Changelog
libpam-krb5 (4.2-1) unstable; urgency=low
* New upstream release.
- New fail_pwchange option which treats expired passwords like
authentication failure and suppresses password change.
libpam-krb5 (4.1-1) unstable; urgency=low
* New upstream release.
- Fix return status for pam_setcred for ignored users and non-Kerberos
logins to return success. Returning failure breaks PAM
configurations using jumps, since modules doing jumps become
required on the pam_setcred pass through the auth group.
- During the second pass through the password group, always prompt for
and store the new password even if the user is ignored. This is
required to allow this module to be stacked with another module that
uses use_authtok. Thanks, Steve Langasek. (Closes: #545824)
- Log successful authentications with priority LOG_INFO.
- Log failed authentications with priority LOG_NOTICE.
- Use pam_syslog for logging and rationalize all logging to follow the
Linux PAM recommendations.
libpam-krb5 (4.0-1) unstable; urgency=low
* New upstream release.
- Add force_first_pass parameter to auth and password groups to force
use of the password in the PAM data even if none is set, replacing
part of the old meaning of use_authtok.
- use_authtok now only affects the new password during password
change, although use_authtok in the auth group has the old meaning
for backward compatibility. (Closes: #549188)
- use_first_pass and try_first_pass no longer affect how the new
password is obtained during password changes.
- Stop returning PAM_IGNORE from pam_setcred. This confuses older
versions of the Linux PAM library.
- Better logging in pam_sm_{open,close}_session.
* Add try_first_pass to the pam-krb5 password group pam-auth-update
configuration. Unlike the previous behavior, this means that if the
Kerberos password is different than the password of an earlier module
in the password group, pam-krb5 will now prompt the user for the
Kerberos password.
* Remove the libtool *.la file and set the permissions of pam_krb5.so
properly to work around the annoyances of switching to libtool.
* Update standards version to 3.8.3 (no changes required).
-- Ubuntu Archive Auto-Sync <email address hidden> Tue, 08 Dec 2009 02:20:11 +0000