Fedora Core 4 FEDORA-2006-066 Critical: pam_krb5 Bug Resolves

This is pam_krb5, a pluggable authentication module that can be used with

Linux-PAM and Kerberos 5. This module supports password checking, ticket

creation, and optional TGT verification and conversion to Kerberos IV tickets.

The included pam_krb5afs module also gets AFS tokens if so configured.

This update fixes several bugs which have been found since

FC4 was released.

Part of #179037: two of pam_krb5's debug messages are sent

to syslog even when debugging hasn't been enabled

#179130: keytab file descriptor leaked (left open) when

validating credentials

#179131: credentials aren't refreshed when the screen is

unlocked by xscreensaver

#179132: password change at login results in no ccache being

obtained

#179133: account management functionality should be bypassed

when authentication was not performed by pam_krb5

- rebuild

* Thu Jan 26 2006 Nalin Dahyabhai - 2.1.15-1

- doc fixes

* Thu Jan 26 2006 Nalin Dahyabhai - 2.1.14-1

- don't log debug messages that we're skipping session setup/teardown unless

debugging is enabled (#179037)

- try to build the module with -Bsymbolic if we can figure out how to do that

* Mon Jan 16 2006 Nalin Dahyabhai - 2.1.13-2

- rebuild

* Mon Jan 16 2006 Nalin Dahyabhai - 2.1.13-1

- backport the "external" option from the 2.2 branch

* Mon Jan 16 2006 Nalin Dahyabhai - 2.1.12-2

- rebuild

* Mon Jan 16 2006 Nalin Dahyabhai - 2.1.12-1

- in the event of a failure to change passwords, provide the user with the

server-supplied information about why it failed

* Wed Jan 11 2006 Nalin Dahyabhai

- fix a couple of missing #include statements

* Mon Nov 21 2005 Nalin Dahyabhai - 2.1.11-1

- don't leak the keytab descriptor during validation (#173681)

* Tue Nov 15 2005 Nalin Dahyabhai - 2.1.10-1

- update to 2.1.10

* Wed Oct 5 2005 Nalin Dahyabhai - 2.1.9-2

- rebuild

* Wed Oct 5 2005 Nalin Dahyabhai - 2.1.9-1

- fix ccache initialization after the password is changed (#169966)

* Wed Aug 3 2005 Nalin Dahyabhai - 2.1.8-2

- rebuild

* Wed Aug 3 2005 Nalin Dahyabhai - 2.1.8-1

- backport ccache-refresh-on-setcred-with-reinitialize from HEAD (#153257)

- return PAM_USER_UNKNOWN from account management if we didn't participate in

authenticating the user (#164794)

ac9e6c4f6befd0b2071f6c7dec9a646565f6a511 SRPMS/pam_krb5-2.1.15-2.src.rpm

e376fe7fff2e4b18916bc3baa78d3af155482778 ppc/pam_krb5-2.1.15-2.ppc.rpm

f268a6b28b791dacd66a1bb63fd82d13c8521d2b ppc/debug/pam_krb5-debuginfo-2.1.15-2.ppc.rpm

bd2e380bf0028efcfcad6f35cc09fa2984b4537d x86_64/pam_krb5-2.1.15-2.x86_64.rpm

1467841f838f70a2bfa5c45d63a679053efb9838 x86_64/debug/pam_krb5-debuginfo-2.1.15-2.x86_64.rpm

c61be205d2a2f84e4dfd88496355f85bd662d625 i386/pam_krb5-2.1.15-2.i386.rpm

75b2e8a920f7043e706f2f7f075224d5c7c6290d i386/debug/pam_krb5-debuginfo-2.1.15-2.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update

package-name' at the command line. For more information, refer to 'Managing

Software with yum,' available at .

fedora-announce-list mailing list

fedora-announce-list@redhat.com