Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

pam_krb5-2.4.8-6.el7 RPM for x86_64

From CentOS 7.9.2009 for x86_64 / Packages

Name: pam_krb5 Distribution: Unknown
Version: 2.4.8 Vendor: CentOS
Release: 6.el7 Build date: Sat Nov 5 16:11:29 2016
Group: System Environment/Base Build host: worker1.bsys.centos.org
Size: 409746 Source RPM: pam_krb5-2.4.8-6.el7.src.rpm
Packager: CentOS BuildSystem <http://bugs.centos.org>
Url: https://fedorahosted.org/pam_krb5/
Summary: A Pluggable Authentication Module for Kerberos 5
This is pam_krb5, a pluggable authentication module that can be used by
PAM-aware applications to check passwords and obtain ticket granting tickets
using Kerberos 5, and to change user passwords.

Provides

Requires

License

BSD or LGPLv2+

Changelog

* Fri Feb 19 2016 Robbie Harwood <rharwood@redhat.com> - 2.4.8-5
  - Add pam_krb5(8) documentation for ignore_afs
  - Resolves: #1147552
* Mon Feb 15 2016 Robbie Harwood <rharwood@redhat.com> - 2.4.8-5
  - Fix use of kerberized sudo with smartcard
  - Resolves: #1263745
* Thu Mar 06 2014 Nalin Dahyabhai <nalin@redhat.com> - 2.4.8-4
  - fix to only prompt for passwords when obtaining credentials for performing
    password changes by toggling the subsequent_prompt default to off when
    called to perform a password change (#1063933)
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 2.4.8-3
  - Mass rebuild 2014-01-24
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 2.4.8-2
  - Mass rebuild 2013-12-27
* Fri Oct 04 2013 Nalin Dahyabhai <nalin@redhat.com> - 2.4.8-1
  - properly handle cases where default_ccache_name isn't set (#1015479)
* Fri Sep 13 2013 Nalin Dahyabhai <nalin@redhat.com> - 2.4.7-2
  - pull the newer F21 defaults back to F20 (sgallagh)
* Tue Sep 10 2013 Nalin Dahyabhai <nalin@redhat.com> - 2.4.7-1
  - drop some no-longer-necessary code to cede ownership of keyring ccaches
    to an unprivileged user at login-time to work better with upcoming changes
    to libkrb5's keyring ccache support (libkrb5: #991148, this one's #1005376)
  - if we don't have a ccname_template, if we're built against a libkrb5 that
    provides interfaces for reading its configuration files, try to read the
    default_ccache_name value from the [libdefaults] section before falling
    back to the default we've set at compile-time (#more of #1005376)
  - stop specifying a default ccache location at compile-time on F21 and later,
    to make our unconfigured default better line up with libkrb5's unconfigured
    default
* Wed Aug 21 2013 Nalin Dahyabhai <nalin@redhat.com> - 2.4.6-1
  - handle ccache creation correctly for users who are mapped to principal
    names in realms other than the default (#999604)
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.5-2
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Tue Apr 23 2013 Nalin Dahyabhai <nalin@redhat.com> - 2.4.5-1
  - update to 2.4.5
    - handle non-unique ccname templates
  - switch to a non-unique default ccname template on newer releases
* Wed Feb 20 2013 Nalin Dahyabhai <nalin@redhat.com> - 2.4.4-1
  - update to 2.4.4
    - fix compile errors against other versions of Kerberos
* Tue Feb 19 2013 Nalin Dahyabhai <nalin@redhat.com> - 2.4.3-1
  - update to 2.4.3
    - nominal translation updates
* Tue Feb 19 2013 Nalin Dahyabhai <nalin@redhat.com> - 2.4.2-1
  - update to 2.4.2
    - don't override the primary ccache selection when updating DIR: caches
    - handle the signature of trace callbacks being different between 1.10 and
      1.11
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.1-2
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Wed Sep 12 2012 Nalin Dahyabhai <nalin@redhat.com> - 2.4.1-1
  - update to 2.4.1
    - create /run/user/XXX, if needed, when we go to create DIR: or FILE: caches
* Mon Sep 10 2012 Nalin Dahyabhai <nalin@redhat.com> - 2.4.0-1
  - update to 2.4.0
* Fri Sep 07 2012 Nalin Dahyabhai <nalin@redhat.com> - 2.3.97-1
  - update to 2.3.97
    - fix the order of credentials in a user ccache looking wrong
    - in the ticket manipulation helper, if we're trying to switch IDs and
      can't, if we should be able to do so, flag an error
* Tue Sep 04 2012 Nalin Dahyabhai <nalin@redhat.com> - 2.3.96-1
  - update to 2.3.96
    - fix during credential reinitialization when we don't have credentials
* Tue Sep 04 2012 Nalin Dahyabhai <nalin@redhat.com> - 2.3.95-1
  - update to 2.3.95
    - more tests
    - fixes for externally-obtained credentials
* Sat Sep 01 2012 Nalin Dahyabhai <nalin@redhat.com> - 2.3.94-1
  - update to 2.3.94
    - more tests
* Sat Sep 01 2012 Nalin Dahyabhai <nalin@redhat.com> - 2.3.93-1
  - update to 2.3.92
    - don't try to use an armor ccache if we fail to get an armor ticket
* Thu Aug 30 2012 Nalin Dahyabhai <nalin@redhat.com> - 2.3.92-1
  - update to 2.3.92
    - armoring options
* Wed Aug 29 2012 Nalin Dahyabhai <nalin@redhat.com> - 2.3.91-1
  - update to 2.3.91
    - support for DIR: ccaches
    - proper support for KEYRING: ccaches
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3.14-3
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Thu Jul 05 2012 Nalin Dahyabhai <nalin@redhat.com> - 2.3.14-2
  - on Fedora 18 and later, override the default ccname template and specify that
    it be FILE:/run/user/%U/krb5cc_XXXXXX
* Thu May 24 2012 Nalin Dahyabhai <nalin@redhat.com> - 2.3.14-1
  - update to 2.3.14
    - attempt to drop to the user's privileges when reinitializing/refreshing
      credentials, which newer versions of login seem to do while they're still
      running as root (#822493)
  - on Fedora 18 and later, override the default ccname template and specify that
    it be FILE:/run/user/%u/krb5cc_XXXXXX
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3.13-2
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Thu Jul 28 2011 Nalin Dahyabhai <nalin@redhat.com> - 2.3.13-1
  - update to 2.3.13
    - don't treat setcred() as session open/close in sshd (#720609, #725797)
    - don't create a new ccache when "external" is enabled, as the calling
      application's already managing one (#690832)
    - always re-read "external" creds when possible, and use an in-memory
      ccache when setting up tokens (more of #690832)
    - apply when-to-prompt-for-what logic that we use in authentication to
      the initial part of password-change (#700520)
    - fix some bashisms and explicitly note errors when we run into them
      (ticket #1, patch by Aleksander Adamowski)
* Thu Mar 24 2011 Nalin Dahyabhai <nalin@redhat.com> - 2.3.12-1
  - update to 2.3.12
    - prefer to send change-password over set-password requests (#676526)
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3.11-3
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Mon Jul 26 2010 Nalin Dahyabhai <nalin@redhat.com> - 2.3.11-2
  - build with %{_smp_mflags}, if set (Parag AN, part of #226225)
  - drop explicit buildroot specification and cleanup (Parag AN, part of
    - drop explicit -fPIC since libtool seems to be doing the right thing (Parag
    AN, part of #226225)
* Mon Mar 08 2010 Nalin Dahyabhai <nalin@redhat.com> - 2.3.11-1
  - create creds before calling krb5_kuserok() so that they're available when
    it goes to look up the target user's home directory (#563442)
  - collapse multiple levels of debugging into a single debug level (#157107)
* Mon Jan 18 2010 Nalin Dahyabhai <nalin@redhat.com> - 2.3.10-3
  - tweak buildroot location (guidelines)
* Mon Jan 11 2010 Nalin Dahyabhai <nalin@redhat.com> - 2.3.10-2
  - replace BuildPreReq: with BuildRequires: (rpmlint)
  - fix inadvertent macro use in changelog (rpmlint)
  - drop the final '.' from the package summary (rpmlint)
* Wed Jan 06 2010 Nalin Dahyabhai <nalin@redhat.com> - 2.3.10-1
  - pull up changes to fine-tune the logic for selecting which key in a keytab
    to use when validating credentials
* Wed Jan 06 2010 Nalin Dahyabhai <nalin@redhat.com>
  - change the source location to a full URL
* Wed Jan 06 2010 Nalin Dahyabhai <nalin@redhat.com> - 2.3.9-1
  - add a "multiple_ccaches" option to allow forcing the previous behavior of
    not deleting an old ccache whenever we create a new one, but saving them
    until the call that caused us to create them is reversed, and default the
    setting to being enabled for "su", which needs it
* Thu Oct 08 2009 Nalin Dahyabhai <nalin@redhat.com> - 2.3.8-1
  - add a "chpw_prompt" option, to allow changing expired passwords while
    authenticating, as a workaround for applications which don't handle
    password expiration the way PAM expects them to (#509092)
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3.7-2
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Fri Jun 26 2009 Nalin Dahyabhai <nalin@redhat.com> - 2.3.7-1
  - when called to refresh credentials, store the new creds in the default
    ccache location if $KRB5CCNAME isn't set (#507984)
* Mon Jun 15 2009 Nalin Dahyabhai <nalin@redhat.com> - 2.3.6-1
  - prefer keys for services matching the pattern host/*@clientrealm when
    validating (#450776)
* Fri Jun 05 2009 Nalin Dahyabhai <nalin@redhat.com> - 2.3.5-1
  - when we get asked for the user's long-term key, use a plain Password:
    prompt value rather than the library-supplied one
* Tue May 26 2009 Nalin Dahyabhai <nalin@redhat.com>
  - catch the case where we pass a NULL initial password into libkrb5 and
    it uses our callback to ask us for the password for the user using a
    principal name, and reject that (#502602)
  - always prompt for a password unless we were told not to (#502602,
    CVE-2009-1384)
* Wed Mar 04 2009 Nalin Dahyabhai <nalin@redhat.com> - 2.3.4-1
  - don't request password-changing credentials with the same options that we
    use when requesting ticket granting tickets, which might run afoul of KDC
    policies
* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3.3-2
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Fri Feb 06 2009 Nalin Dahyabhai <nalin@redhat.com> - 2.3.3-1
  - clean up a couple of debug messages
* Fri Feb 06 2009 Nalin Dahyabhai <nalin@redhat.com>
  - clean up a couple of unclosed pipes to nowhere
* Wed Oct 01 2008 Nalin Dahyabhai <nalin@redhat.com> - 2.3.2-1
  - fix ccache permissions bypass when the "existing_ticket" option is used
    (CVE-2008-3825)
* Wed Aug 27 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 2.3.0-2
  - fix license tag
* Wed Apr 09 2008 Nalin Dahyabhai <nalin@redhat.com> - 2.3.1-1
  - don't bother trying to set up a temporary v4 ticket file during session open
    unless we obtained v4 creds somewhere
* Mon Mar 10 2008 Nalin Dahyabhai <nalin@redhat.com> - 2.3.0-1
  - add a "null_afs" option
  - add a "token_strategy" option
* Mon Mar 10 2008 Nalin Dahyabhai <nalin@redhat.com> - 2.2.23-1
  - when we're changing passwords, force at least one attempt to authenticate
    using the KDC, even in the pathological case where there's no previously-
    entered password and we were told not to ask for one (#400611)
* Fri Feb 08 2008 Nalin Dahyabhai <nalin@redhat.com> - 2.2.22-1
  - make sure we don't fall out of the calling process's PAG when we check
    the .k5login (fallout from #371761)
  - make most boolean options controllable on a per-service basis
* Fri Nov 09 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.21-1
  - make sure that we have tokens when checking the user's .k5login (#371761)
* Thu Nov 08 2007 Nalin Dahyabhai <nalin@redhat.com>
  - set perms on the user's KEYRING: ccache so that the user can write to it
  - suppress an error message if a KEYRING: ccache we're about to destroy has
    already been revoked
* Fri Oct 26 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.20-1
  - move temporary ccaches which aren't used for serializing from FILE: type
    into MEMORY: type
  - don't barf during credential refresh when $KRB5CCNAME isn't set
* Thu Oct 25 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.19-1
  - log to AUTHPRIV facility by default
  - add a "ccname_template" option, which can be set to "KEYRING:..." to switch
    to using the kernel keyring
  - add a "preauth_options" option for setting generic preauth parameters
  - allow "keytab" locations to be specified on a per-service basis, so that
    unprivileged apps which do password-checking and which have their own
    keytabs can use their own keys to validate the KDC's response
* Wed Aug 15 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.18-1
  - fix permissions-related problems creating v4 ticket files
* Thu Aug 02 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.17-1
  - correct the license: tag -- this module is dual-licensed (LGPL+ or BSD)
  - fix a man page missing line
  - tactfully suggest in the man page that if your app needs the "tokens"
    flag in order to work properly, it's broken
* Fri Jul 27 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.16-1
  - update to 2.2.16, also avoiding use of the helper if we're creating a ticket
    file for our own use
* Mon Jul 23 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.15-2
  - rebuild
* Mon Jul 23 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.15-1
  - update to 2.2.15, adjusting the fix for #150056 so that it doesn't run
    afoul of SELinux policy by attempting to read a ccache which was created
    for use by the user via the helper
  - build with --with-default-use-shmem=sshd --with-default-external=sshd, to
    get the expected behavior without requiring administrator intervention
* Thu Jul 19 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.14-2
  - rebuild
* Fri Jul 13 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.14-1
  - update to 2.2.14
* Thu Jul 12 2007 Nalin Dahyabhai <nalin@redhat.com>
  - update to 2.2.13
* Mon Jun 25 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.12-2
  - rebuild
* Sun Jun 24 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.12-1
  - update to 2.2.12
* Sun Oct 01 2006 Jesse Keating <jkeating@redhat.com> - 2.2.11-2
  - rebuilt for unwind info generation, broken in gcc-4.1.1-21
* Thu Sep 21 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.11-1
  - update to 2.2.11
* Wed Sep 13 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.10-1
  - build
* Tue Sep 12 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.10-0.1
  - revert previous changes to how prompting works, and add a
    no_subsequent_prompt option to suppress libkrb5-based prompts during
    authentication, providing the PAM_AUTHTOK for all questions which
    libkrb5 asks
* Fri Sep 08 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.10-0
  - rework prompting so that we stop getting stray prompts every now and then,
    and so that use_first_pass will *never* prompt for any information
* Tue Jul 25 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.9-1
  - return PAM_IGNORE instead of PAM_SERVICE_ERR when we're called in
    an unsafe situation and told to refresh credentials (#197428)
  - drop from setuid to "normal" before calling our storetmp helper, so that
    it doesn't freak out except when *it* is setuid (#190159)
  - fix handling of "external" cases where the forwarded creds don't belong to
    the principal name we guessed for the user (#182239,#197660)
* Mon Jul 17 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.8-1.2
  - rebuild
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 2.2.8-1.1
  - rebuild
* Wed Mar 29 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.8-1
  - don't try to validate creds in a password-changing situation, because the
    attempt will always fail unless the matching key is in the keytab, which
    should never be the case for the password-changing service (#187303, rbasch)
  - if v4 has been disabled completely, go ahead and try to set 2b tokens
    because we're going to end up having to do that anyway (#182378)
* Fri Mar 10 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.7-2
  - fixup man page conflicts in %install
* Wed Mar 08 2006 Bill Nottingham <notting@redhat.com> - 2.2.6-2.2
  - don't use paths in man pages - avoids multilib conflicts
* Tue Feb 21 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.7-1
  - add v4 credential conversion for "use_shmem" and "external" cases (though
    it should be redundant with "use_shmem") (#182239)
* Mon Feb 13 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.6-2
  - rebuild
* Mon Feb 06 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.6-1
  - add a "krb4_use_as_req" option so that obtaining v4 creds kinit-style can
    be disabled completely (Hugo Meiland)
* Thu Jan 26 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.5-1
  - don't log debug messages that we're skipping session setup/teardown unless
    debugging is enabled (#179037)
  - try to build the module with -Bsymbolic if we can figure out how to do that
* Tue Jan 17 2006 Nalin Dahyabhai <nalin@redhat.com>
  - include the NEWS file as documentation
* Mon Jan 16 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.4-1
  - fix reporting of the exact reason why a password change failed
* Mon Dec 19 2005 Nalin Dahyabhai <nalin@redhat.com> - 2.2.3-1
  - fix a compile problem caused by a missing #include (Jesse Keating)
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com> - 2.2.2-1.3
  - rebuilt
* Mon Nov 21 2005 Nalin Dahyabhai <nalin@redhat.com> - 2.2.2-1
  - don't leak the keytab descriptor during validation (#173681)
* Tue Nov 15 2005 Nalin Dahyabhai <nalin@redhat.com> - 2.2.1-1
  - update to 2.2.1
* Fri Nov 11 2005 Nalin Dahyabhai <nalin@redhat.com> - 2.2.0-2
  - rebuild
* Fri Nov 11 2005 Nalin Dahyabhai <nalin@redhat.com> - 2.2.0-1
  - update to 2.2.0
* Wed Oct 05 2005 Nalin Dahyabhai <nalin@redhat.com> - 2.1.95-0
  - update to 2.1.95
* Mon Aug 30 2004 Nalin Dahyabhai <nalin@redhat.com> - 2.1.2-1
  - update to 2.1.2
* Mon Jun 21 2004 Nalin Dahyabhai <nalin@redhat.com> - 2.1.1-1
  - update to 2.1.1
* Wed Apr 21 2004 Nalin Dahyabhai <nalin@redhat.com> - 2.1.0-1
  - update to 2.1.0
* Tue Mar 23 2004 Nalin Dahyabhai <nalin@redhat.com> - 2.0.11-1
  - update to 2.0.11
* Tue Mar 16 2004 Nalin Dahyabhai <nalin@redhat.com> - 2.0.10-1
  - update to 2.0.10
* Tue Mar 16 2004 Nalin Dahyabhai <nalin@redhat.com> - 2.0.9-1
  - update to 2.0.9
* Tue Mar 16 2004 Nalin Dahyabhai <nalin@redhat.com> - 2.0.8-1
  - update to 2.0.8
* Wed Mar 10 2004 Nalin Dahyabhai <nalin@redhat.com> - 2.0.7-1
  - update to 2.0.7
* Fri Feb 27 2004 Nalin Dahyabhai <nalin@redhat.com> - 2.0.6-1
  - update to 2.0.6
* Tue Feb 24 2004 Harald Hoyer <harald@redhat.com> - 2.0.5-3
  - rebuilt
* Tue Nov 25 2003 Nalin Dahyabhai <nalin@redhat.com> 2.0.5-2
  - actually changelog the update to 2.0.5
* Tue Nov 25 2003 Nalin Dahyabhai <nalin@redhat.com> 2.0.5-1
  - update to 2.0.5
* Fri Oct 10 2003 Nalin Dahyabhai <nalin@redhat.com> 2.0.4-1
  - update to 2.0.4
* Fri Sep 19 2003 Nalin Dahyabhai <nalin@redhat.com> 2.0.3-1
  - update to 2.0.3
* Fri Sep 05 2003 Nalin Dahyabhai <nalin@redhat.com> 2.0.2-1
  - update to 2.0.2
* Thu Aug 14 2003 Nalin Dahyabhai <nalin@redhat.com> 2.0.1-1
  - update to 2.0.1
* Fri Aug 08 2003 Nalin Dahyabhai <nalin@redhat.com> 2.0-1
  - update to 2.0
* Thu Jan 30 2003 Nalin Dahyabhai <nalin@redhat.com> 1.60-1
  - fix uninitialized pointer crash reading cached return values
* Wed Jan 29 2003 Nalin Dahyabhai <nalin@redhat.com> 1.59-1
  - fix crash with per-user stashes and return values
* Tue Jan 28 2003 Nalin Dahyabhai <nalin@redhat.com> 1.58-1
  - fix configure to not link with both libk5crypto and libcrypto
* Mon Jan 27 2003 Nalin Dahyabhai <nalin@redhat.com> 1.57-1
  - force -fPIC
  - add --with-moduledir, --with-krb5-libs, --with-krbafs-libs to configure
  - add per-user stashes and return values
* Tue May 28 2002 Nalin Dahyabhai <nalin@redhat.com> 1.56-1
  - guess a default cell name
  - fix what's hopefully the last parser bug
* Thu May 16 2002 Nalin Dahyabhai <nalin@redhat.com> 1.55-2
  - rebuild in new environment
* Mon Mar 25 2002 Nalin Dahyabhai <nalin@redhat.com> 1.55-1
  - handle account management for expired accounts correctly
* Wed Mar 20 2002 Nalin Dahyabhai <nalin@redhat.com> 1.54-1
  - reorder configuration checks so that setting afs_cells will properly
    force krb4_convert on
* Wed Mar 20 2002 Nalin Dahyabhai <nalin@redhat.com> 1.53-1
  - fix what's hopefully the last parser bug
* Mon Mar 18 2002 Nalin Dahyabhai <nalin@redhat.com> 1.52-1
  - apply patch from David Howells to add retain_tokens option
* Thu Mar 07 2002 Nalin Dahyabhai <nalin@redhat.com> 1.51-1
  - fix what's hopefully the last parser bug
* Sat Feb 23 2002 Nalin Dahyabhai <nalin@redhat.com> 1.50-3
  - rebuild
* Wed Feb 20 2002 Nalin Dahyabhai <nalin@redhat.com> 1.50-2
  - rebuild in new environment
* Fri Feb 15 2002 Nalin Dahyabhai <nalin@redhat.com> 1.50-1
  - documentation updates (no code changes)
* Tue Feb 12 2002 Nalin Dahyabhai <nalin@redhat.com> 1.49-1
  - set PAM_USER using the user's parsed name, converted back to a local name
  - add account management service (checks for key expiration and krb5_kuserok())
  - handle account expiration errors
* Fri Jan 25 2002 Nalin Dahyabhai <nalin@redhat.com> 1.48-1
  - autoconf fixes
* Fri Oct 26 2001 Nalin Dahyabhai <nalin@redhat.com> 1.47-2
  - bump release number and rebuild to link with new version of krbafs
* Tue Sep 25 2001 Nalin Dahyabhai <nalin@redhat.com> 1.47-1
  - fix parsing of options which have multiple whitespace-separated values,
    like afs_cells
* Wed Sep 05 2001 Nalin Dahyabhai <nalin@redhat.com> 1.46-1
  - link with libresolv to get res_search, tip from Justin McNutt, who
    built it statically
  - explicitly link with libdes425
  - handle cases where getpwnam_r fails but still sets the result pointer
  - if use_authtok is given and there is no authtok, error out
* Mon Aug 27 2001 Nalin Dahyabhai <nalin@redhat.com> 1.45-1
  - set the default realm when a default realm is specified
* Thu Aug 23 2001 Nalin Dahyabhai <nalin@redhat.com> 1.44-1
  - only use Kerberos error codes when there is no PAM error yet
* Wed Aug 22 2001 Nalin Dahyabhai <nalin@redhat.com> 1.43-1
  - add minimum UID support (#52358)
  - don't link pam_krb5 with libkrbafs
  - make all options in krb5.conf available as PAM config arguments
* Tue Jul 31 2001 Nalin Dahyabhai <nalin@redhat.com>
  - merge patch from Chris Chiappa for building with Heimdal
* Tue Jul 24 2001 Nalin Dahyabhai <nalin@redhat.com>
  - note that we had to prepend the current directory to a given path in
    dlopen.c when we had to (noted by Onime Clement)
* Tue Jul 17 2001 Nalin Dahyabhai <nalin@redhat.com> 1.42-1
  - return PAM_NEW_AUTHTOK_REQD when attempts to get initial credentials
    fail with KRB5KDC_ERR_KEY_EXP (noted by Onime Clement)
* Thu Jul 12 2001 Nalin Dahyabhai <nalin@redhat.com>
  - add info about accessing the CVS repository to the README
  - parser cleanups (thanks to Dane Skow for a more complicated sample)
* Wed Jul 11 2001 Nalin Dahyabhai <nalin@redhat.com>
  - buildprereq the krbafs-devel package
* Fri Jul 06 2001 Nalin Dahyabhai <nalin@redhat.com>
  - don't set forwardable and assorted other flags when getting password-
    changing service ticket (noted, and fix supplied, by Onime Clement)
  - try __posix_getpwnam_r on Solaris before we try getpwnam_r, which may
    or may not be expecting the same number/type of arguments (noted by
    Onime Clement)
  - use krb5_aname_to_localname to convert the principal to a login name
    and set PAM_USER to the result when authenticating
  - some autoconf fixes for failure cases
* Tue Jun 26 2001 Nalin Dahyabhai <nalin@redhat.com>
  - use krb5_change_password() to change passwords
* Tue Jun 12 2001 Nalin Dahyabhai <nalin@redhat.com>
  - use getpwnam_r instead of getpwnam when available
* Fri Jun 08 2001 Nalin Dahyabhai <nalin@redhat.com>
  - cleanup some autoconf checks
* Thu Jun 07 2001 Nalin Dahyabhai <nalin@redhat.com>
  - don't call initialize_krb5_error_table() or initialize_ovk_error_table()
    if they're not found at compile-time (reported for RHL 6.x by Chris Riley)
* Thu May 31 2001 Nalin Dahyabhai <nalin@redhat.com>
  - note that [pam] is still checked in addition to [appdefaults]
  - note that AFS and Kerberos IV support requires working Kerberos IV
    configuration files (i.e., kinit -4 needs to work) (doc changes
    suggested by Martin Schulz)
* Tue May 29 2001 Nalin Dahyabhai <nalin@redhat.com>
  - add max_timeout, timeout_shift, initial_timeout, and addressless options
    (patches from Simon Wilkinson)
  - fix the README to document the [appdefaults] section instead of [pam]
  - change example host and cell names in the README to use example domains
* Wed May 02 2001 Nalin Dahyabhai <nalin@redhat.com>
  - don't delete tokens unless we're also removing ticket files (report and
    patch from Sean Dilda)
  - report initialization errors better
* Thu Apr 26 2001 Nalin Dahyabhai <nalin@redhat.com>
  - treat semicolons as a comment character, like hash marks (bug reported by
    Greg Francis at Gonzaga University)
  - use the [:blank:] equivalence class to simplify the configuration file parser
  - don't mess with the real environment
  - implement mostly-complete aging support
* Sat Apr 07 2001 Nalin Dahyabhai <nalin@redhat.com>
  - tweak the man page (can't use italics and bold simultaneously)
* Fri Apr 06 2001 Nalin Dahyabhai <nalin@redhat.com>
  - restore the default TGS value (#35015)
* Wed Mar 28 2001 Nalin Dahyabhai <nalin@redhat.com>
  - fix a debug message
  - fix uninitialized pointer error
* Mon Mar 26 2001 Nalin Dahyabhai <nalin@redhat.com>
  - don't fail to fixup the krb5 ccache if something goes wrong obtaining
    v4 credentials or creating a krb4 ticket file (#33262)
* Thu Mar 22 2001 Nalin Dahyabhai <nalin@redhat.com>
  - fixup the man page
  - log return code from k_setpag() when debugging
  - create credentials and get tokens when setcred is called for REINITIALIZE
* Wed Mar 21 2001 Nalin Dahyabhai <nalin@redhat.com>
  - don't twiddle ownerships until after we get AFS tokens
  - use the current time instead of the issue time when storing v4 creds, since
    we don't know the issuing host's byte order
  - depend on a PAM development header again instead of pam-devel
* Tue Mar 20 2001 Nalin Dahyabhai <nalin@redhat.com>
  - add a separate config file parser for compatibility with settings that
    predate the appdefault API
  - use a version script under Linux to avoid polluting the global namespace
  - don't have a default for afs_cells
  - need to close the file when we succeed in fixing permissions (noted by
    jlkatz@eos.ncsu.edu)
* Mon Mar 19 2001 Nalin Dahyabhai <nalin@redhat.com>
  - use the appdefault API to read krb5.conf if available
  - create v4 tickets in such a way as to allow 1.2.2 to not think there's
    something fishy going on
* Tue Feb 13 2001 Nalin Dahyabhai <nalin@redhat.com>
  - don't log unknown user names to syslog -- they might be sensitive information
* Fri Feb 09 2001 Nalin Dahyabhai <nalin@redhat.com>
  - handle cases where krb5_init_context() fails
* Wed Jan 17 2001 Nalin Dahyabhai <nalin@redhat.com>
  - be more careful around memory allocation (fixes from David J. MacKenzie)
* Mon Jan 15 2001 Nalin Dahyabhai <nalin@redhat.com>
  - no fair trying to make me authenticate '(null)'
* Tue Dec 05 2000 Nalin Dahyabhai <nalin@redhat.com>
  - rebuild in new environment
* Fri Dec 01 2000 Nalin Dahyabhai <nalin@redhat.com>
  - rebuild in new environment
* Wed Nov 08 2000 Nalin Dahyabhai <nalin@redhat.com>
  - only try to delete ccache files once
  - ignore extra data in v4 TGTs, but log that we got some
  - require "validate" to be true to try validating, and fail if validation fails
* Thu Oct 19 2000 Nalin Dahyabhai <nalin@redhat.com>
  - catch and ignore errors reading keys from the keytab (for xscreensaver, vlock)
* Wed Oct 18 2000 Nalin Dahyabhai <nalin@redhat.com>
  - fix prompting when the module's first in the stack and the user does not have
    a corresponding principal in the local realm
  - properly implement TGT validation
  - change a few non-error status messages into debugging messages
  - sync the README and the various man pages up
* Mon Oct 02 2000 Nalin Dahyabhai <nalin@redhat.com>
  - fix "use_authtok" logic when password was not set by previous module
  - require pam-devel to build
* Sun Aug 27 2000 Nalin Dahyabhai <nalin@redhat.com>
  - fix errors with multiple addresses (#16847)
* Wed Aug 16 2000 Nalin Dahyabhai <nalin@redhat.com>
  - change summary
* Thu Aug 10 2000 Nalin Dahyabhai <nalin@redhat.com>
  - fix handling of null passwords
* Wed Jul 05 2000 Nalin Dahyabhai <nalin@redhat.com>
  - fixes for Solaris 7 from Trevor Schroeder
* Tue Jun 27 2000 Nalin Dahyabhai <nalin@redhat.com>
  - add Seth Vidal's no_user_check flag
  - document no_user_check and skip_first_pass options in the man pages
  - rebuild against Kerberos 5 1.2 (release 15)
* Mon Jun 05 2000 Nalin Dahyabhai <nalin@redhat.com>
  - move man pages to %{_mandir}
* Wed May 17 2000 Nalin Dahyabhai <nalin@redhat.com>
  - Make errors chown()ing ccache files non-fatal if (getuid() != 0), suggested
    by Steve Langasek.
* Mon May 15 2000 Nalin Dahyabhai <nalin@redhat.com>
  - Attempt to get initial Kerberos IV credentials when we get Kerberos 5 creds
* Thu Apr 20 2000 Nalin Dahyabhai <nalin@redhat.com>
  - Chris Chiappa's modifications for customizing the ccache directory
* Wed Apr 19 2000 Nalin Dahyabhai <nalin@redhat.com>
  - Mark Dawson's fix for krb4_convert not being forced on when afs_cells defined
* Thu Mar 23 2000 Nalin Dahyabhai <nalin@redhat.com>
  - fix problem with leftover ticket files after multiple setcred() calls
* Mon Mar 20 2000 Nalin Dahyabhai <nalin@redhat.com>
  - add proper copyright statements
  - save password for modules later in the stack
* Fri Mar 03 2000 Nalin Dahyabhai <nalin@redhat.com>
  - clean up prompter
* Thu Mar 02 2000 Nalin Dahyabhai <nalin@redhat.com>
  - add krbafs as a requirement
* Fri Feb 04 2000 Nalin Dahyabhai <nalin@redhat.com>
  - pick up non-afs PAM config files again
* Wed Feb 02 2000 Nalin Dahyabhai <nalin@redhat.com>
  - autoconf and putenv() fixes for broken apps
  - fix for compressed man pages
* Fri Jan 14 2000 Nalin Dahyabhai <nalin@redhat.com>
  - tweak passwd, su, and vlock configuration files
* Fri Jan 07 2000 Nalin Dahyabhai <nalin@redhat.com>
  - added both modules to spec file
* Wed Dec 22 1999 Nalin Dahyabhai <nalin@redhat.com>
  - adapted the original spec file from pam_ldap

Files

/usr/bin/afs5log
/usr/lib64/security/pam_krb5
/usr/lib64/security/pam_krb5.so
/usr/lib64/security/pam_krb5/pam_krb5_cchelper
/usr/lib64/security/pam_krb5afs.so
/usr/share/doc/pam_krb5-2.4.8
/usr/share/doc/pam_krb5-2.4.8/COPYING
/usr/share/doc/pam_krb5-2.4.8/COPYING.LIB
/usr/share/doc/pam_krb5-2.4.8/ChangeLog
/usr/share/doc/pam_krb5-2.4.8/NEWS
/usr/share/doc/pam_krb5-2.4.8/README
/usr/share/doc/pam_krb5-2.4.8/README.heimdal-pkinit
/usr/share/doc/pam_krb5-2.4.8/README.mit-pkinit
/usr/share/doc/pam_krb5-2.4.8/README.winbind
/usr/share/locale/as/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/bn_IN/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/ca/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/cs/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/da/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/de/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/el/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/es/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/fa/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/fr/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/gu/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/hi/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/hu/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/it/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/ja/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/kn/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/ko/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/ml/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/mr/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/ms/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/nl/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/or/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/pa/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/pl/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/pt_BR/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/ro/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/ru/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/sr/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/sr@latin/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/sv/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/ta/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/te/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/uk/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/zh_CN/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/zh_TW/LC_MESSAGES/pam_krb5.mo
/usr/share/man/man1/afs5log.1.gz
/usr/share/man/man5/pam_krb5.5.gz
/usr/share/man/man8/pam_krb5.8.gz
/usr/share/man/man8/pam_krb5_cchelper.8.gz


Generated by rpm2html 1.8.1

Fabrice Bellet, Sun Jun 9 13:31:22 2024