-
libpam-krb5 (4.4-1ubuntu1) oneiric; urgency=low
* Search for heimdal and kerberos libraries in multiarch locations.
-- Matthias Klose <email address hidden> Sat, 13 Aug 2011 10:58:29 +0200
-
libpam-krb5 (4.4-1) unstable; urgency=low
* New upstream release.
- Do not prompt for a password when try_pkinit is set, removing a
spurious password prompt introduced in 4.1, but partly reintroducing
a bug causing the password to not be saved in the PAM data if
authentication falls back to password after a PKINIT failure.
- Organize the pam_krb5 man page into sections.
* Fix custom patch header to refer to pam-krb5, not remctl.
* Update standards version to 3.9.1.
- Refer to the GPL version 1 now that it's in common-licenses.
* Update to debhelper compatibility level V8 (no changes required).
libpam-krb5 (4.3-1) unstable; urgency=low
* New upstream release.
- New fast_ccache option, which if set attempts to use credentials in
that ticket cache to protect the Kerberos authentication with FAST.
Requires FAST support in the Kerberos libraries and hence only is
available in libpam-krb5, not libpam-heimdal, for right now.
- Fix error in freeing a previous alt_auth_map setting.
* Switch to 3.0 (quilt) source format. Force a single Debian patch and
include a custom patch header explaining that it is a rollup of any
fixes cherry-picked from upstream and breaking those patches out
separately would be work for no gain.
libpam-krb5 (4.2-2) unstable; urgency=low
* Build libpam-krb5 and libpam-heimdal from the same source package.
* Acknowledge libpam-heimdal NMU.
- Rebuild against current Heimdal libraries. (Closes: #559779)
- Add support for pam-auth-update. (Closes: #551455)
* Lower libpam-heimdal priority to extra, since it conflicts with
libpam-krb5 and the MIT Kerberos version will be sufficient for most
users.
* Fix spelling error in manual page.
* Update standards version to 3.8.4 (no changes required).
-- Ubuntu Archive Auto-Sync <email address hidden> Wed, 04 May 2011 16:23:46 +0000
-
libpam-krb5 (4.2-1) unstable; urgency=low
* New upstream release.
- New fail_pwchange option which treats expired passwords like
authentication failure and suppresses password change.
libpam-krb5 (4.1-1) unstable; urgency=low
* New upstream release.
- Fix return status for pam_setcred for ignored users and non-Kerberos
logins to return success. Returning failure breaks PAM
configurations using jumps, since modules doing jumps become
required on the pam_setcred pass through the auth group.
- During the second pass through the password group, always prompt for
and store the new password even if the user is ignored. This is
required to allow this module to be stacked with another module that
uses use_authtok. Thanks, Steve Langasek. (Closes: #545824)
- Log successful authentications with priority LOG_INFO.
- Log failed authentications with priority LOG_NOTICE.
- Use pam_syslog for logging and rationalize all logging to follow the
Linux PAM recommendations.
libpam-krb5 (4.0-1) unstable; urgency=low
* New upstream release.
- Add force_first_pass parameter to auth and password groups to force
use of the password in the PAM data even if none is set, replacing
part of the old meaning of use_authtok.
- use_authtok now only affects the new password during password
change, although use_authtok in the auth group has the old meaning
for backward compatibility. (Closes: #549188)
- use_first_pass and try_first_pass no longer affect how the new
password is obtained during password changes.
- Stop returning PAM_IGNORE from pam_setcred. This confuses older
versions of the Linux PAM library.
- Better logging in pam_sm_{open,close}_session.
* Add try_first_pass to the pam-krb5 password group pam-auth-update
configuration. Unlike the previous behavior, this means that if the
Kerberos password is different than the password of an earlier module
in the password group, pam-krb5 will now prompt the user for the
Kerberos password.
* Remove the libtool *.la file and set the permissions of pam_krb5.so
properly to work around the annoyances of switching to libtool.
* Update standards version to 3.8.3 (no changes required).
-- Ubuntu Archive Auto-Sync <email address hidden> Tue, 08 Dec 2009 02:20:11 +0000
