[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Fedora Core 1 Update: pam_krb5-2.0.5-1



---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-024
2004-02-09
---------------------------------------------------------------------

Name        : pam_krb5
Version     : 2.0.5                      
Release     : 1                  
Summary     : A Pluggable Authentication Module for Kerberos 5.
Description :
This is pam_krb5, a pluggable authentication module that can be used with
Linux-PAM and Kerberos 5. This module supports password checking, ticket
creation, and optional TGT verification and conversion to Kerberos IV tickets.
The included pam_krb5afs module also gets AFS tokens if so configured.

---------------------------------------------------------------------

Update Information:
                                                                                
The version of pam_krb5 included in Fedora Core 1 did not honor the
ticket_lifetime setting in /etc/krb5.conf's [appdefaults] section, in
the "pam" subsection.  The default renewable lifetime set in this
configuration file is 10 hours.  The default ticket lifetime used in
libkrb5 is 24 hours.
                                                                                
When answering a request for initial credentials which specifies
these lifetimes, some KDC implementations will reply with initial
credentials with a renewable lifetime increased to match the ticket
lifetime.  This modification to the response is treated as an error
by libkrb5, and authentication fails when it would otherwise succeed.
                                                                                
The updated version of pam_krb5 now honors the ticket_lifetime
setting, and the configured default ticket lifetime (10 hours) does
not trigger this error condition.

---------------------------------------------------------------------

2003-11-20 nalin
	* src/initopts.c(_pam_krb5_set_init_opts): set the ticket lifetime,
	if configured, as an initopt.  This change lets us fix #109331.

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

ffb20c1eb534254ff590c59958fce3ca  SRPMS/pam_krb5-2.0.5-1.src.rpm
69a7ead3a682cf825265b88962b48c0c  i386/pam_krb5-2.0.5-1.i386.rpm
2e6f87c164b4841d7af442e6f93d0372  i386/debug/pam_krb5-debuginfo-2.0.5-1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------

Attachment: pgp00001.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]