Changelog
libpam-krb5 (3.11-3) unstable; urgency=low
* Fix segfault after detection of unsafe .k5login ownership when
search_k5login is set. Thanks, Andrew Deason. (Closes: #499479)
libpam-krb5 (3.11-2) unstable; urgency=low
* Fix double-free of the cache data structure if cache creation fails
while opening a session or setting credentials. (LP: #257826)
libpam-krb5 (3.11-1) unstable; urgency=low
* New upstream release.
- setcred, open_session, and acct_mgmt now return PAM_IGNORE instead
of PAM_SUCCESS for ignored users or non-Kerberos logins.
- New defer_pwchange option for fully correct expired password
handling. This is not the default because it will open security
holes in badly written applications.
- New force_pwchange option to force password change for expired
accounts during the authentication step even if the Kerberos library
doesn't support this.
- Warn if more than one of use_authtok, use_first_pass, and
try_first_pass are set and use the strongest.
- Remove workaround for older MIT Kerberos that improperly initialized
the credential option structure. The workaround was causing
problems for PKINIT with the current libraries (which fix this bug).
- Set explicit hidden visibility for all local symbols and further
restrict the visible symbols with a version script, removing leaks
of symbols into the application namespace.
* Install NEWS as the upstream changelog. Upstream no longer includes a
detailed CHANGES file.
* Rewrite and expand debian/copyright based on the upstream LICENSE
file.
* Add Vcs-Git and Vcs-Browser control fields.
* Update standards version to 3.8.0 (no changes required).
-- Ubuntu Archive Auto-Sync <email address hidden> Tue, 04 Nov 2008 21:33:04 +0000