[33009] in Kerberos
pam-krb5 4.4 released
daemon@ATHENA.MIT.EDU (Russ Allbery)
Sat Jan 1 00:17:16 2011
From: Russ Allbery <rra@stanford.edu>
To: kerberos@mit.edu
Date: Fri, 31 Dec 2010 21:17:06 -0800
Message-ID: <877hep9p9p.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
I'm pleased to announce release 4.4 of pam-krb5.
pam-krb5 is a Kerberos v5 PAM module for either MIT Kerberos or Heimdal.It supports ticket refreshing by screen savers, configurable authorizationhandling, authentication of non-local accounts for network services,password changing, and password expiration, as well as all the standardexpected PAM features. It works correctly with OpenSSH, even withChallengeResponseAuthentication and PrivilegeSeparation enabled, andsupports extensive configuration either by PAM options or in krb5.conf orboth. PKINIT is supported with recent versions of both MIT Kerberos andHeimdal and FAST is supported with recent MIT Kerberos.
Changes from previous release:
Do not prompt for a password when try_pkinit is set and the module is built against MIT Kerberos. This fixes a spurious password prompt introduced in 4.1, but partly reintroduces the bug fixed in 4.1 where the user's password is not saved in the PAM data if the authentication falls back to password when PKINIT fails. This requires more work to fix and will be addressed in a subsequent release. Thanks to Бранко Мајић (Branko Majic) for the report.
Reorganize the configuration section of the pam_krb5 man page to divide the many PAM module options into sections.
When probing for <ibm_svc/krb5_svc.h> (part of AIX's bundled Kerberos implementation), include <krb5.h> before attempting to include that header to quiet confusing Autoconf warnings. Reported by Wilfried Weiss.
Update to rra-c-util 3.0:
* Fix compilation of the replacement snprintf for old systems. * Look for krb5-config in /usr/kerberos/bin for Red Hat systems. * Fix compilation with OpenBSD's Heimdal without separate libroken.
You can download it from:
<http://www.eyrie.org/~eagle/software/pam-krb5/>
This package is maintained using Git; see the instructions on the abovepage to access the Git repository.
Debian packages have been uploaded to Debian experimental and will beuploaded to Debian unstable after the squeeze release freeze.
Please let me know of any problems or feature requests not already listedin the TODO file.
-- Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________Kerberos mailing list Kerberos@mit.eduhttps://mailman.mit.edu/mailman/listinfo/kerberos
