source: projects/specs/branches/6/p/pam_krb5/pam_krb5-vl.spec @ 3254

Revision 3254, 21.7 KB checked in by daisuke, 13 years ago (diff)

pam_krb5: update to 2.3.12

Line 
1Summary: A Pluggable Authentication Module for Kerberos 5.
2Summary(ja): Kerberos 5 の PAM モジュール
3Name: pam_krb5
4Version: 2.3.12
5Release: 1%{?_dist_release}
6Source0: pam_krb5-%{version}-1.tar.gz
7License: BSD or LGPLv2+
8Group: System Environment/Base
9BuildPrereq: keyutils-libs-devel, krb5-devel, pam-devel
10BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
11
12%description
13This is pam_krb5, a pluggable authentication module that can be used with
14Linux-PAM and Kerberos 5. This module supports password checking, ticket
15creation, and optional TGT verification and conversion to Kerberos IV tickets.
16The included pam_krb5afs module also gets AFS tokens if so configured.
17
18%prep
19%setup -q -n pam_krb5-%{version}-1
20
21%build
22CFLAGS="$RPM_OPT_FLAGS -fPIC"; export CFLAGS
23%configure --libdir=/%{_lib} \
24        --with-default-use-shmem=sshd --with-default-external=sshd
25make
26
27%install
28[ "$RPM_BUILD_ROOT" != "/" ] && rm -fr $RPM_BUILD_ROOT
29make install DESTDIR=$RPM_BUILD_ROOT
30ln -s pam_krb5.so $RPM_BUILD_ROOT/%{_lib}/security/pam_krb5afs.so
31rm -f $RPM_BUILD_ROOT/%{_lib}/security/*.la
32
33# Make the paths jive to avoid conflicts on multilib systems.
34sed -ri -e 's|/lib(64)?/|/\$LIB/|g' $RPM_BUILD_ROOT/%{_mandir}/man*/pam_krb5*.8*
35
36%find_lang %{name}
37
38%clean
39[ "$RPM_BUILD_ROOT" != "/" ] && rm -fr $RPM_BUILD_ROOT
40
41%files -f %{name}.lang
42%defattr(-,root,root)
43%{_bindir}/*
44/%{_lib}/security/pam_krb5.so
45/%{_lib}/security/pam_krb5afs.so
46/%{_lib}/security/pam_krb5
47%{_mandir}/man1/*
48%{_mandir}/man5/*
49%{_mandir}/man8/*
50%doc README* COPYING* ChangeLog NEWS
51
52%changelog
53* Sat Apr 02 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 2.3.12-1
54- new upstream release
55
56* Tue Jun 30 2009 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 2.3.5-1
57- new upstream release
58- fix CVE-2009-1384 (RH bugzilla #502602)
59
60* Wed May 13 2009 Daisuke SUZUKI <daisuke@linux.or.jp> 2.3.4-1
61- initial build for Vine Linux
62
63* Wed Mar  4 2009 Nalin Dahyabhai <nalin@redhat.com> - 2.3.4-1
64- don't request password-changing credentials with the same options that we
65  use when requesting ticket granting tickets, which might run afoul of KDC
66  policies
67
68* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3.3-2
69- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
70
71* Fri Feb  6 2009 Nalin Dahyabhai <nalin@redhat.com> - 2.3.3-1
72- clean up a couple of debug messages
73
74* Fri Feb  6 2009 Nalin Dahyabhai <nalin@redhat.com>
75- clean up a couple of unclosed pipes to nowhere
76
77* Wed Oct  1 2008 Nalin Dahyabhai <nalin@redhat.com> - 2.3.2-1
78- fix ccache permissions bypass when the "existing_ticket" option is used
79  (CVE-2008-3825)
80
81* Wed Aug 27 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 2.3.0-2
82- fix license tag
83
84* Wed Apr  9 2008 Nalin Dahyabhai <nalin@redhat.com> - 2.3.1-1
85- don't bother trying to set up a temporary v4 ticket file during session open
86  unless we obtained v4 creds somewhere
87
88* Mon Mar 10 2008 Nalin Dahyabhai <nalin@redhat.com> - 2.3.0-1
89- add a "null_afs" option
90- add a "token_strategy" option
91
92* Mon Mar 10 2008 Nalin Dahyabhai <nalin@redhat.com> - 2.2.23-1
93- when we're changing passwords, force at least one attempt to authenticate
94  using the KDC, even in the pathological case where there's no previously-
95  entered password and we were told not to ask for one (#400611)
96
97* Fri Feb  8 2008 Nalin Dahyabhai <nalin@redhat.com> - 2.2.22-1
98- make sure we don't fall out of the calling process's PAG when we check
99  the .k5login (fallout from #371761)
100- make most boolean options controllable on a per-service basis
101
102* Fri Nov  9 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.21-1
103- make sure that we have tokens when checking the user's .k5login (#371761)
104
105* Thu Nov  8 2007 Nalin Dahyabhai <nalin@redhat.com>
106- set perms on the user's KEYRING: ccache so that the user can write to it
107- suppress an error message if a KEYRING: ccache we're about to destroy has
108  already been revoked
109
110* Fri Oct 26 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.20-1
111- move temporary ccaches which aren't used for serializing from FILE: type
112  into MEMORY: type
113- don't barf during credential refresh when $KRB5CCNAME isn't set
114
115* Thu Oct 25 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.19-1
116- log to AUTHPRIV facility by default
117- add a "ccname_template" option, which can be set to "KEYRING:..." to switch
118  to using the kernel keyring
119- add a "preauth_options" option for setting generic preauth parameters
120- allow "keytab" locations to be specified on a per-service basis, so that
121  unprivileged apps which do password-checking and which have their own
122  keytabs can use their own keys to validate the KDC's response
123
124* Wed Aug 15 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.18-1
125- fix permissions-related problems creating v4 ticket files
126
127* Thu Aug  2 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.17-1
128- correct the license: tag -- this module is dual-licensed (LGPL+ or BSD)
129- fix a man page missing line
130- tactfully suggest in the man page that if your app needs the "tokens"
131  flag in order to work properly, it's broken
132
133* Fri Jul 27 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.16-1
134- update to 2.2.16, also avoiding use of the helper if we're creating a ticket
135  file for our own use
136
137* Mon Jul 23 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.15-2
138- rebuild
139
140* Mon Jul 23 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.15-1
141- update to 2.2.15, adjusting the fix for #150056 so that it doesn't run
142  afoul of SELinux policy by attempting to read a ccache which was created
143  for use by the user via the helper
144- build with --with-default-use-shmem=sshd --with-default-external=sshd, to
145  get the expected behavior without requiring administrator intervention
146
147* Thu Jul 19 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.14-2
148- rebuild
149
150* Fri Jul 13 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.14-1
151- update to 2.2.14
152
153* Thu Jul 12 2007 Nalin Dahyabhai <nalin@redhat.com>
154- update to 2.2.13
155
156* Mon Jun 25 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.12-2
157- rebuild
158
159* Sun Jun 24 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.12-1
160- update to 2.2.12
161
162* Sun Oct 01 2006 Jesse Keating <jkeating@redhat.com> - 2.2.11-2
163- rebuilt for unwind info generation, broken in gcc-4.1.1-21
164
165* Thu Sep 21 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.11-1
166- update to 2.2.11
167
168* Wed Sep 13 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.10-1
169- build
170
171* Tue Sep 12 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.10-0.1
172- revert previous changes to how prompting works, and add a
173  no_subsequent_prompt option to suppress libkrb5-based prompts during
174  authentication, providing the PAM_AUTHTOK for all questions which
175  libkrb5 asks
176
177* Fri Sep  8 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.10-0
178- rework prompting so that we stop getting stray prompts every now and then,
179  and so that use_first_pass will *never* prompt for any information
180
181* Tue Jul 25 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.9-1
182- return PAM_IGNORE instead of PAM_SERVICE_ERR when we're called in
183  an unsafe situation and told to refresh credentials (#197428)
184- drop from setuid to "normal" before calling our storetmp helper, so that
185  it doesn't freak out except when *it* is setuid (#190159)
186- fix handling of "external" cases where the forwarded creds don't belong to
187  the principal name we guessed for the user (#182239,#197660)
188
189* Mon Jul 17 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.8-1.2
190- rebuild
191
192* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 2.2.8-1.1
193- rebuild
194
195* Wed Mar 29 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.8-1
196- don't try to validate creds in a password-changing situation, because the
197  attempt will always fail unless the matching key is in the keytab, which
198  should never be the case for the password-changing service (#187303, rbasch)
199- if v4 has been disabled completely, go ahead and try to set 2b tokens
200  because we're going to end up having to do that anyway (#182378)
201
202* Fri Mar 10 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.7-2
203- fixup man page conflicts in %%install
204
205* Wed Mar  8 2006 Bill Nottingham <notting@redhat.com> - 2.2.6-2.2
206- don't use paths in man pages - avoids multilib conflicts
207
208* Tue Feb 21 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.7-1
209- add v4 credential conversion for "use_shmem" and "external" cases (though
210  it should be redundant with "use_shmem") (#182239)
211
212* Mon Feb 13 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.6-2
213- rebuild
214
215* Mon Feb  6 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.6-1
216- add a "krb4_use_as_req" option so that obtaining v4 creds kinit-style can
217  be disabled completely (Hugo Meiland)
218
219* Thu Jan 26 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.5-1
220- don't log debug messages that we're skipping session setup/teardown unless
221  debugging is enabled (#179037)
222- try to build the module with -Bsymbolic if we can figure out how to do that
223
224* Tue Jan 17 2006 Nalin Dahyabhai <nalin@redhat.com>
225- include the NEWS file as documentation
226
227* Mon Jan 16 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.4-1
228- fix reporting of the exact reason why a password change failed
229
230* Mon Dec 19 2005 Nalin Dahyabhai <nalin@redhat.com> - 2.2.3-1
231- fix a compile problem caused by a missing #include (Jesse Keating)
232
233* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com> - 2.2.2-1.3
234- rebuilt
235
236* Mon Nov 21 2005 Nalin Dahyabhai <nalin@redhat.com> - 2.2.2-1
237- don't leak the keytab descriptor during validation (#173681)
238
239* Tue Nov 15 2005 Nalin Dahyabhai <nalin@redhat.com> - 2.2.1-1
240- update to 2.2.1
241
242* Fri Nov 11 2005 Nalin Dahyabhai <nalin@redhat.com> - 2.2.0-2
243- rebuild
244
245* Fri Nov 11 2005 Nalin Dahyabhai <nalin@redhat.com> - 2.2.0-1
246- update to 2.2.0
247
248* Wed Oct  5 2005 Nalin Dahyabhai <nalin@redhat.com> - 2.1.95-0
249- update to 2.1.95
250
251* Mon Aug 30 2004 Nalin Dahyabhai <nalin@redhat.com> - 2.1.2-1
252- update to 2.1.2
253
254* Mon Jun 21 2004 Nalin Dahyabhai <nalin@redhat.com> - 2.1.1-1
255- update to 2.1.1
256
257* Wed Apr 21 2004 Nalin Dahyabhai <nalin@redhat.com> - 2.1.0-1
258- update to 2.1.0
259
260* Tue Mar 23 2004 Nalin Dahyabhai <nalin@redhat.com> - 2.0.11-1
261- update to 2.0.11
262
263* Tue Mar 16 2004 Nalin Dahyabhai <nalin@redhat.com> - 2.0.10-1
264- update to 2.0.10
265
266* Tue Mar 16 2004 Nalin Dahyabhai <nalin@redhat.com> - 2.0.9-1
267- update to 2.0.9
268
269* Tue Mar 16 2004 Nalin Dahyabhai <nalin@redhat.com> - 2.0.8-1
270- update to 2.0.8
271
272* Wed Mar 10 2004 Nalin Dahyabhai <nalin@redhat.com> - 2.0.7-1
273- update to 2.0.7
274
275* Fri Feb 27 2004 Nalin Dahyabhai <nalin@redhat.com> - 2.0.6-1
276- update to 2.0.6
277
278* Tue Feb 24 2004 Harald Hoyer <harald@redhat.com> - 2.0.5-3
279- rebuilt
280
281* Tue Nov 25 2003 Nalin Dahyabhai <nalin@redhat.com> 2.0.5-2
282- actually changelog the update to 2.0.5
283
284* Tue Nov 25 2003 Nalin Dahyabhai <nalin@redhat.com> 2.0.5-1
285- update to 2.0.5
286
287* Fri Oct 10 2003 Nalin Dahyabhai <nalin@redhat.com> 2.0.4-1
288- update to 2.0.4
289
290* Fri Sep 19 2003 Nalin Dahyabhai <nalin@redhat.com> 2.0.3-1
291- update to 2.0.3
292
293* Fri Sep  5 2003 Nalin Dahyabhai <nalin@redhat.com> 2.0.2-1
294- update to 2.0.2
295
296* Thu Aug 14 2003 Nalin Dahyabhai <nalin@redhat.com> 2.0.1-1
297- update to 2.0.1
298
299* Fri Aug  8 2003 Nalin Dahyabhai <nalin@redhat.com> 2.0-1
300- update to 2.0
301
302* Thu Jan 30 2003 Nalin Dahyabhai <nalin@redhat.com> 1.60-1
303- fix uninitialized pointer crash reading cached return values
304
305* Wed Jan 29 2003 Nalin Dahyabhai <nalin@redhat.com> 1.59-1
306- fix crash with per-user stashes and return values
307
308* Tue Jan 28 2003 Nalin Dahyabhai <nalin@redhat.com> 1.58-1
309- fix configure to not link with both libk5crypto and libcrypto
310
311* Mon Jan 27 2003 Nalin Dahyabhai <nalin@redhat.com> 1.57-1
312- force -fPIC
313- add --with-moduledir, --with-krb5-libs, --with-krbafs-libs to configure
314- add per-user stashes and return values
315
316* Tue May 28 2002 Nalin Dahyabhai <nalin@redhat.com> 1.56-1
317- guess a default cell name
318- fix what's hopefully the last parser bug
319
320* Thu May 16 2002 Nalin Dahyabhai <nalin@redhat.com> 1.55-2
321- rebuild in new environment
322
323* Mon Mar 25 2002 Nalin Dahyabhai <nalin@redhat.com> 1.55-1
324- handle account management for expired accounts correctly
325
326* Wed Mar 20 2002 Nalin Dahyabhai <nalin@redhat.com> 1.54-1
327- reorder configuration checks so that setting afs_cells will properly
328  force krb4_convert on
329
330* Wed Mar 20 2002 Nalin Dahyabhai <nalin@redhat.com> 1.53-1
331- fix what's hopefully the last parser bug
332
333* Mon Mar 18 2002 Nalin Dahyabhai <nalin@redhat.com> 1.52-1
334- apply patch from David Howells to add retain_tokens option
335
336* Thu Mar  7 2002 Nalin Dahyabhai <nalin@redhat.com> 1.51-1
337- fix what's hopefully the last parser bug
338
339* Sat Feb 23 2002 Nalin Dahyabhai <nalin@redhat.com> 1.50-3
340- rebuild
341
342* Wed Feb 20 2002 Nalin Dahyabhai <nalin@redhat.com> 1.50-2
343- rebuild in new environment
344
345* Fri Feb 15 2002 Nalin Dahyabhai <nalin@redhat.com> 1.50-1
346- documentation updates (no code changes)
347
348* Tue Feb 12 2002 Nalin Dahyabhai <nalin@redhat.com> 1.49-1
349- set PAM_USER using the user's parsed name, converted back to a local name
350- add account management service (checks for key expiration and krb5_kuserok())
351- handle account expiration errors
352
353* Fri Jan 25 2002 Nalin Dahyabhai <nalin@redhat.com> 1.48-1
354- autoconf fixes
355
356* Fri Oct 26 2001 Nalin Dahyabhai <nalin@redhat.com> 1.47-2
357- bump release number and rebuild to link with new version of krbafs
358
359* Tue Sep 25 2001 Nalin Dahyabhai <nalin@redhat.com> 1.47-1
360- fix parsing of options which have multiple whitespace-separated values,
361  like afs_cells
362
363* Wed Sep  5 2001 Nalin Dahyabhai <nalin@redhat.com> 1.46-1
364- link with libresolv to get res_search, tip from Justin McNutt, who
365  built it statically
366- explicitly link with libdes425
367- handle cases where getpwnam_r fails but still sets the result pointer
368- if use_authtok is given and there is no authtok, error out
369
370* Mon Aug 27 2001 Nalin Dahyabhai <nalin@redhat.com> 1.45-1
371- set the default realm when a default realm is specified
372
373* Thu Aug 23 2001 Nalin Dahyabhai <nalin@redhat.com> 1.44-1
374- only use Kerberos error codes when there is no PAM error yet
375
376* Wed Aug 22 2001 Nalin Dahyabhai <nalin@redhat.com> 1.43-1
377- add minimum UID support (#52358)
378- don't link pam_krb5 with libkrbafs
379- make all options in krb5.conf available as PAM config arguments
380
381* Tue Jul 31 2001 Nalin Dahyabhai <nalin@redhat.com>
382- merge patch from Chris Chiappa for building with Heimdal
383
384* Mon Jul 24 2001 Nalin Dahyabhai <nalin@redhat.com>
385- note that we had to prepend the current directory to a given path in
386  dlopen.c when we had to (noted by Onime Clement)
387
388* Tue Jul 17 2001 Nalin Dahyabhai <nalin@redhat.com> 1.42-1
389- return PAM_NEW_AUTHTOK_REQD when attempts to get initial credentials
390  fail with KRB5KDC_ERR_KEY_EXP (noted by Onime Clement)
391
392* Thu Jul 12 2001 Nalin Dahyabhai <nalin@redhat.com>
393- add info about accessing the CVS repository to the README
394- parser cleanups (thanks to Dane Skow for a more complicated sample)
395
396* Wed Jul 11 2001 Nalin Dahyabhai <nalin@redhat.com>
397- buildprereq the krbafs-devel package
398
399* Fri Jul  6 2001 Nalin Dahyabhai <nalin@redhat.com>
400- don't set forwardable and assorted other flags when getting password-
401  changing service ticket (noted, and fix supplied, by Onime Clement)
402- try __posix_getpwnam_r on Solaris before we try getpwnam_r, which may
403  or may not be expecting the same number/type of arguments (noted by
404  Onime Clement)
405- use krb5_aname_to_localname to convert the principal to a login name
406  and set PAM_USER to the result when authenticating
407- some autoconf fixes for failure cases
408
409* Wed Jun 26 2001 Nalin Dahyabhai <nalin@redhat.com>
410- use krb5_change_password() to change passwords
411
412* Tue Jun 12 2001 Nalin Dahyabhai <nalin@redhat.com>
413- use getpwnam_r instead of getpwnam when available
414
415* Fri Jun  8 2001 Nalin Dahyabhai <nalin@redhat.com>
416- cleanup some autoconf checks
417
418* Thu Jun  7 2001 Nalin Dahyabhai <nalin@redhat.com>
419- don't call initialize_krb5_error_table() or initialize_ovk_error_table()
420  if they're not found at compile-time (reported for RHL 6.x by Chris Riley)
421
422* Thu May 31 2001 Nalin Dahyabhai <nalin@redhat.com>
423- note that [pam] is still checked in addition to [appdefaults]
424- note that AFS and Kerberos IV support requires working Kerberos IV
425  configuration files (i.e., kinit -4 needs to work) (doc changes
426  suggested by Martin Schulz)
427
428* Tue May 29 2001 Nalin Dahyabhai <nalin@redhat.com>
429- add max_timeout, timeout_shift, initial_timeout, and addressless options
430  (patches from Simon Wilkinson)
431- fix the README to document the [appdefaults] section instead of [pam]
432- change example host and cell names in the README to use example domains
433
434* Wed May  2 2001 Nalin Dahyabhai <nalin@redhat.com>
435- don't delete tokens unless we're also removing ticket files (report and
436  patch from Sean Dilda)
437- report initialization errors better
438
439* Thu Apr 26 2001 Nalin Dahyabhai <nalin@redhat.com>
440- treat semicolons as a comment character, like hash marks (bug reported by
441  Greg Francis at Gonzaga University)
442- use the [:blank:] equivalence class to simplify the configuration file parser
443- don't mess with the real environment
444- implement mostly-complete aging support
445
446* Sat Apr  7 2001 Nalin Dahyabhai <nalin@redhat.com>
447- tweak the man page (can't use italics and bold simultaneously)
448
449* Fri Apr  6 2001 Nalin Dahyabhai <nalin@redhat.com>
450- restore the default TGS value (#35015)
451
452* Wed Mar 28 2001 Nalin Dahyabhai <nalin@redhat.com>
453- fix a debug message
454- fix uninitialized pointer error
455
456* Mon Mar 26 2001 Nalin Dahyabhai <nalin@redhat.com>
457- don't fail to fixup the krb5 ccache if something goes wrong obtaining
458  v4 credentials or creating a krb4 ticket file (#33262)
459
460* Thu Mar 22 2001 Nalin Dahyabhai <nalin@redhat.com>
461- fixup the man page
462- log return code from k_setpag() when debugging
463- create credentials and get tokens when setcred is called for REINITIALIZE
464
465* Wed Mar 21 2001 Nalin Dahyabhai <nalin@redhat.com>
466- don't twiddle ownerships until after we get AFS tokens
467- use the current time instead of the issue time when storing v4 creds, since
468  we don't know the issuing host's byte order
469- depend on a PAM development header again instead of pam-devel
470
471* Tue Mar 20 2001 Nalin Dahyabhai <nalin@redhat.com>
472- add a separate config file parser for compatibility with settings that
473  predate the appdefault API
474- use a version script under Linux to avoid polluting the global namespace
475- don't have a default for afs_cells
476- need to close the file when we succeed in fixing permissions (noted by
477  jlkatz@eos.ncsu.edu)
478
479* Mon Mar 19 2001 Nalin Dahyabhai <nalin@redhat.com>
480- use the appdefault API to read krb5.conf if available
481- create v4 tickets in such a way as to allow 1.2.2 to not think there's
482  something fishy going on
483
484* Tue Feb 13 2001 Nalin Dahyabhai <nalin@redhat.com>
485- don't log unknown user names to syslog -- they might be sensitive information
486
487* Fri Feb  9 2001 Nalin Dahyabhai <nalin@redhat.com>
488- handle cases where krb5_init_context() fails
489
490* Wed Jan 17 2001 Nalin Dahyabhai <nalin@redhat.com>
491- be more careful around memory allocation (fixes from David J. MacKenzie)
492
493* Mon Jan 15 2001 Nalin Dahyabhai <nalin@redhat.com>
494- no fair trying to make me authenticate '(null)'
495
496* Tue Dec  5 2000 Nalin Dahyabhai <nalin@redhat.com>
497- rebuild in new environment
498
499* Fri Dec  1 2000 Nalin Dahyabhai <nalin@redhat.com>
500- rebuild in new environment
501
502* Wed Nov  8 2000 Nalin Dahyabhai <nalin@redhat.com>
503- only try to delete ccache files once
504- ignore extra data in v4 TGTs, but log that we got some
505- require "validate" to be true to try validating, and fail if validation fails
506
507* Thu Oct 19 2000 Nalin Dahyabhai <nalin@redhat.com>
508- catch and ignore errors reading keys from the keytab (for xscreensaver, vlock)
509
510* Wed Oct 18 2000 Nalin Dahyabhai <nalin@redhat.com>
511- fix prompting when the module's first in the stack and the user does not have
512  a corresponding principal in the local realm
513- properly implement TGT validation
514- change a few non-error status messages into debugging messages
515- sync the README and the various man pages up
516
517* Mon Oct  2 2000 Nalin Dahyabhai <nalin@redhat.com>
518- fix "use_authtok" logic when password was not set by previous module
519- require pam-devel to build
520
521* Sun Aug 27 2000 Nalin Dahyabhai <nalin@redhat.com>
522- fix errors with multiple addresses (#16847)
523
524* Wed Aug 16 2000 Nalin Dahyabhai <nalin@redhat.com>
525- change summary
526
527* Thu Aug 10 2000 Nalin Dahyabhai <nalin@redhat.com>
528- fix handling of null passwords
529
530* Wed Jul  5 2000 Nalin Dahyabhai <nalin@redhat.com>
531- fixes for Solaris 7 from Trevor Schroeder
532
533* Tue Jun 27 2000 Nalin Dahyabhai <nalin@redhat.com>
534- add Seth Vidal's no_user_check flag
535- document no_user_check and skip_first_pass options in the man pages
536- rebuild against Kerberos 5 1.2 (release 15)
537
538* Mon Jun  5 2000 Nalin Dahyabhai <nalin@redhat.com>
539- move man pages to %{_mandir}
540
541* Wed May 17 2000 Nalin Dahyabhai <nalin@redhat.com>
542- Make errors chown()ing ccache files non-fatal if (getuid() != 0), suggested
543  by Steve Langasek.
544
545* Mon May 15 2000 Nalin Dahyabhai <nalin@redhat.com>
546- Attempt to get initial Kerberos IV credentials when we get Kerberos 5 creds
547
548* Thu Apr 20 2000 Nalin Dahyabhai <nalin@redhat.com>
549- Chris Chiappa's modifications for customizing the ccache directory
550
551* Wed Apr 19 2000 Nalin Dahyabhai <nalin@redhat.com>
552- Mark Dawson's fix for krb4_convert not being forced on when afs_cells defined
553
554* Thu Mar 23 2000 Nalin Dahyabhai <nalin@redhat.com>
555- fix problem with leftover ticket files after multiple setcred() calls
556
557* Mon Mar 20 2000 Nalin Dahyabhai <nalin@redhat.com>
558- add proper copyright statements
559- save password for modules later in the stack
560
561* Fri Mar 03 2000 Nalin Dahyabhai <nalin@redhat.com>
562- clean up prompter
563
564* Thu Mar 02 2000 Nalin Dahyabhai <nalin@redhat.com>
565- add krbafs as a requirement
566
567* Fri Feb 04 2000 Nalin Dahyabhai <nalin@redhat.com>
568- pick up non-afs PAM config files again
569
570* Wed Feb 02 2000 Nalin Dahyabhai <nalin@redhat.com>
571- autoconf and putenv() fixes for broken apps
572- fix for compressed man pages
573
574* Fri Jan 14 2000 Nalin Dahyabhai <nalin@redhat.com>
575- tweak passwd, su, and vlock configuration files
576
577* Fri Jan 07 2000 Nalin Dahyabhai <nalin@redhat.com>
578- added both modules to spec file
579
580* Wed Dec 22 1999 Nalin Dahyabhai <nalin@redhat.com>
581- adapted the original spec file from pam_ldap
Note: See TracBrowser for help on using the repository browser.