SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for pam_krb5-debuginfo-2.2.14-21.el5.i386.rpm :
Wed Jun 22 00:00:00 2011 Nalin Dahyabhai 2.2.14-21
- backport: during password change, only set PAM_AUTHTOK when we have
answered both a new password prompt and a new password confirmation
prompt with the same value (#713967)

Wed Apr 6 00:00:00 2011 Nalin Dahyabhai 2.2.14-20
- rebuild

Wed Mar 30 00:00:00 2011 Nalin Dahyabhai 2.2.14-19
- link pam_krb5 with -z nodelete so that memory allocated by library
dependencies which is lost at unload doesn\'t leak, for the sake of
applications which call PAM for authentication many times over (#643962)

Wed Jul 28 00:00:00 2010 Nalin Dahyabhai 2.2.14-18
- backport infrastructure for handling translations (part of #526067)
- patch in current translations (the rest of #526067)
- add build-time dependency on gettext-devel (more of #526067)

Wed Jul 28 00:00:00 2010 Nalin Dahyabhai 2.2.14-17
- recognize \"novalidate\" as an option which takes a list of services for
which TGT validation shouldn\'t be attempted (more of #541177)

Tue Jul 27 00:00:00 2010 Nalin Dahyabhai 2.2.14-16
- backport fixes to make the libdefaults verify_ap_req_nofail setting
control what happens when we can\'t read keytabs, and enable TGT validation
by default (#541177)

Mon Dec 14 23:00:00 2009 Nalin Dahyabhai 2.2.14-15
- update backport for selecting which key to use for validation so that it
prefers services with the local host name as the instance, from HEAD (more
of #450776)

Fri Dec 11 23:00:00 2009 Nalin Dahyabhai 2.2.14-14
- backport the \"multiple_ccaches\" option from HEAD, requiring that it
be enabled to not immediately remove an old ccache when asked to create
a new one (#463417)

Fri Dec 11 23:00:00 2009 Nalin Dahyabhai 2.2.14-13
- add patch to add the \"chpw_prompt\" option, to allow the older behavior
of attempting a password-change during authentication if libkrb5 detects
an expired password, based on patch from Olivier Fourdan (#509092)

Tue Jun 16 00:00:00 2009 Nalin Dahyabhai 2.2.14-12
- don\'t vary the password prompt depending on whether or not the user exists
or is known to the KDC (CVE-2009-1384, #505265)
- prefer using the \"host\" service when verifying that a TGT isn\'t forged,
from HEAD (#450776)

Fri Mar 27 23:00:00 2009 Nalin Dahyabhai 2.2.14-11
- don\'t enforce minimum_uid when no_user_check is also used, from
HEAD (#490404)
- don\'t try to get password-changing creds with all of the flags set
that we\'d request for a TGT (#489015)

Tue Nov 4 23:00:00 2008 Nalin Dahyabhai 2.2.14-10
- add workaround for libpam returning success from pam_get_user() when it
returns a NULL user name (#467208)

Tue Sep 16 00:00:00 2008 Nalin Dahyabhai 2.2.14-9
- add backported fix for ccache permissions bypass when the \"existing_ticket\"
option is used (CVE-2008-3825, #462113)

Sat Sep 13 00:00:00 2008 Nalin Dahyabhai 2.2.14-8
- fix a packaging error: we were including the unpatched version of README
after it had been patched

Fri Sep 5 00:00:00 2008 Nalin Dahyabhai
- backport change to link directly with libpam.so to keep applications which
dlopen libpam from failing to load pam_krb5.so (#460998)

Fri Sep 5 00:00:00 2008 Nalin Dahyabhai 2.2.14-7
- backport the \"null_afs\"/\"nullafs\" option from 2.3.0, based on Jan Iven\'s
patch, which instructs pam_krb5 to guess \"afsAATTREALM\" before \"afs/cellAATTREALM\"
when forced to guess the principal name of a given cell (#249558)

Fri Aug 29 00:00:00 2008 Nalin Dahyabhai
- backport change to use LOG_AUTHPRIV instead of the default facility when
logging messages (#354291)

Fri Mar 7 23:00:00 2008 Nalin Dahyabhai - 2.2.14-6
- when erroneously called with \"use_first_pass\" and no previously-supplied
password, ensure that we make at least one attempt to authenticate to the
KDC so that we can at least tell the difference between an unknown user
and other types of errors (more of #400611)

Mon Dec 17 23:00:00 2007 Nalin Dahyabhai - 2.2.14-5
- backport fixes from 2.2.15 to return user-unknown instead of auth-error
when the client in a password change doesn\'t match a known client principal,
and to avoid prompting for a new password unless we\'ve previously gotten
password-changing creds (#402721)

Mon Dec 17 23:00:00 2007 Nalin Dahyabhai
- actually apply the patch to fix #400611

Tue Dec 11 23:00:00 2007 Nalin Dahyabhai - 2.2.14-4
- skip second and third auth attempts whenever we already know that the
client is unknown to the KDC (#400611)

Wed Dec 5 23:00:00 2007 Nalin Dahyabhai - 2.2.14-3
- disable libkrb5\'s prompt-for-password-change-when-getting-initial-creds
behavior, if it provides a function to let us do that (#402721)

Thu Sep 6 00:00:00 2007 Nalin Dahyabhai - 2.2.14-2
- backport changes to password-change error text from HEAD (#230438)

Sat Jul 14 00:00:00 2007 Nalin Dahyabhai - 2.2.14-1
- update to 2.2.14

Fri Jul 13 00:00:00 2007 Nalin Dahyabhai
- update to 2.2.13

Mon Jun 25 00:00:00 2007 Nalin Dahyabhai - 2.2.12-1
- update to 2.2.12

Fri Sep 22 00:00:00 2006 Nalin Dahyabhai - 2.2.11-1
- update to 2.2.11

Thu Sep 14 00:00:00 2006 Nalin Dahyabhai - 2.2.10-1
- build

Wed Sep 13 00:00:00 2006 Nalin Dahyabhai - 2.2.10-0.1
- revert previous changes to how prompting works, and add a
no_subsequent_prompt option to suppress libkrb5-based prompts during
authentication, providing the PAM_AUTHTOK for all questions which
libkrb5 asks

Sat Sep 9 00:00:00 2006 Nalin Dahyabhai - 2.2.10-0
- rework prompting so that we stop getting stray prompts every now and then,
and so that use_first_pass will
*never
* prompt for any information

Wed Jul 26 00:00:00 2006 Nalin Dahyabhai - 2.2.9-1
- return PAM_IGNORE instead of PAM_SERVICE_ERR when we\'re called in
an unsafe situation and told to refresh credentials (#197428)
- drop from setuid to \"normal\" before calling our storetmp helper, so that
it doesn\'t freak out except when
*it
* is setuid (#190159)
- fix handling of \"external\" cases where the forwarded creds don\'t belong to
the principal name we guessed for the user (#182239,#197660)

Tue Jul 18 00:00:00 2006 Nalin Dahyabhai - 2.2.8-1.2
- rebuild

Thu Jul 13 00:00:00 2006 Jesse Keating - 2.2.8-1.1
- rebuild

Thu Mar 30 00:00:00 2006 Nalin Dahyabhai - 2.2.8-1
- don\'t try to validate creds in a password-changing situation, because the
attempt will always fail unless the matching key is in the keytab, which
should never be the case for the password-changing service (#187303, rbasch)
- if v4 has been disabled completely, go ahead and try to set 2b tokens
because we\'re going to end up having to do that anyway (#182378)

Fri Mar 10 23:00:00 2006 Nalin Dahyabhai - 2.2.7-2
- fixup man page conflicts in %install

Wed Mar 8 23:00:00 2006 Bill Nottingham - 2.2.6-2.2
- don\'t use paths in man pages - avoids multilib conflicts

Tue Feb 21 23:00:00 2006 Nalin Dahyabhai - 2.2.7-1
- add v4 credential conversion for \"use_shmem\" and \"external\" cases (though
it should be redundant with \"use_shmem\") (#182239)

Mon Feb 13 23:00:00 2006 Nalin Dahyabhai - 2.2.6-2
- rebuild

Mon Feb 6 23:00:00 2006 Nalin Dahyabhai - 2.2.6-1
- add a \"krb4_use_as_req\" option so that obtaining v4 creds kinit-style can
be disabled completely (Hugo Meiland)

Thu Jan 26 23:00:00 2006 Nalin Dahyabhai - 2.2.5-1
- don\'t log debug messages that we\'re skipping session setup/teardown unless
debugging is enabled (#179037)
- try to build the module with -Bsymbolic if we can figure out how to do that

Tue Jan 17 23:00:00 2006 Nalin Dahyabhai
- include the NEWS file as documentation

Mon Jan 16 23:00:00 2006 Nalin Dahyabhai - 2.2.4-1
- fix reporting of the exact reason why a password change failed

Mon Dec 19 23:00:00 2005 Nalin Dahyabhai - 2.2.3-1
- fix a compile problem caused by a missing #include (Jesse Keating)

Fri Dec 9 23:00:00 2005 Jesse Keating - 2.2.2-1.3
- rebuilt

Mon Nov 21 23:00:00 2005 Nalin Dahyabhai - 2.2.2-1
- don\'t leak the keytab descriptor during validation (#173681)

Tue Nov 15 23:00:00 2005 Nalin Dahyabhai - 2.2.1-1
- update to 2.2.1

Fri Nov 11 23:00:00 2005 Nalin Dahyabhai - 2.2.0-2
- rebuild

Fri Nov 11 23:00:00 2005 Nalin Dahyabhai - 2.2.0-1
- update to 2.2.0

Thu Oct 6 00:00:00 2005 Nalin Dahyabhai - 2.1.95-0
- update to 2.1.95

Tue Aug 31 00:00:00 2004 Nalin Dahyabhai - 2.1.2-1
- update to 2.1.2

Tue Jun 22 00:00:00 2004 Nalin Dahyabhai - 2.1.1-1
- update to 2.1.1

Thu Apr 22 00:00:00 2004 Nalin Dahyabhai - 2.1.0-1
- update to 2.1.0

Tue Mar 23 23:00:00 2004 Nalin Dahyabhai - 2.0.11-1
- update to 2.0.11

Tue Mar 16 23:00:00 2004 Nalin Dahyabhai - 2.0.10-1
- update to 2.0.10

Tue Mar 16 23:00:00 2004 Nalin Dahyabhai - 2.0.9-1
- update to 2.0.9

Tue Mar 16 23:00:00 2004 Nalin Dahyabhai - 2.0.8-1
- update to 2.0.8

Wed Mar 10 23:00:00 2004 Nalin Dahyabhai - 2.0.7-1
- update to 2.0.7

Fri Feb 27 23:00:00 2004 Nalin Dahyabhai - 2.0.6-1
- update to 2.0.6

Tue Feb 24 23:00:00 2004 Harald Hoyer - 2.0.5-3
- rebuilt

Tue Nov 25 23:00:00 2003 Nalin Dahyabhai 2.0.5-2
- actually changelog the update to 2.0.5

Tue Nov 25 23:00:00 2003 Nalin Dahyabhai 2.0.5-1
- update to 2.0.5

Sat Oct 11 00:00:00 2003 Nalin Dahyabhai 2.0.4-1
- update to 2.0.4

Sat Sep 20 00:00:00 2003 Nalin Dahyabhai 2.0.3-1
- update to 2.0.3

Sat Sep 6 00:00:00 2003 Nalin Dahyabhai 2.0.2-1
- update to 2.0.2

Fri Aug 15 00:00:00 2003 Nalin Dahyabhai 2.0.1-1
- update to 2.0.1

Sat Aug 9 00:00:00 2003 Nalin Dahyabhai 2.0-1
- update to 2.0

Thu Jan 30 23:00:00 2003 Nalin Dahyabhai 1.60-1
- fix uninitialized pointer crash reading cached return values

Wed Jan 29 23:00:00 2003 Nalin Dahyabhai 1.59-1
- fix crash with per-user stashes and return values

Tue Jan 28 23:00:00 2003 Nalin Dahyabhai 1.58-1
- fix configure to not link with both libk5crypto and libcrypto

Mon Jan 27 23:00:00 2003 Nalin Dahyabhai 1.57-1
- force -fPIC
- add --with-moduledir, --with-krb5-libs, --with-krbafs-libs to configure
- add per-user stashes and return values

Wed May 29 00:00:00 2002 Nalin Dahyabhai 1.56-1
- guess a default cell name
- fix what\'s hopefully the last parser bug

Fri May 17 00:00:00 2002 Nalin Dahyabhai 1.55-2
- rebuild in new environment

Mon Mar 25 23:00:00 2002 Nalin Dahyabhai 1.55-1
- handle account management for expired accounts correctly

Wed Mar 20 23:00:00 2002 Nalin Dahyabhai 1.54-1
- reorder configuration checks so that setting afs_cells will properly
force krb4_convert on

Wed Mar 20 23:00:00 2002 Nalin Dahyabhai 1.53-1
- fix what\'s hopefully the last parser bug

Mon Mar 18 23:00:00 2002 Nalin Dahyabhai 1.52-1
- apply patch from David Howells to add retain_tokens option

Thu Mar 7 23:00:00 2002 Nalin Dahyabhai 1.51-1
- fix what\'s hopefully the last parser bug

Sat Feb 23 23:00:00 2002 Nalin Dahyabhai 1.50-3
- rebuild

Wed Feb 20 23:00:00 2002 Nalin Dahyabhai 1.50-2
- rebuild in new environment

Fri Feb 15 23:00:00 2002 Nalin Dahyabhai 1.50-1
- documentation updates (no code changes)

Tue Feb 12 23:00:00 2002 Nalin Dahyabhai 1.49-1
- set PAM_USER using the user\'s parsed name, converted back to a local name
- add account management service (checks for key expiration and krb5_kuserok())
- handle account expiration errors

Fri Jan 25 23:00:00 2002 Nalin Dahyabhai 1.48-1
- autoconf fixes

Sat Oct 27 00:00:00 2001 Nalin Dahyabhai 1.47-2
- bump release number and rebuild to link with new version of krbafs

Wed Sep 26 00:00:00 2001 Nalin Dahyabhai 1.47-1
- fix parsing of options which have multiple whitespace-separated values,
like afs_cells

Thu Sep 6 00:00:00 2001 Nalin Dahyabhai 1.46-1
- link with libresolv to get res_search, tip from Justin McNutt, who
built it statically
- explicitly link with libdes425
- handle cases where getpwnam_r fails but still sets the result pointer
- if use_authtok is given and there is no authtok, error out

Tue Aug 28 00:00:00 2001 Nalin Dahyabhai 1.45-1
- set the default realm when a default realm is specified

Fri Aug 24 00:00:00 2001 Nalin Dahyabhai 1.44-1
- only use Kerberos error codes when there is no PAM error yet

Thu Aug 23 00:00:00 2001 Nalin Dahyabhai 1.43-1
- add minimum UID support (#52358)
- don\'t link pam_krb5 with libkrbafs
- make all options in krb5.conf available as PAM config arguments

Wed Aug 1 00:00:00 2001 Nalin Dahyabhai
- merge patch from Chris Chiappa for building with Heimdal

Wed Jul 25 00:00:00 2001 Nalin Dahyabhai
- note that we had to prepend the current directory to a given path in
dlopen.c when we had to (noted by Onime Clement)

Wed Jul 18 00:00:00 2001 Nalin Dahyabhai 1.42-1
- return PAM_NEW_AUTHTOK_REQD when attempts to get initial credentials
fail with KRB5KDC_ERR_KEY_EXP (noted by Onime Clement)

Fri Jul 13 00:00:00 2001 Nalin Dahyabhai
- add info about accessing the CVS repository to the README
- parser cleanups (thanks to Dane Skow for a more complicated sample)

Thu Jul 12 00:00:00 2001 Nalin Dahyabhai
- buildprereq the krbafs-devel package

Sat Jul 7 00:00:00 2001 Nalin Dahyabhai
- don\'t set forwardable and assorted other flags when getting password-
changing service ticket (noted, and fix supplied, by Onime Clement)
- try __posix_getpwnam_r on Solaris before we try getpwnam_r, which may
or may not be expecting the same number/type of arguments (noted by
Onime Clement)
- use krb5_aname_to_localname to convert the principal to a login name
and set PAM_USER to the result when authenticating
- some autoconf fixes for failure cases

Wed Jun 27 00:00:00 2001 Nalin Dahyabhai
- use krb5_change_password() to change passwords

Wed Jun 13 00:00:00 2001 Nalin Dahyabhai
- use getpwnam_r instead of getpwnam when available

Sat Jun 9 00:00:00 2001 Nalin Dahyabhai
- cleanup some autoconf checks

Fri Jun 8 00:00:00 2001 Nalin Dahyabhai
- don\'t call initialize_krb5_error_table() or initialize_ovk_error_table()
if they\'re not found at compile-time (reported for RHL 6.x by Chris Riley)

Fri Jun 1 00:00:00 2001 Nalin Dahyabhai
- note that [pam] is still checked in addition to [appdefaults]
- note that AFS and Kerberos IV support requires working Kerberos IV
configuration files (i.e., kinit -4 needs to work) (doc changes
suggested by Martin Schulz)

Wed May 30 00:00:00 2001 Nalin Dahyabhai
- add max_timeout, timeout_shift, initial_timeout, and addressless options
(patches from Simon Wilkinson)
- fix the README to document the [appdefaults] section instead of [pam]
- change example host and cell names in the README to use example domains

Thu May 3 00:00:00 2001 Nalin Dahyabhai
- don\'t delete tokens unless we\'re also removing ticket files (report and
patch from Sean Dilda)
- report initialization errors better

Fri Apr 27 00:00:00 2001 Nalin Dahyabhai
- treat semicolons as a comment character, like hash marks (bug reported by
Greg Francis at Gonzaga University)
- use the [:blank:] equivalence class to simplify the configuration file parser
- don\'t mess with the real environment
- implement mostly-complete aging support

Sun Apr 8 00:00:00 2001 Nalin Dahyabhai
- tweak the man page (can\'t use italics and bold simultaneously)

Sat Apr 7 00:00:00 2001 Nalin Dahyabhai
- restore the default TGS value (#35015)

Thu Mar 29 00:00:00 2001 Nalin Dahyabhai
- fix a debug message
- fix uninitialized pointer error

Tue Mar 27 00:00:00 2001 Nalin Dahyabhai
- don\'t fail to fixup the krb5 ccache if something goes wrong obtaining
v4 credentials or creating a krb4 ticket file (#33262)

Thu Mar 22 23:00:00 2001 Nalin Dahyabhai
- fixup the man page
- log return code from k_setpag() when debugging
- create credentials and get tokens when setcred is called for REINITIALIZE

Wed Mar 21 23:00:00 2001 Nalin Dahyabhai
- don\'t twiddle ownerships until after we get AFS tokens
- use the current time instead of the issue time when storing v4 creds, since
we don\'t know the issuing host\'s byte order
- depend on a PAM development header again instead of pam-devel

Tue Mar 20 23:00:00 2001 Nalin Dahyabhai
- add a separate config file parser for compatibility with settings that
predate the appdefault API
- use a version script under Linux to avoid polluting the global namespace
- don\'t have a default for afs_cells
- need to close the file when we succeed in fixing permissions (noted by
jlkatzAATTeos.ncsu.edu)

Mon Mar 19 23:00:00 2001 Nalin Dahyabhai
- use the appdefault API to read krb5.conf if available
- create v4 tickets in such a way as to allow 1.2.2 to not think there\'s
something fishy going on

Tue Feb 13 23:00:00 2001 Nalin Dahyabhai
- don\'t log unknown user names to syslog -- they might be sensitive information

Fri Feb 9 23:00:00 2001 Nalin Dahyabhai
- handle cases where krb5_init_context() fails

Wed Jan 17 23:00:00 2001 Nalin Dahyabhai
- be more careful around memory allocation (fixes from David J. MacKenzie)

Mon Jan 15 23:00:00 2001 Nalin Dahyabhai
- no fair trying to make me authenticate \'(null)\'

Tue Dec 5 23:00:00 2000 Nalin Dahyabhai
- rebuild in new environment

Fri Dec 1 23:00:00 2000 Nalin Dahyabhai
- rebuild in new environment

Wed Nov 8 23:00:00 2000 Nalin Dahyabhai
- only try to delete ccache files once
- ignore extra data in v4 TGTs, but log that we got some
- require \"validate\" to be true to try validating, and fail if validation fails

Fri Oct 20 00:00:00 2000 Nalin Dahyabhai
- catch and ignore errors reading keys from the keytab (for xscreensaver, vlock)

Thu Oct 19 00:00:00 2000 Nalin Dahyabhai
- fix prompting when the module\'s first in the stack and the user does not have
a corresponding principal in the local realm
- properly implement TGT validation
- change a few non-error status messages into debugging messages
- sync the README and the various man pages up

Tue Oct 3 00:00:00 2000 Nalin Dahyabhai
- fix \"use_authtok\" logic when password was not set by previous module
- require pam-devel to build

Mon Aug 28 00:00:00 2000 Nalin Dahyabhai
- fix errors with multiple addresses (#16847)

Thu Aug 17 00:00:00 2000 Nalin Dahyabhai
- change summary

Fri Aug 11 00:00:00 2000 Nalin Dahyabhai
- fix handling of null passwords

Thu Jul 6 00:00:00 2000 Nalin Dahyabhai
- fixes for Solaris 7 from Trevor Schroeder

Wed Jun 28 00:00:00 2000 Nalin Dahyabhai
- add Seth Vidal\'s no_user_check flag
- document no_user_check and skip_first_pass options in the man pages
- rebuild against Kerberos 5 1.2 (release 15)

Tue Jun 6 00:00:00 2000 Nalin Dahyabhai
- move man pages to /usr/share/man

Thu May 18 00:00:00 2000 Nalin Dahyabhai
- Make errors chown()ing ccache files non-fatal if (getuid() != 0), suggested
by Steve Langasek.

Tue May 16 00:00:00 2000 Nalin Dahyabhai
- Attempt to get initial Kerberos IV credentials when we get Kerberos 5 creds

Fri Apr 21 00:00:00 2000 Nalin Dahyabhai
- Chris Chiappa\'s modifications for customizing the ccache directory

Thu Apr 20 00:00:00 2000 Nalin Dahyabhai
- Mark Dawson\'s fix for krb4_convert not being forced on when afs_cells defined

Thu Mar 23 23:00:00 2000 Nalin Dahyabhai
- fix problem with leftover ticket files after multiple setcred() calls

Mon Mar 20 23:00:00 2000 Nalin Dahyabhai
- add proper copyright statements
- save password for modules later in the stack

Fri Mar 3 23:00:00 2000 Nalin Dahyabhai
- clean up prompter

Thu Mar 2 23:00:00 2000 Nalin Dahyabhai
- add krbafs as a requirement

Fri Feb 4 23:00:00 2000 Nalin Dahyabhai
- pick up non-afs PAM config files again

Wed Feb 2 23:00:00 2000 Nalin Dahyabhai
- autoconf and putenv() fixes for broken apps
- fix for compressed man pages

Fri Jan 14 23:00:00 2000 Nalin Dahyabhai
- tweak passwd, su, and vlock configuration files

Fri Jan 7 23:00:00 2000 Nalin Dahyabhai
- added both modules to spec file

Wed Dec 22 23:00:00 1999 Nalin Dahyabhai
- adapted the original spec file from pam_ldap


  
ICM