Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

pam_krb5-2.4.13-slfo.1.2.1 RPM for x86_64

From OpenSuSE Leap 16.0 for x86_64

Name: pam_krb5 Distribution: SUSE Linux Framework One
Version: 2.4.13 Vendor: SUSE LLC <https://www.suse.com/>
Release: slfo.1.2.1 Build date: Thu Feb 29 15:31:23 2024
Group: Productivity/Networking/Security Build host: reproducible
Size: 348284 Source RPM: pam_krb5-2.4.13-slfo.1.2.1.src.rpm
Packager: https://www.suse.com/
Url: https://pagure.io/pam_krb5
Summary: A Pluggable Authentication Module for Kerberos 5
This PAM module supports authentication against a Kerberos KDC. It also
supports updating your Kerberos password.

Provides

Requires

License

BSD-3-Clause OR LGPL-2.1-or-later

Changelog

* Thu Feb 29 2024 dimstar@opensuse.org
  - Use %autopatch macro. Allows to eliminate the usage of deprecated
    %patchN.
* Wed Jan 12 2022 josef.moellers@suse.com
  - Use the %_pam_moduledir macro in pam_userpass.spec in order to
    have the package follow UsrMerge.
    [bsc#1190951, pam_krb5.spec]
* Wed Jul 26 2017 josef.moellers@suse.com
  - Update to 2.4.13:
    * Fix a memory leak on FAST-capable clients
    * Learn to run 'kdc' and 'kpasswdd', if appropriate
    * Add the ability to specify a server principal
    * Drop _pam_krb5_stash_chown_keyring functionality
    * Fix a configure syntax error
    * Handle ccname templates that don't include a type
    * Fix a memory leak (static analysis)
    * default to subsequent_prompt=false for chauthtok
    * Don't close descriptors for fork-without-exec
    * Handle PKINIT without duplicate prompting
    * Add support for rxkad-k5-kdf
    [pam_krb5-LINGUAS.dif]
* Wed May 28 2014 ckornacker@suse.com
  - serialize make process to prevent build failures on s390
* Tue Apr 16 2013 mc@suse.de
  - update to version 2.4.4
    * drop configuration settings that duplicated library settings
    * drop the existing_ticket option
    * drop krb4 support
    * add support for preserving configuration information in ccaches
    * add support for creating and cleaning up DIR: ccaches
    * finish cleaning up KEYRING: ccaches
    * add experimental "armor" and "armor_strategy" options
    * handle creation of /run/user/XXX for FILE: and DIR: caches
    * handle different function signatures for krb5_trace_callback
    * avoid overriding the primary when updating DIR: caches
  - obsolets patches (upstream):
    * pam_krb5-2.2.0-0.5-configure_ac.dif
    * use-urandom-for-tests.dif
* Thu Mar 07 2013 cfarrell@suse.com
  - license update: BSD-3-Clause or LGPL-2.1+
    it is a dual license - hence the operator is ^or^ not ^and^
* Fri Mar 01 2013 coolo@suse.com
  - update license to new format
* Tue Aug 23 2011 mc@suse.de
  - disable checks during build. Does not work reliable in the
    buildservice
* Sun Aug 21 2011 mc@novell.com
  - update to version 2.3.13
    * don't bother creating a v5 ccache in "external" mode
    * add a "trace" option to enable libkrb5 tracing, if available
    * avoid trying to get password-change creds twice
    * use an in-memory ccache when obtaining tokens using v5 creds
    * turn off creds==session in "sshd"
    * add a "validate_user_user" option to control trying to perform
      user-to-user authentication to validate TGTs when a keytab is not
      available
    * add an "ignore_k5login" option to control whether or not the module
      will use the krb5_kuserok() function to perform additional
      authorization checks
    * turn on validation by default - verify_ap_req_nofail controls how we
      treat errors reading keytab files now
    * add an "always_allow_localname" option when we can use
      krb5_aname_to_localname() to second-guess the krb5_kuserok() check
    * prefer krb5_change_password() to krb5_set_password()
* Tue Mar 01 2011 mc@suse.de
  - make pam_sm_setcred less verbose (bnc#641008)
* Fri Nov 19 2010 coolo@novell.com
  - remove autoreconf call - breaks more than it helps
* Mon Mar 22 2010 mc@suse.de
  - update to version 2.3.11
    * create credentials before trying to look up the location of
      the user's home directory via krb5_kuserok()
* Thu Mar 04 2010 mc@suse.de
  - update to version 2.3.10-3
    * add a "chpw_prompt" option
    * add a "multiple_ccaches" option
    * fine-tune the logic for selecting which key we use for
      validating credentials
    * fixes
* Mon Feb 01 2010 jengelh@medozas.de
  - package baselibs.conf
* Tue Nov 03 2009 coolo@novell.com
  - updated patches to apply with fuzz=0
* Mon Jul 27 2009 mc@novell.com
  - version 2.3.7
    * when refreshing credentials, store the new creds in the default
      ccache if $KRB5CCNAME isn't set.
    * prefer a "host" key, if one is found, when validating TGTs
* Wed Jun 24 2009 sbrabec@suse.cz
  - Supplement pam-32bit/pam-64bit in baselibs.conf (bnc#354164).
* Mon Jun 15 2009 mc@suse.de
  - compile fixes for krb5 1.7
* Mon Jun 08 2009 mc@suse.de
  - update to version 2.3.5
    * make prompting behavior for non-existent accounts and users who
      just press enter match up with those who aren't/don't (#502602,
      CVE-2009-1384)
* Wed May 20 2009 mc@suse.de
  - update to version 2.3.4
    * don't request password-changing credentials using the same options
      we use for ticket-granting tickets
    * close a couple of open pipes to defunct processes, fix a couple
      of debug messages
    * fix ccache permissions bypass when the "existing_ticket" option is
      used (CVE-2008-3825, which affects 2.2.0-2.2.25, 2.3.0, and 2.3.1)
  - obsolete a lot of patches.
* Thu Feb 05 2009 mc@suse.de
  - update translations
* Mon Feb 02 2009 mc@suse.de
  - pam_sm_setcred should assume PAM_ESTABLISH_CRED
    if no flag are passed (bnc#470414)
* Tue Jan 13 2009 olh@suse.de
  - obsolete old -XXbit packages (bnc#437293)
* Fri Nov 21 2008 mc@suse.de
  - update translations
* Wed Nov 05 2008 mc@suse.de
  - update translations
* Wed Oct 29 2008 mc@suse.de
  - use the upstream fix for
    pam_krb5-2.3.1-fix-pwchange-with-use_shmem.dif
* Tue Oct 28 2008 mc@suse.de
  - simplify switch permissions of refresh credentials
    (remove pam_krb5-2.2.11-1-refresh-drop-restore-priv.dif
    add pam_krb5-2.3.1-switch-perms-on-refresh.dif)
* Fri Oct 24 2008 mc@suse.de
  - write new ticket into shmem after password change if requested.
    (bnc#438181)
  - update translations
* Mon Oct 06 2008 mc@suse.de
  - fixing pam_krb5 existing_ticket permission flaw (CVE-2008-3825)
    (bnc#425861)
* Thu Sep 04 2008 mc@suse.de
  - if the realm name given to us is NULL, don't bother consulting
    the appdefaults
  - check for the "debug" flag earlier
* Mon Sep 01 2008 mc@suse.de
  - validate new fetched credentials
* Fri Jun 20 2008 mc@suse.de
  - version 2.3.1
    * translations for messages!
    * added the ability to set up tokens in the rxk5 format
    * added the "token_strategy" option to control which methods we'll
      try to use for setting tokens
    * merge "null_afs" functionality from Jan Iven
    * when we're changing passwords, force at least one attempt to
      authenticate using the KDC, even in the pathological case where
      there's no previously- entered password and we were told not to ask
      for one (brc#400611)
* Fri Jun 06 2008 mc@suse.de
  - update i18n files
* Fri May 09 2008 mc@suse.de
  - update i18n files
* Mon Apr 14 2008 mc@suse.de
  - update i18n files
* Thu Apr 10 2008 ro@suse.de
  - added baselibs.conf file to build xxbit packages
    for multilib support
* Thu Mar 13 2008 mc@suse.de
  - add i18n support
* Mon Feb 11 2008 mc@suse.de
  - version 2.2.22
    * moved .k5login checks to a subprocess to avoid screwing with the
      parent process's tokens and PAG (fallout from #371761)
    * all options which took true/false before ("debug", "tokens", and
      so on) can now take service names
* Wed Nov 21 2007 mc@suse.de
  - some bugfixes from upstream
* Fri Nov 09 2007 mc@suse.de
  - version 2.2.21
    * fix permissions problems on keyring ccaches, so that users can write
      to them after we've set them up, and we can still do the cleanup
  - remove pam_krb5-2.2.20-1-copy-cache-priv-fix.dif; fix is upstream
* Mon Nov 05 2007 mc@suse.de
  - pam_krb5-2.2.20-1-copy-cache-priv-fix.dif
    fix permissions on the ccache im not file case
  - pam_krb5-2.2.20-1-debug-log-choice.dif
    improve debug log
* Mon Oct 29 2007 mc@suse.de
  - version 2.2.20
    * fixes for credential refreshing
  - remove obsolete patch pam_krb5-2.2.19-fix-format-error.dif
    (fix is upstream)
* Fri Oct 26 2007 mc@suse.de
  - version 2.2.19:
    * the "keytab" option can now be used to specify a custom location
      for a given service from within krb5.conf
    * log messages are now logged with facility LOG_AUTHPRIV (or LOG_AUTH
      if LOG_AUTHPRIV is not defined) instead of the application's default
      or LOG_USER
    * added the "pkinit_identity" option to provide a way to specify
      where the user's public-key credentials are, and "pkinit_flags" to
      specify arbitrary flags for libkrb5 (Heimdal only)
    * added the "preauth_options" option to provide a way to specify
      arbitrary preauthentication options to libkrb5 (MIT only)
    * added the "ccname_template" option to provide a way to specify
      where the user's credentials should be stored, so that KEYRING:
      credential caches can be deployed at will.
* Tue Aug 07 2007 mc@suse.de
  - version 2.2.17:
    * corrected a typo in the pam_krb5(8) man page
    * clarified that the "tokens" flag should only be needed for
      applications which are not using PAM correctly
    * don't bother using a helper for creating v4 ticket files when we're
      just getting tokens
    * clean up the debug message which we emit when we do v5->v4
      principal name conversion
    * compilation fixes
    * let default "external" and "use_shmem" settings be specified at
      compile-time
    * correctly return a "unknown user" error when attempting to change
      a password for a user who has no corresponding principal (#235020)
    * don't bother using a helper for creating ccache files, which we're
      just going to delete, when we need to get tokens
* Mon Jul 16 2007 mc@suse.de
  - version 2.2.14
    * treat a "client revoked" error as an "unknown principal" error
    * some small bugfixes
* Fri Jul 13 2007 mc@suse.de
  - version 2.2.13
    * make it possible to have more than one ccache (and tktfile) at
      a time to work around apps which open a session, set the
      environment, and initialize creds (when we previously created
      a ccache, removing the one which was named in the environment)
* Mon Jul 02 2007 mc@suse.de
  - version 2.2.12
    * add a "pwhelp" option.
    * Display the KDC error to users.
    * lots of bugfixes
* Thu Mar 15 2007 mc@suse.de
  - drop privileges in _pam_krb5_sly_maybe_refresh when
    running in set uid and restore them on exit of this
    function. This enables us to refresh the ticket
    after screen un-lock.
    [#124611]
* Mon Sep 25 2006 mc@suse.de
  - version 2.2.11
  - remove two patches with are upstream now
    - pam_krb5-2.2.10-0-oldauthtok.dif
    - pam_krb5-2.2.10-0-testfix.dif
  - make use of --with-os-distribution
* Thu Sep 14 2006 mc@suse.de
  - fix pam_set_item call for AUTHTOK and OLDAUTHTOK
  - fix testcase
  - if the server returns an error message during password-changing,
    let the user see it
  - add the "debug_sensitive" option, which actually logs passwords
  - add the "no_subsequent_prompt" option, to force the module to
    always answer a libkrb5 prompt with the PAM_AUTHTOK value
* Tue Sep 12 2006 mc@suse.de
  - version 2.2.10
    * log text for server-supplied error code along with the
      failure information.
    * rework the prompting bits so that it makes more correct use of
      the initial_prompt/use_first_pass flags and correctly disables
      use of the callback for arbitrary prompts
    * give the caller a way to specify which prompter callback we
      should use.
    * track whether or not we want to let libkrb5 ask for information
      via the callbacks.
    * and more fixes
* Thu Jul 27 2006 mc@suse.de
  - version 2.2.9
    * look for krb5/krb5.h in preference to krb5.h (new in
      MIT Kerberos 1.5)
    * if the default principal in the ccache doesn't match the
      userinfo structure, update the userinfo structure.
    * always use the name of the v5 principal when saving
      credentials, especially for the "external" case where
      it may not be the value we originally guessed
    * be more careful about other ways which our prompting
      callback can try to break us
    * go back to overwriting the template, to avoid uncontrolled
      growth in the filename.
    * build the new ccache name by appending the mkstemp template
      instead of assuming the previous file ended with one
    * and more fixes.
  - remove pam_krb5-2.2.3-1-prompter-segfault.dif it is upstream now
* Wed Jun 28 2006 mc@suse.de
  - update to version 2.2.8
    * fix reporting of the reasons for password change failures
    * add "krb4_use_as_req" to completely disallow any attempts to get
      v4 credentials
    * do 524 conversion for the "external" cases, too
  - remove obsolete patches
* Fri Apr 21 2006 mc@suse.de
  - fix segfault in prompter [#165972]
* Wed Jan 25 2006 mls@suse.de
  - converted neededforbuild to BuildRequires
* Tue Jan 17 2006 mc@suse.de
  - add two patches from upstream
    * pam_krb5-upstreamfix-password-handling.dif
    * pam_krb5-upstreamfix-testcase.dif
  - build with more then one job
* Fri Jan 13 2006 mc@suse.de
  - set /usr/bin/afs5log executable
* Wed Jan 11 2006 mc@suse.de
  - add -fstack-protector to CFLAGS
* Tue Dec 20 2005 mc@suse.de
  - update to version 2.2.3
  - remove pam_krb5-2.2.0-0.5-NULL-fix.dif; patch is now upstream
* Fri Dec 02 2005 mc@suse.de
  - update to version 2.2.2
    * don't leak the keytab file descriptor
    * actually check for AFS support first, so that the
      ioctl-only support case will work properly.
* Mon Nov 14 2005 uli@suse.de
  - no afs_syscall on ARM
* Mon Nov 14 2005 mc@suse.de
  - update to version 2.2.0-2
  - remove obsolete patch (debug_false is upstream now)
* Mon Oct 10 2005 mc@suse.de
  - update to current CVS version
  - drop some patches (they are upstream now)
  - fix NULL problem
* Wed Aug 17 2005 mc@suse.de
  - got official fix for the authtok problem
    [#104051]
* Mon Aug 15 2005 mc@suse.de
  - fix the behavior of password changing if use_authtok
    is not present [#104051]
* Wed Jun 29 2005 mc@suse.de
  - fix change password
* Fri Jun 10 2005 mc@suse.de
  - set default for debug to false [#87005]
* Thu Apr 07 2005 mc@suse.de
  - switch to version 2.2.0-0.5
* Tue Feb 22 2005 nadvornik@suse.cz
  - fixed parsing of time values
* Mon Feb 21 2005 mc@suse.de
  - add pam_krb5-use-krb5_afslog.dif [#51047]
* Tue Jan 18 2005 okir@suse.de
  - updated to latest pam_krb5 snapshot from sourcforge CVS
* Tue Jan 11 2005 ro@suse.de
  - re-added afs module (added krbafs to neededforbuild)
* Mon Nov 22 2004 ro@suse.de
  - remove afs for the moment, mit-kerberos does not have support
* Wed Apr 28 2004 ro@suse.de
  - added -fno-strict-aliasing
* Fri Jan 16 2004 kukuk@suse.de
  - Add pam-devel to neededforbuild
* Sun Jan 11 2004 adrian@suse.de
  - build as user
* Wed Jul 16 2003 nadvornik@suse.cz
  - replaced by different implementation of pam_krb5
  - afs support
* Fri Jun 20 2003 okir@suse.de
  - fix build problem with latest heimdal
  - another fix for passwd updates (#20284)
* Wed Jun 18 2003 ro@suse.de
  - use kerberos-devel-packages in neededforbuild
* Tue Apr 15 2003 ro@suse.de
  - fixed neededforbuild
* Wed Aug 28 2002 okir@suse.de
  - Security fix (#18463): unbecome_user did not properly reassert
    original privilege, and the caller didn't check the return value.
* Wed Jul 31 2002 okir@suse.de
  - suse_update_config now updates the right files
* Wed Jul 24 2002 okir@suse.de
  - fixed passwd(1) support; updated README
* Tue Jul 23 2002 okir@suse.de
  - initial packaging

Files

/usr/bin/afs5log
/usr/lib64/security/pam_krb5
/usr/lib64/security/pam_krb5.so
/usr/lib64/security/pam_krb5/pam_krb5_cchelper
/usr/lib64/security/pam_krb5afs.so
/usr/share/doc/packages/pam_krb5
/usr/share/doc/packages/pam_krb5/AUTHORS
/usr/share/doc/packages/pam_krb5/COPYING
/usr/share/doc/packages/pam_krb5/COPYING.LIB
/usr/share/doc/packages/pam_krb5/ChangeLog
/usr/share/doc/packages/pam_krb5/NEWS
/usr/share/doc/packages/pam_krb5/README
/usr/share/doc/packages/pam_krb5/README.heimdal-pkinit
/usr/share/doc/packages/pam_krb5/README.mit-pkinit
/usr/share/doc/packages/pam_krb5/README.winbind
/usr/share/locale/as/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/bg/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/bn/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/bn_IN/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/ca/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/cs/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/da/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/de/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/el/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/es/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/et/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/eu/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/fa/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/fr/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/gu/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/hi/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/hu/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/ia/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/it/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/ja/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/kn/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/ko/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/lv/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/ml/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/mr/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/ms/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/nl/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/or/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/pa/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/pl/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/pt/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/pt_BR/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/ro/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/ru/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/sk/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/sr/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/sr@latin/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/sv/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/ta/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/te/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/tr/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/uk/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/zh_CN/LC_MESSAGES/pam_krb5.mo
/usr/share/locale/zh_TW/LC_MESSAGES/pam_krb5.mo
/usr/share/man/man1/afs5log.1.gz
/usr/share/man/man5/pam_krb5.5.gz
/usr/share/man/man8/pam_krb5.8.gz
/usr/share/man/man8/pam_krb5_cchelper.8.gz


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Nov 12 00:02:43 2024