Fedora 8 Update: krb5-1.6.2-13.fc8
updates at fedoraproject.org
updates at fedoraproject.org
Thu Mar 6 16:35:54 UTC 2008
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-2066
2008-03-06 16:10:54
--------------------------------------------------------------------------------
Name : krb5
Product : Fedora 8
Version : 1.6.2
Release : 13.fc8
URL : http://web.mit.edu/kerberos/www/
Summary : The Kerberos network authentication system.
Description :
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords.
--------------------------------------------------------------------------------
Update Information:
This update restores kinit's traditional behavior of prompting for a password
change when it receives a password-is-expired error from the KDC. It corrects a
couple of problems in how login.krb5 (used by the rlogin and telnet servers)
dealt with expired passwords. It modifies the kdb_ldap plugin so that it honors
the 'nsAccountLock' attribute used by Fedora (and Red Hat, and Netscape)
Directory Server.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 26 2008 Nalin Dahyabhai <nalin at redhat.com> 1.6.2-13
- stop adding a redundant but harmless call to initialize the gssapi internals
- kdb_ldap: add patch to treat 'nsAccountLock: true' as an indication that
the DISALLOW_ALL_TIX flag is set on an entry, for better interop with Fedora,
Netscape, Red Hat Directory Server (Simo Sorce)
* Mon Feb 25 2008 Nalin Dahyabhai <nalin at redhat.com>
- in login, allow PAM to interact with the user when they've been strongly
authenticated
- in login, signal PAM when we're changing an expired password that it's an
expired password, so that when cracklib flags a password as being weak it's
treated as an error even if we're running as root
* Mon Feb 25 2008 Nalin Dahyabhai <nalin at redhat.com>
- remove a patch, to fix problems with interfaces which are "up" but which
have no address assigned, which conflicted with a different fix for the same
problem in 1.5 (#200979)
* Wed Jan 23 2008 Nalin Dahyabhai <nalin at redhat.com> 1.6.2-12
- backport fix from 1.6.3 to get back traditional prompt-for-password-change-
on-expired-password behavior back in kinit (and other users of
krb5_get_init_creds_opt_alloc()) (#433818)
* Fri Nov 16 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.2-11
- backport a fix to make handling of returned flags during spnego credential
delegation more forgiving of apps which don't care about flags but still
want a delegated credential handle (#314651, RT#5802)
- fix retrieval of krb5 credentials from an spnego delegated handle (#319351,
RT#5807)
* Wed Oct 17 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.2-10
- make proper use of pam_loginuid and pam_selinux in rshd and ftpd
* Fri Oct 12 2007 Nalin Dahyabhai <nalin at redhat.com>
- make krb5.conf %verify(not md5 size mtime) in addition to
%config(noreplace), like /etc/nsswitch.conf (#329811)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #200979 - kinit -a segfaults
https://bugzilla.redhat.com/show_bug.cgi?id=200979
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update krb5' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the Fedora-package-announce
mailing list