SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for pam_krb5-debuginfo-2.4.4-9.5.x86_64.rpm :

* Wed May 28 2014 ckornackerAATTsuse.com- serialize make process to prevent build failures on s390
* Tue Apr 16 2013 mcAATTsuse.de- update to version 2.4.4
* drop configuration settings that duplicated library settings
* drop the existing_ticket option
* drop krb4 support
* add support for preserving configuration information in ccaches
* add support for creating and cleaning up DIR: ccaches
* finish cleaning up KEYRING: ccaches
* add experimental \"armor\" and \"armor_strategy\" options
* handle creation of /run/user/XXX for FILE: and DIR: caches
* handle different function signatures for krb5_trace_callback
* avoid overriding the primary when updating DIR: caches- obsolets patches (upstream):
* pam_krb5-2.2.0-0.5-configure_ac.dif
* use-urandom-for-tests.dif
* Thu Mar 07 2013 cfarrellAATTsuse.com- license update: BSD-3-Clause or LGPL-2.1+ it is a dual license - hence the operator is ^or^ not ^and^
* Fri Mar 01 2013 cooloAATTsuse.com- update license to new format
* Tue Aug 23 2011 mcAATTsuse.de- disable checks during build. Does not work reliable in the buildservice
* Sun Aug 21 2011 mcAATTnovell.com- update to version 2.3.13
* don\'t bother creating a v5 ccache in \"external\" mode
* add a \"trace\" option to enable libkrb5 tracing, if available
* avoid trying to get password-change creds twice
* use an in-memory ccache when obtaining tokens using v5 creds
* turn off creds==session in \"sshd\"
* add a \"validate_user_user\" option to control trying to perform user-to-user authentication to validate TGTs when a keytab is not available
* add an \"ignore_k5login\" option to control whether or not the module will use the krb5_kuserok() function to perform additional authorization checks
* turn on validation by default - verify_ap_req_nofail controls how we treat errors reading keytab files now
* add an \"always_allow_localname\" option when we can use krb5_aname_to_localname() to second-guess the krb5_kuserok() check
* prefer krb5_change_password() to krb5_set_password()
* Tue Mar 01 2011 mcAATTsuse.de- make pam_sm_setcred less verbose (bnc#641008)
* Fri Nov 19 2010 cooloAATTnovell.com- remove autoreconf call - breaks more than it helps
* Mon Mar 22 2010 mcAATTsuse.de- update to version 2.3.11
* create credentials before trying to look up the location of the user\'s home directory via krb5_kuserok()
* Thu Mar 04 2010 mcAATTsuse.de- update to version 2.3.10-3
* add a \"chpw_prompt\" option
* add a \"multiple_ccaches\" option
* fine-tune the logic for selecting which key we use for validating credentials
* fixes
* Mon Feb 01 2010 jengelhAATTmedozas.de- package baselibs.conf
* Tue Nov 03 2009 cooloAATTnovell.com- updated patches to apply with fuzz=0
* Mon Jul 27 2009 mcAATTnovell.com- version 2.3.7
* when refreshing credentials, store the new creds in the default ccache if $KRB5CCNAME isn\'t set.
* prefer a \"host\" key, if one is found, when validating TGTs
* Wed Jun 24 2009 sbrabecAATTsuse.cz- Supplement pam-32bit/pam-64bit in baselibs.conf (bnc#354164).
* Mon Jun 15 2009 mcAATTsuse.de- compile fixes for krb5 1.7
* Mon Jun 08 2009 mcAATTsuse.de- update to version 2.3.5
* make prompting behavior for non-existent accounts and users who just press enter match up with those who aren\'t/don\'t (#502602, CVE-2009-1384)
* Wed May 20 2009 mcAATTsuse.de- update to version 2.3.4
* don\'t request password-changing credentials using the same options we use for ticket-granting tickets
* close a couple of open pipes to defunct processes, fix a couple of debug messages
* fix ccache permissions bypass when the \"existing_ticket\" option is used (CVE-2008-3825, which affects 2.2.0-2.2.25, 2.3.0, and 2.3.1)- obsolete a lot of patches.
* Thu Feb 05 2009 mcAATTsuse.de- update translations
* Mon Feb 02 2009 mcAATTsuse.de- pam_sm_setcred should assume PAM_ESTABLISH_CRED if no flag are passed (bnc#470414)
* Tue Jan 13 2009 olhAATTsuse.de- obsolete old -XXbit packages (bnc#437293)
* Fri Nov 21 2008 mcAATTsuse.de- update translations
* Wed Nov 05 2008 mcAATTsuse.de- update translations
* Wed Oct 29 2008 mcAATTsuse.de- use the upstream fix for pam_krb5-2.3.1-fix-pwchange-with-use_shmem.dif
* Tue Oct 28 2008 mcAATTsuse.de- simplify switch permissions of refresh credentials (remove pam_krb5-2.2.11-1-refresh-drop-restore-priv.dif add pam_krb5-2.3.1-switch-perms-on-refresh.dif)
* Fri Oct 24 2008 mcAATTsuse.de- write new ticket into shmem after password change if requested. (bnc#438181)- update translations
* Mon Oct 06 2008 mcAATTsuse.de- fixing pam_krb5 existing_ticket permission flaw (CVE-2008-3825) (bnc#425861)
* Thu Sep 04 2008 mcAATTsuse.de- if the realm name given to us is NULL, don\'t bother consulting the appdefaults- check for the \"debug\" flag earlier
* Mon Sep 01 2008 mcAATTsuse.de- validate new fetched credentials
* Fri Jun 20 2008 mcAATTsuse.de- version 2.3.1
* translations for messages!
* added the ability to set up tokens in the rxk5 format
* added the \"token_strategy\" option to control which methods we\'ll try to use for setting tokens
* merge \"null_afs\" functionality from Jan Iven
* when we\'re changing passwords, force at least one attempt to authenticate using the KDC, even in the pathological case where there\'s no previously- entered password and we were told not to ask for one (brc#400611)
* Fri Jun 06 2008 mcAATTsuse.de- update i18n files
* Fri May 09 2008 mcAATTsuse.de- update i18n files
* Mon Apr 14 2008 mcAATTsuse.de- update i18n files
* Thu Apr 10 2008 roAATTsuse.de- added baselibs.conf file to build xxbit packages for multilib support
* Thu Mar 13 2008 mcAATTsuse.de- add i18n support
* Mon Feb 11 2008 mcAATTsuse.de- version 2.2.22
* moved .k5login checks to a subprocess to avoid screwing with the parent process\'s tokens and PAG (fallout from #371761)
* all options which took true/false before (\"debug\", \"tokens\", and so on) can now take service names
* Wed Nov 21 2007 mcAATTsuse.de- some bugfixes from upstream
* Fri Nov 09 2007 mcAATTsuse.de- version 2.2.21
* fix permissions problems on keyring ccaches, so that users can write to them after we\'ve set them up, and we can still do the cleanup- remove pam_krb5-2.2.20-1-copy-cache-priv-fix.dif; fix is upstream
* Mon Nov 05 2007 mcAATTsuse.de- pam_krb5-2.2.20-1-copy-cache-priv-fix.dif fix permissions on the ccache im not file case- pam_krb5-2.2.20-1-debug-log-choice.dif improve debug log
* Mon Oct 29 2007 mcAATTsuse.de- version 2.2.20
* fixes for credential refreshing- remove obsolete patch pam_krb5-2.2.19-fix-format-error.dif (fix is upstream)
* Fri Oct 26 2007 mcAATTsuse.de- version 2.2.19:
* the \"keytab\" option can now be used to specify a custom location for a given service from within krb5.conf
* log messages are now logged with facility LOG_AUTHPRIV (or LOG_AUTH if LOG_AUTHPRIV is not defined) instead of the application\'s default or LOG_USER
* added the \"pkinit_identity\" option to provide a way to specify where the user\'s public-key credentials are, and \"pkinit_flags\" to specify arbitrary flags for libkrb5 (Heimdal only)
* added the \"preauth_options\" option to provide a way to specify arbitrary preauthentication options to libkrb5 (MIT only)
* added the \"ccname_template\" option to provide a way to specify where the user\'s credentials should be stored, so that KEYRING: credential caches can be deployed at will.
* Tue Aug 07 2007 mcAATTsuse.de- version 2.2.17:
* corrected a typo in the pam_krb5(8) man page
* clarified that the \"tokens\" flag should only be needed for applications which are not using PAM correctly
* don\'t bother using a helper for creating v4 ticket files when we\'re just getting tokens
* clean up the debug message which we emit when we do v5->v4 principal name conversion
* compilation fixes
* let default \"external\" and \"use_shmem\" settings be specified at compile-time
* correctly return a \"unknown user\" error when attempting to change a password for a user who has no corresponding principal (#235020)
* don\'t bother using a helper for creating ccache files, which we\'re just going to delete, when we need to get tokens
* Mon Jul 16 2007 mcAATTsuse.de- version 2.2.14
* treat a \"client revoked\" error as an \"unknown principal\" error
* some small bugfixes
* Fri Jul 13 2007 mcAATTsuse.de- version 2.2.13
* make it possible to have more than one ccache (and tktfile) at a time to work around apps which open a session, set the environment, and initialize creds (when we previously created a ccache, removing the one which was named in the environment)
* Mon Jul 02 2007 mcAATTsuse.de- version 2.2.12
* add a \"pwhelp\" option.
* Display the KDC error to users.
* lots of bugfixes
* Thu Mar 15 2007 mcAATTsuse.de- drop privileges in _pam_krb5_sly_maybe_refresh when running in set uid and restore them on exit of this function. This enables us to refresh the ticket after screen un-lock. [#124611]
* Mon Sep 25 2006 mcAATTsuse.de- version 2.2.11- remove two patches with are upstream now - pam_krb5-2.2.10-0-oldauthtok.dif - pam_krb5-2.2.10-0-testfix.dif- make use of --with-os-distribution
* Thu Sep 14 2006 mcAATTsuse.de- fix pam_set_item call for AUTHTOK and OLDAUTHTOK- fix testcase- if the server returns an error message during password-changing, let the user see it- add the \"debug_sensitive\" option, which actually logs passwords- add the \"no_subsequent_prompt\" option, to force the module to always answer a libkrb5 prompt with the PAM_AUTHTOK value
* Tue Sep 12 2006 mcAATTsuse.de- version 2.2.10
* log text for server-supplied error code along with the failure information.
* rework the prompting bits so that it makes more correct use of the initial_prompt/use_first_pass flags and correctly disables use of the callback for arbitrary prompts
* give the caller a way to specify which prompter callback we should use.
* track whether or not we want to let libkrb5 ask for information via the callbacks.
* and more fixes
* Thu Jul 27 2006 mcAATTsuse.de- version 2.2.9
* look for krb5/krb5.h in preference to krb5.h (new in MIT Kerberos 1.5)
* if the default principal in the ccache doesn\'t match the userinfo structure, update the userinfo structure.
* always use the name of the v5 principal when saving credentials, especially for the \"external\" case where it may not be the value we originally guessed
* be more careful about other ways which our prompting callback can try to break us
* go back to overwriting the template, to avoid uncontrolled growth in the filename.
* build the new ccache name by appending the mkstemp template instead of assuming the previous file ended with one
* and more fixes.- remove pam_krb5-2.2.3-1-prompter-segfault.dif it is upstream now
* Wed Jun 28 2006 mcAATTsuse.de- update to version 2.2.8
* fix reporting of the reasons for password change failures
* add \"krb4_use_as_req\" to completely disallow any attempts to get v4 credentials
* do 524 conversion for the \"external\" cases, too- remove obsolete patches
* Fri Apr 21 2006 mcAATTsuse.de- fix segfault in prompter [#165972]
* Wed Jan 25 2006 mlsAATTsuse.de- converted neededforbuild to BuildRequires
* Tue Jan 17 2006 mcAATTsuse.de- add two patches from upstream
* pam_krb5-upstreamfix-password-handling.dif
* pam_krb5-upstreamfix-testcase.dif- build with more then one job
* Fri Jan 13 2006 mcAATTsuse.de- set /usr/bin/afs5log executable
* Wed Jan 11 2006 mcAATTsuse.de- add -fstack-protector to CFLAGS
* Tue Dec 20 2005 mcAATTsuse.de- update to version 2.2.3- remove pam_krb5-2.2.0-0.5-NULL-fix.dif; patch is now upstream
* Fri Dec 02 2005 mcAATTsuse.de- update to version 2.2.2
* don\'t leak the keytab file descriptor
* actually check for AFS support first, so that the ioctl-only support case will work properly.
* Mon Nov 14 2005 uliAATTsuse.de- no afs_syscall on ARM
* Mon Nov 14 2005 mcAATTsuse.de- update to version 2.2.0-2- remove obsolete patch (debug_false is upstream now)
* Mon Oct 10 2005 mcAATTsuse.de- update to current CVS version- drop some patches (they are upstream now)- fix NULL problem
* Wed Aug 17 2005 mcAATTsuse.de- got official fix for the authtok problem [#104051]
* Mon Aug 15 2005 mcAATTsuse.de- fix the behavior of password changing if use_authtok is not present [#104051]
* Wed Jun 29 2005 mcAATTsuse.de- fix change password
* Fri Jun 10 2005 mcAATTsuse.de- set default for debug to false [#87005]
* Thu Apr 07 2005 mcAATTsuse.de- switch to version 2.2.0-0.5
* Tue Feb 22 2005 nadvornikAATTsuse.cz- fixed parsing of time values
* Mon Feb 21 2005 mcAATTsuse.de- add pam_krb5-use-krb5_afslog.dif [#51047]
* Tue Jan 18 2005 okirAATTsuse.de- updated to latest pam_krb5 snapshot from sourcforge CVS
* Tue Jan 11 2005 roAATTsuse.de- re-added afs module (added krbafs to neededforbuild)
* Mon Nov 22 2004 roAATTsuse.de- remove afs for the moment, mit-kerberos does not have support
* Wed Apr 28 2004 roAATTsuse.de- added -fno-strict-aliasing
* Fri Jan 16 2004 kukukAATTsuse.de- Add pam-devel to neededforbuild
* Sun Jan 11 2004 adrianAATTsuse.de- build as user
* Wed Jul 16 2003 nadvornikAATTsuse.cz- replaced by different implementation of pam_krb5- afs support
* Fri Jun 20 2003 okirAATTsuse.de- fix build problem with latest heimdal- another fix for passwd updates (#20284)
* Wed Jun 18 2003 roAATTsuse.de- use kerberos-devel-packages in neededforbuild
* Tue Apr 15 2003 roAATTsuse.de- fixed neededforbuild
* Wed Aug 28 2002 okirAATTsuse.de- Security fix (#18463): unbecome_user did not properly reassert original privilege, and the caller didn\'t check the return value.
* Wed Jul 31 2002 okirAATTsuse.de- suse_update_config now updates the right files
* Wed Jul 24 2002 okirAATTsuse.de- fixed passwd(1) support; updated README
* Tue Jul 23 2002 okirAATTsuse.de- initial packaging
  
ICM