SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for pam_krb5-debuginfo-2.2.14-22.el5.i386.rpm :

* Tue Oct 25 2011 Nalin Dahyabhai 2.2.14-22- refuse to supply non-password information via prompter callback when obtaining password-changing credentials (#715073)
* Wed Jun 22 2011 Nalin Dahyabhai 2.2.14-21- backport: during password change, only set PAM_AUTHTOK when we have answered both a new password prompt and a new password confirmation prompt with the same value (#713967)
* Wed Apr 06 2011 Nalin Dahyabhai 2.2.14-20- rebuild
* Wed Mar 30 2011 Nalin Dahyabhai 2.2.14-19- link pam_krb5 with -z nodelete so that memory allocated by library dependencies which is lost at unload doesn\'t leak, for the sake of applications which call PAM for authentication many times over (#643962)
* Wed Jul 28 2010 Nalin Dahyabhai 2.2.14-18- backport infrastructure for handling translations (part of #526067)- patch in current translations (the rest of #526067)- add build-time dependency on gettext-devel (more of #526067)
* Wed Jul 28 2010 Nalin Dahyabhai 2.2.14-17- recognize \"novalidate\" as an option which takes a list of services for which TGT validation shouldn\'t be attempted (more of #541177)
* Tue Jul 27 2010 Nalin Dahyabhai 2.2.14-16- backport fixes to make the libdefaults verify_ap_req_nofail setting control what happens when we can\'t read keytabs, and enable TGT validation by default (#541177)
* Mon Dec 14 2009 Nalin Dahyabhai 2.2.14-15- update backport for selecting which key to use for validation so that it prefers services with the local host name as the instance, from HEAD (more of #450776)
* Fri Dec 11 2009 Nalin Dahyabhai 2.2.14-14- backport the \"multiple_ccaches\" option from HEAD, requiring that it be enabled to not immediately remove an old ccache when asked to create a new one (#463417)
* Fri Dec 11 2009 Nalin Dahyabhai 2.2.14-13- add patch to add the \"chpw_prompt\" option, to allow the older behavior of attempting a password-change during authentication if libkrb5 detects an expired password, based on patch from Olivier Fourdan (#509092)
* Tue Jun 16 2009 Nalin Dahyabhai 2.2.14-12- don\'t vary the password prompt depending on whether or not the user exists or is known to the KDC (CVE-2009-1384, #505265)- prefer using the \"host\" service when verifying that a TGT isn\'t forged, from HEAD (#450776)
* Fri Mar 27 2009 Nalin Dahyabhai 2.2.14-11- don\'t enforce minimum_uid when no_user_check is also used, from HEAD (#490404)- don\'t try to get password-changing creds with all of the flags set that we\'d request for a TGT (#489015)
* Tue Nov 04 2008 Nalin Dahyabhai 2.2.14-10- add workaround for libpam returning success from pam_get_user() when it returns a NULL user name (#467208)
* Tue Sep 16 2008 Nalin Dahyabhai 2.2.14-9- add backported fix for ccache permissions bypass when the \"existing_ticket\" option is used (CVE-2008-3825, #462113)
* Sat Sep 13 2008 Nalin Dahyabhai 2.2.14-8- fix a packaging error: we were including the unpatched version of README after it had been patched
* Fri Sep 05 2008 Nalin Dahyabhai - backport change to link directly with libpam.so to keep applications which dlopen libpam from failing to load pam_krb5.so (#460998)
* Fri Sep 05 2008 Nalin Dahyabhai 2.2.14-7- backport the \"null_afs\"/\"nullafs\" option from 2.3.0, based on Jan Iven\'s patch, which instructs pam_krb5 to guess \"afsAATTREALM\" before \"afs/cellAATTREALM\" when forced to guess the principal name of a given cell (#249558)
* Fri Aug 29 2008 Nalin Dahyabhai - backport change to use LOG_AUTHPRIV instead of the default facility when logging messages (#354291)
* Fri Mar 07 2008 Nalin Dahyabhai - 2.2.14-6- when erroneously called with \"use_first_pass\" and no previously-supplied password, ensure that we make at least one attempt to authenticate to the KDC so that we can at least tell the difference between an unknown user and other types of errors (more of #400611)
* Mon Dec 17 2007 Nalin Dahyabhai - 2.2.14-5- backport fixes from 2.2.15 to return user-unknown instead of auth-error when the client in a password change doesn\'t match a known client principal, and to avoid prompting for a new password unless we\'ve previously gotten password-changing creds (#402721)
* Mon Dec 17 2007 Nalin Dahyabhai - actually apply the patch to fix #400611
* Tue Dec 11 2007 Nalin Dahyabhai - 2.2.14-4- skip second and third auth attempts whenever we already know that the client is unknown to the KDC (#400611)
* Wed Dec 05 2007 Nalin Dahyabhai - 2.2.14-3- disable libkrb5\'s prompt-for-password-change-when-getting-initial-creds behavior, if it provides a function to let us do that (#402721)
* Thu Sep 06 2007 Nalin Dahyabhai - 2.2.14-2- backport changes to password-change error text from HEAD (#230438)
* Sat Jul 14 2007 Nalin Dahyabhai - 2.2.14-1- update to 2.2.14
* Fri Jul 13 2007 Nalin Dahyabhai - update to 2.2.13
* Mon Jun 25 2007 Nalin Dahyabhai - 2.2.12-1- update to 2.2.12
* Fri Sep 22 2006 Nalin Dahyabhai - 2.2.11-1- update to 2.2.11
* Thu Sep 14 2006 Nalin Dahyabhai - 2.2.10-1- build
* Wed Sep 13 2006 Nalin Dahyabhai - 2.2.10-0.1- revert previous changes to how prompting works, and add a no_subsequent_prompt option to suppress libkrb5-based prompts during authentication, providing the PAM_AUTHTOK for all questions which libkrb5 asks
* Sat Sep 09 2006 Nalin Dahyabhai - 2.2.10-0- rework prompting so that we stop getting stray prompts every now and then, and so that use_first_pass will
*never
* prompt for any information
* Wed Jul 26 2006 Nalin Dahyabhai - 2.2.9-1- return PAM_IGNORE instead of PAM_SERVICE_ERR when we\'re called in an unsafe situation and told to refresh credentials (#197428)- drop from setuid to \"normal\" before calling our storetmp helper, so that it doesn\'t freak out except when
*it
* is setuid (#190159)- fix handling of \"external\" cases where the forwarded creds don\'t belong to the principal name we guessed for the user (#182239,#197660)
* Tue Jul 18 2006 Nalin Dahyabhai - 2.2.8-1.2- rebuild
* Thu Jul 13 2006 Jesse Keating - 2.2.8-1.1- rebuild
* Thu Mar 30 2006 Nalin Dahyabhai - 2.2.8-1- don\'t try to validate creds in a password-changing situation, because the attempt will always fail unless the matching key is in the keytab, which should never be the case for the password-changing service (#187303, rbasch)- if v4 has been disabled completely, go ahead and try to set 2b tokens because we\'re going to end up having to do that anyway (#182378)
* Fri Mar 10 2006 Nalin Dahyabhai - 2.2.7-2- fixup man page conflicts in %install
* Wed Mar 08 2006 Bill Nottingham - 2.2.6-2.2- don\'t use paths in man pages - avoids multilib conflicts
* Tue Feb 21 2006 Nalin Dahyabhai - 2.2.7-1- add v4 credential conversion for \"use_shmem\" and \"external\" cases (though it should be redundant with \"use_shmem\") (#182239)
* Mon Feb 13 2006 Nalin Dahyabhai - 2.2.6-2- rebuild
* Mon Feb 06 2006 Nalin Dahyabhai - 2.2.6-1- add a \"krb4_use_as_req\" option so that obtaining v4 creds kinit-style can be disabled completely (Hugo Meiland)
* Thu Jan 26 2006 Nalin Dahyabhai - 2.2.5-1- don\'t log debug messages that we\'re skipping session setup/teardown unless debugging is enabled (#179037)- try to build the module with -Bsymbolic if we can figure out how to do that
* Tue Jan 17 2006 Nalin Dahyabhai - include the NEWS file as documentation
* Mon Jan 16 2006 Nalin Dahyabhai - 2.2.4-1- fix reporting of the exact reason why a password change failed
* Mon Dec 19 2005 Nalin Dahyabhai - 2.2.3-1- fix a compile problem caused by a missing #include (Jesse Keating)
* Fri Dec 09 2005 Jesse Keating - 2.2.2-1.3- rebuilt
* Mon Nov 21 2005 Nalin Dahyabhai - 2.2.2-1- don\'t leak the keytab descriptor during validation (#173681)
* Tue Nov 15 2005 Nalin Dahyabhai - 2.2.1-1- update to 2.2.1
* Fri Nov 11 2005 Nalin Dahyabhai - 2.2.0-2- rebuild
* Fri Nov 11 2005 Nalin Dahyabhai - 2.2.0-1- update to 2.2.0
* Thu Oct 06 2005 Nalin Dahyabhai - 2.1.95-0- update to 2.1.95
* Tue Aug 31 2004 Nalin Dahyabhai - 2.1.2-1- update to 2.1.2
* Tue Jun 22 2004 Nalin Dahyabhai - 2.1.1-1- update to 2.1.1
* Thu Apr 22 2004 Nalin Dahyabhai - 2.1.0-1- update to 2.1.0
* Tue Mar 23 2004 Nalin Dahyabhai - 2.0.11-1- update to 2.0.11
* Tue Mar 16 2004 Nalin Dahyabhai - 2.0.10-1- update to 2.0.10
* Tue Mar 16 2004 Nalin Dahyabhai - 2.0.9-1- update to 2.0.9
* Tue Mar 16 2004 Nalin Dahyabhai - 2.0.8-1- update to 2.0.8
* Wed Mar 10 2004 Nalin Dahyabhai - 2.0.7-1- update to 2.0.7
* Fri Feb 27 2004 Nalin Dahyabhai - 2.0.6-1- update to 2.0.6
* Tue Feb 24 2004 Harald Hoyer - 2.0.5-3- rebuilt
* Tue Nov 25 2003 Nalin Dahyabhai 2.0.5-2- actually changelog the update to 2.0.5
* Tue Nov 25 2003 Nalin Dahyabhai 2.0.5-1- update to 2.0.5
* Sat Oct 11 2003 Nalin Dahyabhai 2.0.4-1- update to 2.0.4
* Sat Sep 20 2003 Nalin Dahyabhai 2.0.3-1- update to 2.0.3
* Sat Sep 06 2003 Nalin Dahyabhai 2.0.2-1- update to 2.0.2
* Fri Aug 15 2003 Nalin Dahyabhai 2.0.1-1- update to 2.0.1
* Sat Aug 09 2003 Nalin Dahyabhai 2.0-1- update to 2.0
* Thu Jan 30 2003 Nalin Dahyabhai 1.60-1- fix uninitialized pointer crash reading cached return values
* Wed Jan 29 2003 Nalin Dahyabhai 1.59-1- fix crash with per-user stashes and return values
* Tue Jan 28 2003 Nalin Dahyabhai 1.58-1- fix configure to not link with both libk5crypto and libcrypto
* Mon Jan 27 2003 Nalin Dahyabhai 1.57-1- force -fPIC- add --with-moduledir, --with-krb5-libs, --with-krbafs-libs to configure- add per-user stashes and return values
* Wed May 29 2002 Nalin Dahyabhai 1.56-1- guess a default cell name- fix what\'s hopefully the last parser bug
* Fri May 17 2002 Nalin Dahyabhai 1.55-2- rebuild in new environment
* Mon Mar 25 2002 Nalin Dahyabhai 1.55-1- handle account management for expired accounts correctly
* Wed Mar 20 2002 Nalin Dahyabhai 1.54-1- reorder configuration checks so that setting afs_cells will properly force krb4_convert on
* Wed Mar 20 2002 Nalin Dahyabhai 1.53-1- fix what\'s hopefully the last parser bug
* Mon Mar 18 2002 Nalin Dahyabhai 1.52-1- apply patch from David Howells to add retain_tokens option
* Thu Mar 07 2002 Nalin Dahyabhai 1.51-1- fix what\'s hopefully the last parser bug
* Sat Feb 23 2002 Nalin Dahyabhai 1.50-3- rebuild
* Wed Feb 20 2002 Nalin Dahyabhai 1.50-2- rebuild in new environment
* Fri Feb 15 2002 Nalin Dahyabhai 1.50-1- documentation updates (no code changes)
* Tue Feb 12 2002 Nalin Dahyabhai 1.49-1- set PAM_USER using the user\'s parsed name, converted back to a local name- add account management service (checks for key expiration and krb5_kuserok())- handle account expiration errors
* Fri Jan 25 2002 Nalin Dahyabhai 1.48-1- autoconf fixes
* Sat Oct 27 2001 Nalin Dahyabhai 1.47-2- bump release number and rebuild to link with new version of krbafs
* Wed Sep 26 2001 Nalin Dahyabhai 1.47-1- fix parsing of options which have multiple whitespace-separated values, like afs_cells
* Thu Sep 06 2001 Nalin Dahyabhai 1.46-1- link with libresolv to get res_search, tip from Justin McNutt, who built it statically- explicitly link with libdes425- handle cases where getpwnam_r fails but still sets the result pointer- if use_authtok is given and there is no authtok, error out
* Tue Aug 28 2001 Nalin Dahyabhai 1.45-1- set the default realm when a default realm is specified
* Fri Aug 24 2001 Nalin Dahyabhai 1.44-1- only use Kerberos error codes when there is no PAM error yet
* Thu Aug 23 2001 Nalin Dahyabhai 1.43-1- add minimum UID support (#52358)- don\'t link pam_krb5 with libkrbafs- make all options in krb5.conf available as PAM config arguments
* Wed Aug 01 2001 Nalin Dahyabhai - merge patch from Chris Chiappa for building with Heimdal
* Wed Jul 25 2001 Nalin Dahyabhai - note that we had to prepend the current directory to a given path in dlopen.c when we had to (noted by Onime Clement)
* Wed Jul 18 2001 Nalin Dahyabhai 1.42-1- return PAM_NEW_AUTHTOK_REQD when attempts to get initial credentials fail with KRB5KDC_ERR_KEY_EXP (noted by Onime Clement)
* Fri Jul 13 2001 Nalin Dahyabhai - add info about accessing the CVS repository to the README- parser cleanups (thanks to Dane Skow for a more complicated sample)
* Thu Jul 12 2001 Nalin Dahyabhai - buildprereq the krbafs-devel package
* Sat Jul 07 2001 Nalin Dahyabhai - don\'t set forwardable and assorted other flags when getting password- changing service ticket (noted, and fix supplied, by Onime Clement)- try __posix_getpwnam_r on Solaris before we try getpwnam_r, which may or may not be expecting the same number/type of arguments (noted by Onime Clement)- use krb5_aname_to_localname to convert the principal to a login name and set PAM_USER to the result when authenticating- some autoconf fixes for failure cases
* Wed Jun 27 2001 Nalin Dahyabhai - use krb5_change_password() to change passwords
* Wed Jun 13 2001 Nalin Dahyabhai - use getpwnam_r instead of getpwnam when available
* Sat Jun 09 2001 Nalin Dahyabhai - cleanup some autoconf checks
* Fri Jun 08 2001 Nalin Dahyabhai - don\'t call initialize_krb5_error_table() or initialize_ovk_error_table() if they\'re not found at compile-time (reported for RHL 6.x by Chris Riley)
* Fri Jun 01 2001 Nalin Dahyabhai - note that [pam] is still checked in addition to [appdefaults]- note that AFS and Kerberos IV support requires working Kerberos IV configuration files (i.e., kinit -4 needs to work) (doc changes suggested by Martin Schulz)
* Wed May 30 2001 Nalin Dahyabhai - add max_timeout, timeout_shift, initial_timeout, and addressless options (patches from Simon Wilkinson)- fix the README to document the [appdefaults] section instead of [pam]- change example host and cell names in the README to use example domains
* Thu May 03 2001 Nalin Dahyabhai - don\'t delete tokens unless we\'re also removing ticket files (report and patch from Sean Dilda)- report initialization errors better
* Fri Apr 27 2001 Nalin Dahyabhai - treat semicolons as a comment character, like hash marks (bug reported by Greg Francis at Gonzaga University)- use the [:blank:] equivalence class to simplify the configuration file parser- don\'t mess with the real environment- implement mostly-complete aging support
* Sun Apr 08 2001 Nalin Dahyabhai - tweak the man page (can\'t use italics and bold simultaneously)
* Sat Apr 07 2001 Nalin Dahyabhai - restore the default TGS value (#35015)
* Thu Mar 29 2001 Nalin Dahyabhai - fix a debug message- fix uninitialized pointer error
* Tue Mar 27 2001 Nalin Dahyabhai - don\'t fail to fixup the krb5 ccache if something goes wrong obtaining v4 credentials or creating a krb4 ticket file (#33262)
* Thu Mar 22 2001 Nalin Dahyabhai - fixup the man page- log return code from k_setpag() when debugging- create credentials and get tokens when setcred is called for REINITIALIZE
* Wed Mar 21 2001 Nalin Dahyabhai - don\'t twiddle ownerships until after we get AFS tokens- use the current time instead of the issue time when storing v4 creds, since we don\'t know the issuing host\'s byte order- depend on a PAM development header again instead of pam-devel
* Tue Mar 20 2001 Nalin Dahyabhai - add a separate config file parser for compatibility with settings that predate the appdefault API- use a version script under Linux to avoid polluting the global namespace- don\'t have a default for afs_cells- need to close the file when we succeed in fixing permissions (noted by jlkatzAATTeos.ncsu.edu)
* Mon Mar 19 2001 Nalin Dahyabhai - use the appdefault API to read krb5.conf if available- create v4 tickets in such a way as to allow 1.2.2 to not think there\'s something fishy going on
* Tue Feb 13 2001 Nalin Dahyabhai - don\'t log unknown user names to syslog -- they might be sensitive information
* Fri Feb 09 2001 Nalin Dahyabhai - handle cases where krb5_init_context() fails
* Wed Jan 17 2001 Nalin Dahyabhai - be more careful around memory allocation (fixes from David J. MacKenzie)
* Mon Jan 15 2001 Nalin Dahyabhai - no fair trying to make me authenticate \'(null)\'
* Tue Dec 05 2000 Nalin Dahyabhai - rebuild in new environment
* Fri Dec 01 2000 Nalin Dahyabhai - rebuild in new environment
* Wed Nov 08 2000 Nalin Dahyabhai - only try to delete ccache files once- ignore extra data in v4 TGTs, but log that we got some- require \"validate\" to be true to try validating, and fail if validation fails
* Fri Oct 20 2000 Nalin Dahyabhai - catch and ignore errors reading keys from the keytab (for xscreensaver, vlock)
* Thu Oct 19 2000 Nalin Dahyabhai - fix prompting when the module\'s first in the stack and the user does not have a corresponding principal in the local realm- properly implement TGT validation- change a few non-error status messages into debugging messages- sync the README and the various man pages up
* Tue Oct 03 2000 Nalin Dahyabhai - fix \"use_authtok\" logic when password was not set by previous module- require pam-devel to build
* Mon Aug 28 2000 Nalin Dahyabhai - fix errors with multiple addresses (#16847)
* Thu Aug 17 2000 Nalin Dahyabhai - change summary
* Fri Aug 11 2000 Nalin Dahyabhai - fix handling of null passwords
* Thu Jul 06 2000 Nalin Dahyabhai - fixes for Solaris 7 from Trevor Schroeder
* Wed Jun 28 2000 Nalin Dahyabhai - add Seth Vidal\'s no_user_check flag- document no_user_check and skip_first_pass options in the man pages- rebuild against Kerberos 5 1.2 (release 15)
* Tue Jun 06 2000 Nalin Dahyabhai - move man pages to /usr/share/man
* Thu May 18 2000 Nalin Dahyabhai - Make errors chown()ing ccache files non-fatal if (getuid() != 0), suggested by Steve Langasek.
* Tue May 16 2000 Nalin Dahyabhai - Attempt to get initial Kerberos IV credentials when we get Kerberos 5 creds
* Fri Apr 21 2000 Nalin Dahyabhai - Chris Chiappa\'s modifications for customizing the ccache directory
* Thu Apr 20 2000 Nalin Dahyabhai - Mark Dawson\'s fix for krb4_convert not being forced on when afs_cells defined
* Thu Mar 23 2000 Nalin Dahyabhai - fix problem with leftover ticket files after multiple setcred() calls
* Mon Mar 20 2000 Nalin Dahyabhai - add proper copyright statements- save password for modules later in the stack
* Fri Mar 03 2000 Nalin Dahyabhai - clean up prompter
* Thu Mar 02 2000 Nalin Dahyabhai - add krbafs as a requirement
* Fri Feb 04 2000 Nalin Dahyabhai - pick up non-afs PAM config files again
* Wed Feb 02 2000 Nalin Dahyabhai - autoconf and putenv() fixes for broken apps- fix for compressed man pages
* Fri Jan 14 2000 Nalin Dahyabhai - tweak passwd, su, and vlock configuration files
* Fri Jan 07 2000 Nalin Dahyabhai - added both modules to spec file
* Wed Dec 22 1999 Nalin Dahyabhai - adapted the original spec file from pam_ldap
  
ICM