Accepted libpam-krb5 1.2.0-3 (source)
Ubuntu Installer
archive at ubuntu.com
Thu May 18 01:16:16 BST 2006
Accepted:
OK: libpam-krb5_1.2.0-3.dsc
-> Component: universe Section: net
OK: libpam-krb5_1.2.0-3.diff.gz
Origin: Debian/unstable
Format: 1.7
Date: Thu, 18 May 2006 01:09:34 +0100
Source: libpam-krb5
Binary: libpam-krb5
Architecture: source
Version: 1.2.0-3
Distribution: dapper
Urgency: low
Maintainer: Sam Hartman <hartmans at debian.org>
Changed-By: Timo Aaltonen <tjaalton at cc.hut.fi>
Description:
libpam-krb5 - PAM module for MIT Kerberos
Closes: 339734 341926 342271 344003 350556 354133
Changes:
libpam-krb5 (1.2.0-3) unstable; urgency=low
.
* Only call krb5_kuserok when the account to which we're authenticating
is a local account to allow use of pam_krb5 for application
authentication of users without local accounts. (Closes: #354133)
* Restructure the code to do user validation after obtaining their
initial tickets. This eliminates a lot of confusing special cases and
deferred checking and makes it easier to audit the code.
* Don't create the ticket cache until after successful authentication.
Otherwise, we leave files behind in /tmp.
* Document what principals libpam_krb5.so looks for in the system keytab
to do ticket validation. (Closes: #350556)
.
libpam-krb5 (1.2.0-2) unstable; urgency=low
.
* Always use a disk cache for temporary storage of credentials and cope
with not having module-specific data during pam_sm_setcred by passing
the cache path in an environment variable. This is required to cope
with OpenSSH's technique (when using ChallengeResponseAuthentication)
of doing PAM authentication in a child process and then opening the
session in the parent. (Closes: #339734)
* Only initialize the ticket cache once no matter how many times setcred
is called. Saves duplicate work and works around a bug in xdm, which
calls setcred repeatedly and discards the environment set by the final
call.
* Don't assume we already have a context when changing passwords; passwd
doesn't work that way. (Closes: #344003)
* Fix the test for the new password. I don't think this would have
worked at all before.
* Improve debugging output for password changes.
* If search_k5login is specified but no .k5login is found, still check
the user with krb5_kuserok in case there are custom principal mappings
defined.
* Handle ignore_root in a cleaner fashion and add support for
ignore_root on password changes.
* Depend on krb5-config. (Closes: #342271)
* Document that ccache and ccache_dir must be specified as options to
the session module. (Closes: #341926)
* Document that pam_sm_authenticate and pam_sm_setcred also call
krb5_kuserok.
* Properly override the upstream CFLAGS so that debugging builds work.
* Don't ignore errors from make clean.
* Providing binary-indep in debian/rules is required by Policy even if
there are no arch-independent packages. Whoops.
Files:
098380530754ddc51baa7dd90577a473 657 net optional libpam-krb5_1.2.0-3.dsc
df30cafbd5bd9b245cee29f289a19676 18543 net optional libpam-krb5_1.2.0-3.diff.gz
More information about the dapper-changes
mailing list