SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for pam_krb5-debuginfo-2.3.1-47.2.x86_64.rpm :
Fri Apr 9 14:00:00 2010 mcAATTsuse.de
- update translations

Thu Mar 25 13:00:00 2010 mcAATTsuse.de
- update translations

Thu Feb 5 13:00:00 2009 mcAATTsuse.de
- update translations

Mon Feb 2 13:00:00 2009 mcAATTsuse.de
- pam_sm_setcred should assume PAM_ESTABLISH_CRED
if no flag are passed (bnc#470414)

Tue Jan 13 13:00:00 2009 olhAATTsuse.de
- obsolete old -XXbit packages (bnc#437293)

Fri Nov 21 13:00:00 2008 mcAATTsuse.de
- update translations

Wed Nov 5 13:00:00 2008 mcAATTsuse.de
- update translations

Wed Oct 29 13:00:00 2008 mcAATTsuse.de
- use the upstream fix for
pam_krb5-2.3.1-fix-pwchange-with-use_shmem.dif

Tue Oct 28 13:00:00 2008 mcAATTsuse.de
- simplify switch permissions of refresh credentials
(remove pam_krb5-2.2.11-1-refresh-drop-restore-priv.dif
add pam_krb5-2.3.1-switch-perms-on-refresh.dif)

Fri Oct 24 14:00:00 2008 mcAATTsuse.de
- write new ticket into shmem after password change if requested.
(bnc#438181)
- update translations

Mon Oct 6 14:00:00 2008 mcAATTsuse.de
- fixing pam_krb5 existing_ticket permission flaw (CVE-2008-3825)
(bnc#425861)

Thu Sep 4 14:00:00 2008 mcAATTsuse.de
- if the realm name given to us is NULL, don\'t bother consulting
the appdefaults
- check for the \"debug\" flag earlier

Mon Sep 1 14:00:00 2008 mcAATTsuse.de
- validate new fetched credentials

Fri Jun 20 14:00:00 2008 mcAATTsuse.de
- version 2.3.1

* translations for messages!

* added the ability to set up tokens in the rxk5 format

* added the \"token_strategy\" option to control which methods we\'ll
try to use for setting tokens

* merge \"null_afs\" functionality from Jan Iven

* when we\'re changing passwords, force at least one attempt to
authenticate using the KDC, even in the pathological case where
there\'s no previously- entered password and we were told not to ask
for one (brc#400611)

Fri Jun 6 14:00:00 2008 mcAATTsuse.de
- update i18n files

Fri May 9 14:00:00 2008 mcAATTsuse.de
- update i18n files

Mon Apr 14 14:00:00 2008 mcAATTsuse.de
- update i18n files

Thu Apr 10 14:00:00 2008 roAATTsuse.de
- added baselibs.conf file to build xxbit packages
for multilib support

Thu Mar 13 13:00:00 2008 mcAATTsuse.de
- add i18n support

Mon Feb 11 13:00:00 2008 mcAATTsuse.de
- version 2.2.22

* moved .k5login checks to a subprocess to avoid screwing with the
parent process\'s tokens and PAG (fallout from #371761)

* all options which took true/false before (\"debug\", \"tokens\", and
so on) can now take service names

Wed Nov 21 13:00:00 2007 mcAATTsuse.de
- some bugfixes from upstream

Fri Nov 9 13:00:00 2007 mcAATTsuse.de
- version 2.2.21

* fix permissions problems on keyring ccaches, so that users can write
to them after we\'ve set them up, and we can still do the cleanup
- remove pam_krb5-2.2.20-1-copy-cache-priv-fix.dif; fix is upstream

Mon Nov 5 13:00:00 2007 mcAATTsuse.de
- pam_krb5-2.2.20-1-copy-cache-priv-fix.dif
fix permissions on the ccache im not file case
- pam_krb5-2.2.20-1-debug-log-choice.dif
improve debug log

Mon Oct 29 13:00:00 2007 mcAATTsuse.de
- version 2.2.20

* fixes for credential refreshing
- remove obsolete patch pam_krb5-2.2.19-fix-format-error.dif
(fix is upstream)

Fri Oct 26 14:00:00 2007 mcAATTsuse.de
- version 2.2.19:

* the \"keytab\" option can now be used to specify a custom location
for a given service from within krb5.conf

* log messages are now logged with facility LOG_AUTHPRIV (or LOG_AUTH
if LOG_AUTHPRIV is not defined) instead of the application\'s default
or LOG_USER

* added the \"pkinit_identity\" option to provide a way to specify
where the user\'s public-key credentials are, and \"pkinit_flags\" to
specify arbitrary flags for libkrb5 (Heimdal only)

* added the \"preauth_options\" option to provide a way to specify
arbitrary preauthentication options to libkrb5 (MIT only)

* added the \"ccname_template\" option to provide a way to specify
where the user\'s credentials should be stored, so that KEYRING:
credential caches can be deployed at will.

Tue Aug 7 14:00:00 2007 mcAATTsuse.de
- version 2.2.17:

* corrected a typo in the pam_krb5(8) man page

* clarified that the \"tokens\" flag should only be needed for
applications which are not using PAM correctly

* don\'t bother using a helper for creating v4 ticket files when we\'re
just getting tokens

* clean up the debug message which we emit when we do v5->v4
principal name conversion

* compilation fixes

* let default \"external\" and \"use_shmem\" settings be specified at
compile-time

* correctly return a \"unknown user\" error when attempting to change
a password for a user who has no corresponding principal (#235020)

* don\'t bother using a helper for creating ccache files, which we\'re
just going to delete, when we need to get tokens

Mon Jul 16 14:00:00 2007 mcAATTsuse.de
- version 2.2.14

* treat a \"client revoked\" error as an \"unknown principal\" error

* some small bugfixes

Fri Jul 13 14:00:00 2007 mcAATTsuse.de
- version 2.2.13

* make it possible to have more than one ccache (and tktfile) at
a time to work around apps which open a session, set the
environment, and initialize creds (when we previously created
a ccache, removing the one which was named in the environment)

Mon Jul 2 14:00:00 2007 mcAATTsuse.de
- version 2.2.12

* add a \"pwhelp\" option.

* Display the KDC error to users.

* lots of bugfixes

Thu Mar 15 13:00:00 2007 mcAATTsuse.de
- drop privileges in _pam_krb5_sly_maybe_refresh when
running in set uid and restore them on exit of this
function. This enables us to refresh the ticket
after screen un-lock.
[#124611]

Mon Sep 25 14:00:00 2006 mcAATTsuse.de
- version 2.2.11
- remove two patches with are upstream now
- pam_krb5-2.2.10-0-oldauthtok.dif
- pam_krb5-2.2.10-0-testfix.dif
- make use of --with-os-distribution

Thu Sep 14 14:00:00 2006 mcAATTsuse.de
- fix pam_set_item call for AUTHTOK and OLDAUTHTOK
- fix testcase
- if the server returns an error message during password-changing,
let the user see it
- add the \"debug_sensitive\" option, which actually logs passwords
- add the \"no_subsequent_prompt\" option, to force the module to
always answer a libkrb5 prompt with the PAM_AUTHTOK value

Tue Sep 12 14:00:00 2006 mcAATTsuse.de
- version 2.2.10

* log text for server-supplied error code along with the
failure information.

* rework the prompting bits so that it makes more correct use of
the initial_prompt/use_first_pass flags and correctly disables
use of the callback for arbitrary prompts

* give the caller a way to specify which prompter callback we
should use.

* track whether or not we want to let libkrb5 ask for information
via the callbacks.

* and more fixes

Thu Jul 27 14:00:00 2006 mcAATTsuse.de
- version 2.2.9

* look for krb5/krb5.h in preference to krb5.h (new in
MIT Kerberos 1.5)

* if the default principal in the ccache doesn\'t match the
userinfo structure, update the userinfo structure.

* always use the name of the v5 principal when saving
credentials, especially for the \"external\" case where
it may not be the value we originally guessed

* be more careful about other ways which our prompting
callback can try to break us

* go back to overwriting the template, to avoid uncontrolled
growth in the filename.

* build the new ccache name by appending the mkstemp template
instead of assuming the previous file ended with one

* and more fixes.
- remove pam_krb5-2.2.3-1-prompter-segfault.dif it is upstream now


  
ICM