local account to allow use of pam_krb5 for application
    authentication of users without local accounts.  (Closes: #354133)
  * Restructure the code to do user validation after obtaining their
    initial tickets.  This eliminates a lot of confusing special cases and
    deferred checking and makes it easier to audit the code.
  * Don't create the ticket cache until after successful authentication.
    Otherwise, we leave files behind in /tmp.
  * Document what principals libpam_krb5.so looks for in the system keytab
    to do ticket validation.  (Closes: #350556)

libpam-krb5 (1.2.0-2) unstable; urgency=low

  * Always use a disk cache for temporary storage of credentials and cope
    with not having module-specific data during pam_sm_setcred by passing
    the cache path in an environment variable.  This is required to cope
    with OpenSSH's technique (when using ChallengeResponseAuthentication)
    of doing PAM authentication in a child process and then opening the
    session in the parent.  (Closes: #339734)
  * Only initialize the ticket cache once no matter how many times setcred
    is called.  Saves duplicate work and works around a bug in xdm, which
    calls setcred repeatedly and discards the environment set by the final
    call.
  * Don't assume we already have a context when changing passwords; passwd
    doesn't work that way.  (Closes: #344003)
  * Fix the test for the new password.  I don't think this would have
    worked at all before.
  * Improve debugging output for password changes.
  * If search_k5login is specified but no .k5login is found, still check
    the user with krb5_kuserok in case there are custom principal mappings
    defined.
  * Handle ignore_root in a cleaner fashion and add support for
    ignore_root on password changes.
  * Depend on krb5-config.  (Closes: #342271)
  * Document that ccache and ccache_dir must be specified as options to
    the session module.  (Closes: #341926)
  * Document that pam_sm_authenticate and pam_sm_setcred also call
    krb5_kuserok.
  * Properly override the upstream CFLAGS so that debugging builds work.
  * Don't ignore errors from make clean.
  * Providing binary-indep in debian/rules is required by Policy even if
    there are no arch-independent packages.  Whoops.

 -- Timo Aaltonen <email address hidden>   Thu,  18 May 2006 01:09:34 +0100

Upload details

Uploaded by:
Timo Aaltonen
Uploaded to:
Dapper
Original maintainer:
Sam Hartman
Architectures:
any
Section:
net
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
libpam-krb5_1.2.0.orig.tar.gz 41.7 KiB eface6adfc225c737fa1270c9cd0060b2f9362b4c02ffa311fbbf5198a5eb8b5
libpam-krb5_1.2.0-3.diff.gz 18.1 KiB 92ccc42cd8038bbc6637a49b64f01b56d7e227d178016040e81fc1ef73d179a7
libpam-krb5_1.2.0-3.dsc 657 bytes 541577214bfba161d71174883c1ada3d0249d9980b0e94bfa8aa29d0f76d5316

View changes file

Binary packages built by this source

libpam-krb5: No summary available for libpam-krb5 in ubuntu edgy.

No description available for libpam-krb5 in ubuntu edgy.