Accepted libpam-krb5 1.2.0-3 (source)

Ubuntu Installer archive at ubuntu.com
Thu May 18 01:16:16 BST 2006 

Accepted:
 OK: libpam-krb5_1.2.0-3.dsc
     -> Component: universe Section: net
 OK: libpam-krb5_1.2.0-3.diff.gz

Origin: Debian/unstable
Format: 1.7
Date: Thu,  18 May 2006 01:09:34 +0100
Source: libpam-krb5
Binary: libpam-krb5
Architecture: source
Version: 1.2.0-3
Distribution: dapper
Urgency: low
Maintainer: Sam Hartman <hartmans at debian.org>
Changed-By: Timo Aaltonen <tjaalton at cc.hut.fi>
Description: 
 libpam-krb5 - PAM module for MIT Kerberos
Closes: 339734 341926 342271 344003 350556 354133
Changes: 
 libpam-krb5 (1.2.0-3) unstable; urgency=low
 .
   * Only call krb5_kuserok when the account to which we're authenticating
     is a local account to allow use of pam_krb5 for application
     authentication of users without local accounts.  (Closes: #354133)
   * Restructure the code to do user validation after obtaining their
     initial tickets.  This eliminates a lot of confusing special cases and
     deferred checking and makes it easier to audit the code.
   * Don't create the ticket cache until after successful authentication.
     Otherwise, we leave files behind in /tmp.
   * Document what principals libpam_krb5.so looks for in the system keytab
     to do ticket validation.  (Closes: #350556)
 .
 libpam-krb5 (1.2.0-2) unstable; urgency=low
 .
   * Always use a disk cache for temporary storage of credentials and cope
     with not having module-specific data during pam_sm_setcred by passing
     the cache path in an environment variable.  This is required to cope
     with OpenSSH's technique (when using ChallengeResponseAuthentication)
     of doing PAM authentication in a child process and then opening the
     session in the parent.  (Closes: #339734)
   * Only initialize the ticket cache once no matter how many times setcred
     is called.  Saves duplicate work and works around a bug in xdm, which
     calls setcred repeatedly and discards the environment set by the final
     call.
   * Don't assume we already have a context when changing passwords; passwd
     doesn't work that way.  (Closes: #344003)
   * Fix the test for the new password.  I don't think this would have
     worked at all before.
   * Improve debugging output for password changes.
   * If search_k5login is specified but no .k5login is found, still check
     the user with krb5_kuserok in case there are custom principal mappings
     defined.
   * Handle ignore_root in a cleaner fashion and add support for
     ignore_root on password changes.
   * Depend on krb5-config.  (Closes: #342271)
   * Document that ccache and ccache_dir must be specified as options to
     the session module.  (Closes: #341926)
   * Document that pam_sm_authenticate and pam_sm_setcred also call
     krb5_kuserok.
   * Properly override the upstream CFLAGS so that debugging builds work.
   * Don't ignore errors from make clean.
   * Providing binary-indep in debian/rules is required by Policy even if
     there are no arch-independent packages.  Whoops.
Files: 
 098380530754ddc51baa7dd90577a473 657 net optional libpam-krb5_1.2.0-3.dsc
 df30cafbd5bd9b245cee29f289a19676 18543 net optional libpam-krb5_1.2.0-3.diff.gz

More information about the dapper-changes mailing list