[521] | 1 | Summary: A Pluggable Authentication Module for Kerberos 5. |
---|
| 2 | Summary(ja): Kerberos 5 の PAM モジュール |
---|
| 3 | Name: pam_krb5 |
---|
[3254] | 4 | Version: 2.3.12 |
---|
[521] | 5 | Release: 1%{?_dist_release} |
---|
| 6 | Source0: pam_krb5-%{version}-1.tar.gz |
---|
| 7 | License: BSD or LGPLv2+ |
---|
| 8 | Group: System Environment/Base |
---|
| 9 | BuildPrereq: keyutils-libs-devel, krb5-devel, pam-devel |
---|
| 10 | BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root |
---|
| 11 | |
---|
| 12 | %description |
---|
| 13 | This is pam_krb5, a pluggable authentication module that can be used with |
---|
| 14 | Linux-PAM and Kerberos 5. This module supports password checking, ticket |
---|
| 15 | creation, and optional TGT verification and conversion to Kerberos IV tickets. |
---|
| 16 | The included pam_krb5afs module also gets AFS tokens if so configured. |
---|
| 17 | |
---|
| 18 | %prep |
---|
| 19 | %setup -q -n pam_krb5-%{version}-1 |
---|
| 20 | |
---|
| 21 | %build |
---|
| 22 | CFLAGS="$RPM_OPT_FLAGS -fPIC"; export CFLAGS |
---|
| 23 | %configure --libdir=/%{_lib} \ |
---|
| 24 | --with-default-use-shmem=sshd --with-default-external=sshd |
---|
| 25 | make |
---|
| 26 | |
---|
| 27 | %install |
---|
| 28 | [ "$RPM_BUILD_ROOT" != "/" ] && rm -fr $RPM_BUILD_ROOT |
---|
| 29 | make install DESTDIR=$RPM_BUILD_ROOT |
---|
| 30 | ln -s pam_krb5.so $RPM_BUILD_ROOT/%{_lib}/security/pam_krb5afs.so |
---|
| 31 | rm -f $RPM_BUILD_ROOT/%{_lib}/security/*.la |
---|
| 32 | |
---|
| 33 | # Make the paths jive to avoid conflicts on multilib systems. |
---|
| 34 | sed -ri -e 's|/lib(64)?/|/\$LIB/|g' $RPM_BUILD_ROOT/%{_mandir}/man*/pam_krb5*.8* |
---|
| 35 | |
---|
| 36 | %find_lang %{name} |
---|
| 37 | |
---|
| 38 | %clean |
---|
| 39 | [ "$RPM_BUILD_ROOT" != "/" ] && rm -fr $RPM_BUILD_ROOT |
---|
| 40 | |
---|
| 41 | %files -f %{name}.lang |
---|
| 42 | %defattr(-,root,root) |
---|
| 43 | %{_bindir}/* |
---|
| 44 | /%{_lib}/security/pam_krb5.so |
---|
| 45 | /%{_lib}/security/pam_krb5afs.so |
---|
| 46 | /%{_lib}/security/pam_krb5 |
---|
| 47 | %{_mandir}/man1/* |
---|
| 48 | %{_mandir}/man5/* |
---|
| 49 | %{_mandir}/man8/* |
---|
| 50 | %doc README* COPYING* ChangeLog NEWS |
---|
| 51 | |
---|
| 52 | %changelog |
---|
[3254] | 53 | * Sat Apr 02 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 2.3.12-1 |
---|
| 54 | - new upstream release |
---|
| 55 | |
---|
[521] | 56 | * Tue Jun 30 2009 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 2.3.5-1 |
---|
| 57 | - new upstream release |
---|
| 58 | - fix CVE-2009-1384 (RH bugzilla #502602) |
---|
| 59 | |
---|
| 60 | * Wed May 13 2009 Daisuke SUZUKI <daisuke@linux.or.jp> 2.3.4-1 |
---|
| 61 | - initial build for Vine Linux |
---|
| 62 | |
---|
| 63 | * Wed Mar 4 2009 Nalin Dahyabhai <nalin@redhat.com> - 2.3.4-1 |
---|
| 64 | - don't request password-changing credentials with the same options that we |
---|
| 65 | use when requesting ticket granting tickets, which might run afoul of KDC |
---|
| 66 | policies |
---|
| 67 | |
---|
| 68 | * Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3.3-2 |
---|
| 69 | - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild |
---|
| 70 | |
---|
| 71 | * Fri Feb 6 2009 Nalin Dahyabhai <nalin@redhat.com> - 2.3.3-1 |
---|
| 72 | - clean up a couple of debug messages |
---|
| 73 | |
---|
| 74 | * Fri Feb 6 2009 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 75 | - clean up a couple of unclosed pipes to nowhere |
---|
| 76 | |
---|
| 77 | * Wed Oct 1 2008 Nalin Dahyabhai <nalin@redhat.com> - 2.3.2-1 |
---|
| 78 | - fix ccache permissions bypass when the "existing_ticket" option is used |
---|
| 79 | (CVE-2008-3825) |
---|
| 80 | |
---|
| 81 | * Wed Aug 27 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 2.3.0-2 |
---|
| 82 | - fix license tag |
---|
| 83 | |
---|
| 84 | * Wed Apr 9 2008 Nalin Dahyabhai <nalin@redhat.com> - 2.3.1-1 |
---|
| 85 | - don't bother trying to set up a temporary v4 ticket file during session open |
---|
| 86 | unless we obtained v4 creds somewhere |
---|
| 87 | |
---|
| 88 | * Mon Mar 10 2008 Nalin Dahyabhai <nalin@redhat.com> - 2.3.0-1 |
---|
| 89 | - add a "null_afs" option |
---|
| 90 | - add a "token_strategy" option |
---|
| 91 | |
---|
| 92 | * Mon Mar 10 2008 Nalin Dahyabhai <nalin@redhat.com> - 2.2.23-1 |
---|
| 93 | - when we're changing passwords, force at least one attempt to authenticate |
---|
| 94 | using the KDC, even in the pathological case where there's no previously- |
---|
| 95 | entered password and we were told not to ask for one (#400611) |
---|
| 96 | |
---|
| 97 | * Fri Feb 8 2008 Nalin Dahyabhai <nalin@redhat.com> - 2.2.22-1 |
---|
| 98 | - make sure we don't fall out of the calling process's PAG when we check |
---|
| 99 | the .k5login (fallout from #371761) |
---|
| 100 | - make most boolean options controllable on a per-service basis |
---|
| 101 | |
---|
| 102 | * Fri Nov 9 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.21-1 |
---|
| 103 | - make sure that we have tokens when checking the user's .k5login (#371761) |
---|
| 104 | |
---|
| 105 | * Thu Nov 8 2007 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 106 | - set perms on the user's KEYRING: ccache so that the user can write to it |
---|
| 107 | - suppress an error message if a KEYRING: ccache we're about to destroy has |
---|
| 108 | already been revoked |
---|
| 109 | |
---|
| 110 | * Fri Oct 26 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.20-1 |
---|
| 111 | - move temporary ccaches which aren't used for serializing from FILE: type |
---|
| 112 | into MEMORY: type |
---|
| 113 | - don't barf during credential refresh when $KRB5CCNAME isn't set |
---|
| 114 | |
---|
| 115 | * Thu Oct 25 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.19-1 |
---|
| 116 | - log to AUTHPRIV facility by default |
---|
| 117 | - add a "ccname_template" option, which can be set to "KEYRING:..." to switch |
---|
| 118 | to using the kernel keyring |
---|
| 119 | - add a "preauth_options" option for setting generic preauth parameters |
---|
| 120 | - allow "keytab" locations to be specified on a per-service basis, so that |
---|
| 121 | unprivileged apps which do password-checking and which have their own |
---|
| 122 | keytabs can use their own keys to validate the KDC's response |
---|
| 123 | |
---|
| 124 | * Wed Aug 15 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.18-1 |
---|
| 125 | - fix permissions-related problems creating v4 ticket files |
---|
| 126 | |
---|
| 127 | * Thu Aug 2 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.17-1 |
---|
| 128 | - correct the license: tag -- this module is dual-licensed (LGPL+ or BSD) |
---|
| 129 | - fix a man page missing line |
---|
| 130 | - tactfully suggest in the man page that if your app needs the "tokens" |
---|
| 131 | flag in order to work properly, it's broken |
---|
| 132 | |
---|
| 133 | * Fri Jul 27 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.16-1 |
---|
| 134 | - update to 2.2.16, also avoiding use of the helper if we're creating a ticket |
---|
| 135 | file for our own use |
---|
| 136 | |
---|
| 137 | * Mon Jul 23 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.15-2 |
---|
| 138 | - rebuild |
---|
| 139 | |
---|
| 140 | * Mon Jul 23 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.15-1 |
---|
| 141 | - update to 2.2.15, adjusting the fix for #150056 so that it doesn't run |
---|
| 142 | afoul of SELinux policy by attempting to read a ccache which was created |
---|
| 143 | for use by the user via the helper |
---|
| 144 | - build with --with-default-use-shmem=sshd --with-default-external=sshd, to |
---|
| 145 | get the expected behavior without requiring administrator intervention |
---|
| 146 | |
---|
| 147 | * Thu Jul 19 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.14-2 |
---|
| 148 | - rebuild |
---|
| 149 | |
---|
| 150 | * Fri Jul 13 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.14-1 |
---|
| 151 | - update to 2.2.14 |
---|
| 152 | |
---|
| 153 | * Thu Jul 12 2007 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 154 | - update to 2.2.13 |
---|
| 155 | |
---|
| 156 | * Mon Jun 25 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.12-2 |
---|
| 157 | - rebuild |
---|
| 158 | |
---|
| 159 | * Sun Jun 24 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.12-1 |
---|
| 160 | - update to 2.2.12 |
---|
| 161 | |
---|
| 162 | * Sun Oct 01 2006 Jesse Keating <jkeating@redhat.com> - 2.2.11-2 |
---|
| 163 | - rebuilt for unwind info generation, broken in gcc-4.1.1-21 |
---|
| 164 | |
---|
| 165 | * Thu Sep 21 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.11-1 |
---|
| 166 | - update to 2.2.11 |
---|
| 167 | |
---|
| 168 | * Wed Sep 13 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.10-1 |
---|
| 169 | - build |
---|
| 170 | |
---|
| 171 | * Tue Sep 12 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.10-0.1 |
---|
| 172 | - revert previous changes to how prompting works, and add a |
---|
| 173 | no_subsequent_prompt option to suppress libkrb5-based prompts during |
---|
| 174 | authentication, providing the PAM_AUTHTOK for all questions which |
---|
| 175 | libkrb5 asks |
---|
| 176 | |
---|
| 177 | * Fri Sep 8 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.10-0 |
---|
| 178 | - rework prompting so that we stop getting stray prompts every now and then, |
---|
| 179 | and so that use_first_pass will *never* prompt for any information |
---|
| 180 | |
---|
| 181 | * Tue Jul 25 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.9-1 |
---|
| 182 | - return PAM_IGNORE instead of PAM_SERVICE_ERR when we're called in |
---|
| 183 | an unsafe situation and told to refresh credentials (#197428) |
---|
| 184 | - drop from setuid to "normal" before calling our storetmp helper, so that |
---|
| 185 | it doesn't freak out except when *it* is setuid (#190159) |
---|
| 186 | - fix handling of "external" cases where the forwarded creds don't belong to |
---|
| 187 | the principal name we guessed for the user (#182239,#197660) |
---|
| 188 | |
---|
| 189 | * Mon Jul 17 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.8-1.2 |
---|
| 190 | - rebuild |
---|
| 191 | |
---|
| 192 | * Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 2.2.8-1.1 |
---|
| 193 | - rebuild |
---|
| 194 | |
---|
| 195 | * Wed Mar 29 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.8-1 |
---|
| 196 | - don't try to validate creds in a password-changing situation, because the |
---|
| 197 | attempt will always fail unless the matching key is in the keytab, which |
---|
| 198 | should never be the case for the password-changing service (#187303, rbasch) |
---|
| 199 | - if v4 has been disabled completely, go ahead and try to set 2b tokens |
---|
| 200 | because we're going to end up having to do that anyway (#182378) |
---|
| 201 | |
---|
| 202 | * Fri Mar 10 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.7-2 |
---|
| 203 | - fixup man page conflicts in %%install |
---|
| 204 | |
---|
| 205 | * Wed Mar 8 2006 Bill Nottingham <notting@redhat.com> - 2.2.6-2.2 |
---|
| 206 | - don't use paths in man pages - avoids multilib conflicts |
---|
| 207 | |
---|
| 208 | * Tue Feb 21 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.7-1 |
---|
| 209 | - add v4 credential conversion for "use_shmem" and "external" cases (though |
---|
| 210 | it should be redundant with "use_shmem") (#182239) |
---|
| 211 | |
---|
| 212 | * Mon Feb 13 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.6-2 |
---|
| 213 | - rebuild |
---|
| 214 | |
---|
| 215 | * Mon Feb 6 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.6-1 |
---|
| 216 | - add a "krb4_use_as_req" option so that obtaining v4 creds kinit-style can |
---|
| 217 | be disabled completely (Hugo Meiland) |
---|
| 218 | |
---|
| 219 | * Thu Jan 26 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.5-1 |
---|
| 220 | - don't log debug messages that we're skipping session setup/teardown unless |
---|
| 221 | debugging is enabled (#179037) |
---|
| 222 | - try to build the module with -Bsymbolic if we can figure out how to do that |
---|
| 223 | |
---|
| 224 | * Tue Jan 17 2006 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 225 | - include the NEWS file as documentation |
---|
| 226 | |
---|
| 227 | * Mon Jan 16 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.4-1 |
---|
| 228 | - fix reporting of the exact reason why a password change failed |
---|
| 229 | |
---|
| 230 | * Mon Dec 19 2005 Nalin Dahyabhai <nalin@redhat.com> - 2.2.3-1 |
---|
| 231 | - fix a compile problem caused by a missing #include (Jesse Keating) |
---|
| 232 | |
---|
| 233 | * Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com> - 2.2.2-1.3 |
---|
| 234 | - rebuilt |
---|
| 235 | |
---|
| 236 | * Mon Nov 21 2005 Nalin Dahyabhai <nalin@redhat.com> - 2.2.2-1 |
---|
| 237 | - don't leak the keytab descriptor during validation (#173681) |
---|
| 238 | |
---|
| 239 | * Tue Nov 15 2005 Nalin Dahyabhai <nalin@redhat.com> - 2.2.1-1 |
---|
| 240 | - update to 2.2.1 |
---|
| 241 | |
---|
| 242 | * Fri Nov 11 2005 Nalin Dahyabhai <nalin@redhat.com> - 2.2.0-2 |
---|
| 243 | - rebuild |
---|
| 244 | |
---|
| 245 | * Fri Nov 11 2005 Nalin Dahyabhai <nalin@redhat.com> - 2.2.0-1 |
---|
| 246 | - update to 2.2.0 |
---|
| 247 | |
---|
| 248 | * Wed Oct 5 2005 Nalin Dahyabhai <nalin@redhat.com> - 2.1.95-0 |
---|
| 249 | - update to 2.1.95 |
---|
| 250 | |
---|
| 251 | * Mon Aug 30 2004 Nalin Dahyabhai <nalin@redhat.com> - 2.1.2-1 |
---|
| 252 | - update to 2.1.2 |
---|
| 253 | |
---|
| 254 | * Mon Jun 21 2004 Nalin Dahyabhai <nalin@redhat.com> - 2.1.1-1 |
---|
| 255 | - update to 2.1.1 |
---|
| 256 | |
---|
| 257 | * Wed Apr 21 2004 Nalin Dahyabhai <nalin@redhat.com> - 2.1.0-1 |
---|
| 258 | - update to 2.1.0 |
---|
| 259 | |
---|
| 260 | * Tue Mar 23 2004 Nalin Dahyabhai <nalin@redhat.com> - 2.0.11-1 |
---|
| 261 | - update to 2.0.11 |
---|
| 262 | |
---|
| 263 | * Tue Mar 16 2004 Nalin Dahyabhai <nalin@redhat.com> - 2.0.10-1 |
---|
| 264 | - update to 2.0.10 |
---|
| 265 | |
---|
| 266 | * Tue Mar 16 2004 Nalin Dahyabhai <nalin@redhat.com> - 2.0.9-1 |
---|
| 267 | - update to 2.0.9 |
---|
| 268 | |
---|
| 269 | * Tue Mar 16 2004 Nalin Dahyabhai <nalin@redhat.com> - 2.0.8-1 |
---|
| 270 | - update to 2.0.8 |
---|
| 271 | |
---|
| 272 | * Wed Mar 10 2004 Nalin Dahyabhai <nalin@redhat.com> - 2.0.7-1 |
---|
| 273 | - update to 2.0.7 |
---|
| 274 | |
---|
| 275 | * Fri Feb 27 2004 Nalin Dahyabhai <nalin@redhat.com> - 2.0.6-1 |
---|
| 276 | - update to 2.0.6 |
---|
| 277 | |
---|
| 278 | * Tue Feb 24 2004 Harald Hoyer <harald@redhat.com> - 2.0.5-3 |
---|
| 279 | - rebuilt |
---|
| 280 | |
---|
| 281 | * Tue Nov 25 2003 Nalin Dahyabhai <nalin@redhat.com> 2.0.5-2 |
---|
| 282 | - actually changelog the update to 2.0.5 |
---|
| 283 | |
---|
| 284 | * Tue Nov 25 2003 Nalin Dahyabhai <nalin@redhat.com> 2.0.5-1 |
---|
| 285 | - update to 2.0.5 |
---|
| 286 | |
---|
| 287 | * Fri Oct 10 2003 Nalin Dahyabhai <nalin@redhat.com> 2.0.4-1 |
---|
| 288 | - update to 2.0.4 |
---|
| 289 | |
---|
| 290 | * Fri Sep 19 2003 Nalin Dahyabhai <nalin@redhat.com> 2.0.3-1 |
---|
| 291 | - update to 2.0.3 |
---|
| 292 | |
---|
| 293 | * Fri Sep 5 2003 Nalin Dahyabhai <nalin@redhat.com> 2.0.2-1 |
---|
| 294 | - update to 2.0.2 |
---|
| 295 | |
---|
| 296 | * Thu Aug 14 2003 Nalin Dahyabhai <nalin@redhat.com> 2.0.1-1 |
---|
| 297 | - update to 2.0.1 |
---|
| 298 | |
---|
| 299 | * Fri Aug 8 2003 Nalin Dahyabhai <nalin@redhat.com> 2.0-1 |
---|
| 300 | - update to 2.0 |
---|
| 301 | |
---|
| 302 | * Thu Jan 30 2003 Nalin Dahyabhai <nalin@redhat.com> 1.60-1 |
---|
| 303 | - fix uninitialized pointer crash reading cached return values |
---|
| 304 | |
---|
| 305 | * Wed Jan 29 2003 Nalin Dahyabhai <nalin@redhat.com> 1.59-1 |
---|
| 306 | - fix crash with per-user stashes and return values |
---|
| 307 | |
---|
| 308 | * Tue Jan 28 2003 Nalin Dahyabhai <nalin@redhat.com> 1.58-1 |
---|
| 309 | - fix configure to not link with both libk5crypto and libcrypto |
---|
| 310 | |
---|
| 311 | * Mon Jan 27 2003 Nalin Dahyabhai <nalin@redhat.com> 1.57-1 |
---|
| 312 | - force -fPIC |
---|
| 313 | - add --with-moduledir, --with-krb5-libs, --with-krbafs-libs to configure |
---|
| 314 | - add per-user stashes and return values |
---|
| 315 | |
---|
| 316 | * Tue May 28 2002 Nalin Dahyabhai <nalin@redhat.com> 1.56-1 |
---|
| 317 | - guess a default cell name |
---|
| 318 | - fix what's hopefully the last parser bug |
---|
| 319 | |
---|
| 320 | * Thu May 16 2002 Nalin Dahyabhai <nalin@redhat.com> 1.55-2 |
---|
| 321 | - rebuild in new environment |
---|
| 322 | |
---|
| 323 | * Mon Mar 25 2002 Nalin Dahyabhai <nalin@redhat.com> 1.55-1 |
---|
| 324 | - handle account management for expired accounts correctly |
---|
| 325 | |
---|
| 326 | * Wed Mar 20 2002 Nalin Dahyabhai <nalin@redhat.com> 1.54-1 |
---|
| 327 | - reorder configuration checks so that setting afs_cells will properly |
---|
| 328 | force krb4_convert on |
---|
| 329 | |
---|
| 330 | * Wed Mar 20 2002 Nalin Dahyabhai <nalin@redhat.com> 1.53-1 |
---|
| 331 | - fix what's hopefully the last parser bug |
---|
| 332 | |
---|
| 333 | * Mon Mar 18 2002 Nalin Dahyabhai <nalin@redhat.com> 1.52-1 |
---|
| 334 | - apply patch from David Howells to add retain_tokens option |
---|
| 335 | |
---|
| 336 | * Thu Mar 7 2002 Nalin Dahyabhai <nalin@redhat.com> 1.51-1 |
---|
| 337 | - fix what's hopefully the last parser bug |
---|
| 338 | |
---|
| 339 | * Sat Feb 23 2002 Nalin Dahyabhai <nalin@redhat.com> 1.50-3 |
---|
| 340 | - rebuild |
---|
| 341 | |
---|
| 342 | * Wed Feb 20 2002 Nalin Dahyabhai <nalin@redhat.com> 1.50-2 |
---|
| 343 | - rebuild in new environment |
---|
| 344 | |
---|
| 345 | * Fri Feb 15 2002 Nalin Dahyabhai <nalin@redhat.com> 1.50-1 |
---|
| 346 | - documentation updates (no code changes) |
---|
| 347 | |
---|
| 348 | * Tue Feb 12 2002 Nalin Dahyabhai <nalin@redhat.com> 1.49-1 |
---|
| 349 | - set PAM_USER using the user's parsed name, converted back to a local name |
---|
| 350 | - add account management service (checks for key expiration and krb5_kuserok()) |
---|
| 351 | - handle account expiration errors |
---|
| 352 | |
---|
| 353 | * Fri Jan 25 2002 Nalin Dahyabhai <nalin@redhat.com> 1.48-1 |
---|
| 354 | - autoconf fixes |
---|
| 355 | |
---|
| 356 | * Fri Oct 26 2001 Nalin Dahyabhai <nalin@redhat.com> 1.47-2 |
---|
| 357 | - bump release number and rebuild to link with new version of krbafs |
---|
| 358 | |
---|
| 359 | * Tue Sep 25 2001 Nalin Dahyabhai <nalin@redhat.com> 1.47-1 |
---|
| 360 | - fix parsing of options which have multiple whitespace-separated values, |
---|
| 361 | like afs_cells |
---|
| 362 | |
---|
| 363 | * Wed Sep 5 2001 Nalin Dahyabhai <nalin@redhat.com> 1.46-1 |
---|
| 364 | - link with libresolv to get res_search, tip from Justin McNutt, who |
---|
| 365 | built it statically |
---|
| 366 | - explicitly link with libdes425 |
---|
| 367 | - handle cases where getpwnam_r fails but still sets the result pointer |
---|
| 368 | - if use_authtok is given and there is no authtok, error out |
---|
| 369 | |
---|
| 370 | * Mon Aug 27 2001 Nalin Dahyabhai <nalin@redhat.com> 1.45-1 |
---|
| 371 | - set the default realm when a default realm is specified |
---|
| 372 | |
---|
| 373 | * Thu Aug 23 2001 Nalin Dahyabhai <nalin@redhat.com> 1.44-1 |
---|
| 374 | - only use Kerberos error codes when there is no PAM error yet |
---|
| 375 | |
---|
| 376 | * Wed Aug 22 2001 Nalin Dahyabhai <nalin@redhat.com> 1.43-1 |
---|
| 377 | - add minimum UID support (#52358) |
---|
| 378 | - don't link pam_krb5 with libkrbafs |
---|
| 379 | - make all options in krb5.conf available as PAM config arguments |
---|
| 380 | |
---|
| 381 | * Tue Jul 31 2001 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 382 | - merge patch from Chris Chiappa for building with Heimdal |
---|
| 383 | |
---|
| 384 | * Mon Jul 24 2001 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 385 | - note that we had to prepend the current directory to a given path in |
---|
| 386 | dlopen.c when we had to (noted by Onime Clement) |
---|
| 387 | |
---|
| 388 | * Tue Jul 17 2001 Nalin Dahyabhai <nalin@redhat.com> 1.42-1 |
---|
| 389 | - return PAM_NEW_AUTHTOK_REQD when attempts to get initial credentials |
---|
| 390 | fail with KRB5KDC_ERR_KEY_EXP (noted by Onime Clement) |
---|
| 391 | |
---|
| 392 | * Thu Jul 12 2001 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 393 | - add info about accessing the CVS repository to the README |
---|
| 394 | - parser cleanups (thanks to Dane Skow for a more complicated sample) |
---|
| 395 | |
---|
| 396 | * Wed Jul 11 2001 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 397 | - buildprereq the krbafs-devel package |
---|
| 398 | |
---|
| 399 | * Fri Jul 6 2001 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 400 | - don't set forwardable and assorted other flags when getting password- |
---|
| 401 | changing service ticket (noted, and fix supplied, by Onime Clement) |
---|
| 402 | - try __posix_getpwnam_r on Solaris before we try getpwnam_r, which may |
---|
| 403 | or may not be expecting the same number/type of arguments (noted by |
---|
| 404 | Onime Clement) |
---|
| 405 | - use krb5_aname_to_localname to convert the principal to a login name |
---|
| 406 | and set PAM_USER to the result when authenticating |
---|
| 407 | - some autoconf fixes for failure cases |
---|
| 408 | |
---|
| 409 | * Wed Jun 26 2001 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 410 | - use krb5_change_password() to change passwords |
---|
| 411 | |
---|
| 412 | * Tue Jun 12 2001 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 413 | - use getpwnam_r instead of getpwnam when available |
---|
| 414 | |
---|
| 415 | * Fri Jun 8 2001 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 416 | - cleanup some autoconf checks |
---|
| 417 | |
---|
| 418 | * Thu Jun 7 2001 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 419 | - don't call initialize_krb5_error_table() or initialize_ovk_error_table() |
---|
| 420 | if they're not found at compile-time (reported for RHL 6.x by Chris Riley) |
---|
| 421 | |
---|
| 422 | * Thu May 31 2001 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 423 | - note that [pam] is still checked in addition to [appdefaults] |
---|
| 424 | - note that AFS and Kerberos IV support requires working Kerberos IV |
---|
| 425 | configuration files (i.e., kinit -4 needs to work) (doc changes |
---|
| 426 | suggested by Martin Schulz) |
---|
| 427 | |
---|
| 428 | * Tue May 29 2001 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 429 | - add max_timeout, timeout_shift, initial_timeout, and addressless options |
---|
| 430 | (patches from Simon Wilkinson) |
---|
| 431 | - fix the README to document the [appdefaults] section instead of [pam] |
---|
| 432 | - change example host and cell names in the README to use example domains |
---|
| 433 | |
---|
| 434 | * Wed May 2 2001 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 435 | - don't delete tokens unless we're also removing ticket files (report and |
---|
| 436 | patch from Sean Dilda) |
---|
| 437 | - report initialization errors better |
---|
| 438 | |
---|
| 439 | * Thu Apr 26 2001 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 440 | - treat semicolons as a comment character, like hash marks (bug reported by |
---|
| 441 | Greg Francis at Gonzaga University) |
---|
| 442 | - use the [:blank:] equivalence class to simplify the configuration file parser |
---|
| 443 | - don't mess with the real environment |
---|
| 444 | - implement mostly-complete aging support |
---|
| 445 | |
---|
| 446 | * Sat Apr 7 2001 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 447 | - tweak the man page (can't use italics and bold simultaneously) |
---|
| 448 | |
---|
| 449 | * Fri Apr 6 2001 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 450 | - restore the default TGS value (#35015) |
---|
| 451 | |
---|
| 452 | * Wed Mar 28 2001 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 453 | - fix a debug message |
---|
| 454 | - fix uninitialized pointer error |
---|
| 455 | |
---|
| 456 | * Mon Mar 26 2001 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 457 | - don't fail to fixup the krb5 ccache if something goes wrong obtaining |
---|
| 458 | v4 credentials or creating a krb4 ticket file (#33262) |
---|
| 459 | |
---|
| 460 | * Thu Mar 22 2001 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 461 | - fixup the man page |
---|
| 462 | - log return code from k_setpag() when debugging |
---|
| 463 | - create credentials and get tokens when setcred is called for REINITIALIZE |
---|
| 464 | |
---|
| 465 | * Wed Mar 21 2001 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 466 | - don't twiddle ownerships until after we get AFS tokens |
---|
| 467 | - use the current time instead of the issue time when storing v4 creds, since |
---|
| 468 | we don't know the issuing host's byte order |
---|
| 469 | - depend on a PAM development header again instead of pam-devel |
---|
| 470 | |
---|
| 471 | * Tue Mar 20 2001 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 472 | - add a separate config file parser for compatibility with settings that |
---|
| 473 | predate the appdefault API |
---|
| 474 | - use a version script under Linux to avoid polluting the global namespace |
---|
| 475 | - don't have a default for afs_cells |
---|
| 476 | - need to close the file when we succeed in fixing permissions (noted by |
---|
| 477 | jlkatz@eos.ncsu.edu) |
---|
| 478 | |
---|
| 479 | * Mon Mar 19 2001 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 480 | - use the appdefault API to read krb5.conf if available |
---|
| 481 | - create v4 tickets in such a way as to allow 1.2.2 to not think there's |
---|
| 482 | something fishy going on |
---|
| 483 | |
---|
| 484 | * Tue Feb 13 2001 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 485 | - don't log unknown user names to syslog -- they might be sensitive information |
---|
| 486 | |
---|
| 487 | * Fri Feb 9 2001 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 488 | - handle cases where krb5_init_context() fails |
---|
| 489 | |
---|
| 490 | * Wed Jan 17 2001 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 491 | - be more careful around memory allocation (fixes from David J. MacKenzie) |
---|
| 492 | |
---|
| 493 | * Mon Jan 15 2001 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 494 | - no fair trying to make me authenticate '(null)' |
---|
| 495 | |
---|
| 496 | * Tue Dec 5 2000 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 497 | - rebuild in new environment |
---|
| 498 | |
---|
| 499 | * Fri Dec 1 2000 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 500 | - rebuild in new environment |
---|
| 501 | |
---|
| 502 | * Wed Nov 8 2000 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 503 | - only try to delete ccache files once |
---|
| 504 | - ignore extra data in v4 TGTs, but log that we got some |
---|
| 505 | - require "validate" to be true to try validating, and fail if validation fails |
---|
| 506 | |
---|
| 507 | * Thu Oct 19 2000 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 508 | - catch and ignore errors reading keys from the keytab (for xscreensaver, vlock) |
---|
| 509 | |
---|
| 510 | * Wed Oct 18 2000 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 511 | - fix prompting when the module's first in the stack and the user does not have |
---|
| 512 | a corresponding principal in the local realm |
---|
| 513 | - properly implement TGT validation |
---|
| 514 | - change a few non-error status messages into debugging messages |
---|
| 515 | - sync the README and the various man pages up |
---|
| 516 | |
---|
| 517 | * Mon Oct 2 2000 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 518 | - fix "use_authtok" logic when password was not set by previous module |
---|
| 519 | - require pam-devel to build |
---|
| 520 | |
---|
| 521 | * Sun Aug 27 2000 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 522 | - fix errors with multiple addresses (#16847) |
---|
| 523 | |
---|
| 524 | * Wed Aug 16 2000 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 525 | - change summary |
---|
| 526 | |
---|
| 527 | * Thu Aug 10 2000 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 528 | - fix handling of null passwords |
---|
| 529 | |
---|
| 530 | * Wed Jul 5 2000 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 531 | - fixes for Solaris 7 from Trevor Schroeder |
---|
| 532 | |
---|
| 533 | * Tue Jun 27 2000 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 534 | - add Seth Vidal's no_user_check flag |
---|
| 535 | - document no_user_check and skip_first_pass options in the man pages |
---|
| 536 | - rebuild against Kerberos 5 1.2 (release 15) |
---|
| 537 | |
---|
| 538 | * Mon Jun 5 2000 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 539 | - move man pages to %{_mandir} |
---|
| 540 | |
---|
| 541 | * Wed May 17 2000 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 542 | - Make errors chown()ing ccache files non-fatal if (getuid() != 0), suggested |
---|
| 543 | by Steve Langasek. |
---|
| 544 | |
---|
| 545 | * Mon May 15 2000 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 546 | - Attempt to get initial Kerberos IV credentials when we get Kerberos 5 creds |
---|
| 547 | |
---|
| 548 | * Thu Apr 20 2000 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 549 | - Chris Chiappa's modifications for customizing the ccache directory |
---|
| 550 | |
---|
| 551 | * Wed Apr 19 2000 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 552 | - Mark Dawson's fix for krb4_convert not being forced on when afs_cells defined |
---|
| 553 | |
---|
| 554 | * Thu Mar 23 2000 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 555 | - fix problem with leftover ticket files after multiple setcred() calls |
---|
| 556 | |
---|
| 557 | * Mon Mar 20 2000 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 558 | - add proper copyright statements |
---|
| 559 | - save password for modules later in the stack |
---|
| 560 | |
---|
| 561 | * Fri Mar 03 2000 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 562 | - clean up prompter |
---|
| 563 | |
---|
| 564 | * Thu Mar 02 2000 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 565 | - add krbafs as a requirement |
---|
| 566 | |
---|
| 567 | * Fri Feb 04 2000 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 568 | - pick up non-afs PAM config files again |
---|
| 569 | |
---|
| 570 | * Wed Feb 02 2000 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 571 | - autoconf and putenv() fixes for broken apps |
---|
| 572 | - fix for compressed man pages |
---|
| 573 | |
---|
| 574 | * Fri Jan 14 2000 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 575 | - tweak passwd, su, and vlock configuration files |
---|
| 576 | |
---|
| 577 | * Fri Jan 07 2000 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 578 | - added both modules to spec file |
---|
| 579 | |
---|
| 580 | * Wed Dec 22 1999 Nalin Dahyabhai <nalin@redhat.com> |
---|
| 581 | - adapted the original spec file from pam_ldap |
---|