Commit Graph

371 Commits

Author SHA1 Message Date
Nalin Dahyabhai
5d2ca1d225 - replace our patch for #563431 (kpasswd doesn't fall back to guessing your
principal name using your user name if you don't have a ccache) with
    the on upstream uses
2010-03-19 21:15:10 +00:00
Nalin Dahyabhai
39cf8a4b2d - whoops, -p level off by one 2010-03-12 22:26:03 +00:00
Nalin Dahyabhai
fafc4a2352 - add the RT entry number 2010-03-12 22:13:15 +00:00
Nalin Dahyabhai
ecf57bb1a5 - the last members of the ops structure are pointers 2010-03-12 21:09:55 +00:00
Nalin Dahyabhai
8ba624d90a - this needs to be more portable before we try to send it upstream 2010-03-12 21:09:35 +00:00
Nalin Dahyabhai
be17b47a39 - note Sam's RT entry that this fixes 2010-03-12 21:08:54 +00:00
Nalin Dahyabhai
f3d0ea68ff - oh wait, i did that 2010-03-12 21:08:20 +00:00
Nalin Dahyabhai
fe99267cdf - add documentation for the ticket_lifetime option (#561174) 2010-03-12 20:44:02 +00:00
Nalin Dahyabhai
daa38f9cf3 - drop this; we're not going to worry about it 2010-03-11 19:24:17 +00:00
Nalin Dahyabhai
5ade34aee9 - add a header describing the what and why here 2010-03-11 19:23:59 +00:00
Nalin Dahyabhai
e03499409a - drop this; it's not sufficient any more anyway 2010-03-11 19:20:22 +00:00
Nalin Dahyabhai
fde0ac5843 - note the RT number 2010-03-11 19:19:55 +00:00
Nalin Dahyabhai
0f6f154014 - correct a few typos
- note the review bug for splitting out krb5-appl
2010-03-08 20:10:52 +00:00
Nalin Dahyabhai
a32fda650f - this patch is no longer needed; at some point between 1.7 and 1.8 this
was fixed in SVN
2010-03-08 18:16:23 +00:00
Nalin Dahyabhai
516763ea91 - pull up patch to get the client libraries to correctly perform password
changes over IPv6 (Sumit Bose, RT#6661)
2010-03-08 16:47:24 +00:00
Nalin Dahyabhai
70840ba4e4 - whoops, need these lists, too 2010-03-05 22:27:37 +00:00
Nalin Dahyabhai
75b08040ff - update to 1.8
- temporarily bundling the krb5-appl package (split upstream as of 1.8)
    until its package review is complete
- profile.d scriptlets are now only needed by -workstation-clients
- adjust paths in init scripts
- drop upstreamed fix for KDC denial of service (CVE-2010-0283)
- drop patch to check the user's password correctly using crypt(), which
    isn't a code path we hit when we're using PAM
2010-03-05 22:19:38 +00:00
Nalin Dahyabhai
9c84ef7b56 - whoops, revert inadvertent not-working version bump 2010-03-03 16:16:35 +00:00
Nalin Dahyabhai
5ee10a1ffb - fix a null pointer dereference and crash introduced in our PAM patch that
would happen if ftpd was given the name of a user who wasn't known to
    the local system, limited to being triggerable by gssapi-authenticated
    clients by the default xinetd config (Olivier Fourdan, #569472)
2010-03-03 16:09:47 +00:00
Nalin Dahyabhai
d605c80ae2 - fix a regression (not labeling a kdb database lock file correctly,
#569902)
2010-03-02 23:01:23 +00:00
Nalin Dahyabhai
669a15d24b - move the package changelog to the end to match the usual style (jdennis)
- scrub out references to $RPM_SOURCE_DIR (jdennis)
- include a symlink to the readme with the name LICENSE so that people can
    find it more easily (jdennis)
2010-02-25 23:00:23 +00:00
Nalin Dahyabhai
33efa14da1 - pull up the change to make kpasswd's behavior better match the docs when
there's no ccache (#563431)
2010-02-17 23:25:50 +00:00
Nalin Dahyabhai
6a46621b1a - forwardable=yes -> forwardable=true, which should mean the same thing,
but matches the man page better
- take port numbers off of the server names; i'm assuming that it's rare
    for them to need specifying because i assume the defaults are used more
    often than not
2010-02-16 22:38:25 +00:00
Nalin Dahyabhai
20683b0e60 - whoops, that's the wrong filename for the patch 2010-02-16 22:15:46 +00:00
Nalin Dahyabhai
19c7a3451b - upstream patch to correct a denial-of-service in KDCs in 1.7 and later 2010-02-16 21:53:47 +00:00
Nalin Dahyabhai
c84cd0185b - apply patch from upstream to fix KDC denial of service (CVE-2010-0283,
#566002)
2010-02-16 21:45:25 +00:00
Nalin Dahyabhai
edcbea8d17 - update to 1.7.1
- don't trip AD lockout on wrong password (#542687, #554351)
- incorporates fixes for CVE-2009-4212 and CVE-2009-3295
- fixes gss_krb5_copy_ccache() when SPNEGO is used
- move sim_client/sim_server, gss-client/gss-server, uuclient/uuserver to
    the devel subpackage, better lining up with the expected krb5/krb5-appl
    split in 1.8
- drop kvno,kadmin,k5srvutil,ktutil from -workstation-servers, as it
    already depends on -workstation which also includes them
2010-02-03 17:11:35 +00:00
Nalin Dahyabhai
f20db54891 - tighten up default permissions on kdc.conf and kadm5.acl (#558343) 2010-01-25 16:58:14 +00:00
Nalin Dahyabhai
9a31789f24 - use portreserve correctly -- portrelease takes the basename of the file
whose entries should be released, so we need three files, not one
2010-01-22 15:08:24 +00:00
Nalin Dahyabhai
304c10003d - suppress warnings of impending password expiration if expiration is more
than seven days away when the KDC reports it via the last-req field,
    just as we already do when it reports expiration via the key-expiration
    field (#556495)
- link with libtinfo rather than libncurses, when we can, in future RHEL
2010-01-18 20:13:04 +00:00
Nalin Dahyabhai
fba11018d1 - suppress warnings of impending password expiration if expiration is more
than seven days away when the KDC reports it via the last-req field,
    just as we already do when it reports expiration via the key-expiration
    field (#556495)
2010-01-18 20:03:17 +00:00
Nalin Dahyabhai
da536a5974 - krb5_get_init_creds_password: check opte->flags instead of options->flags
when checking whether or not we get to use the prompter callback
    (#555875)
2010-01-15 20:24:36 +00:00
Nalin Dahyabhai
2baf72c02f - use portreserve to make sure the KDC can always bind to the kerberos-iv
port, kpropd can always bind to the krb5_prop port, and that kadmind
    can always bind to the kerberos-adm port (#555279)
- correct inadvertent use of macros in the changelog (rpmlint)
2010-01-14 21:14:26 +00:00
Nalin Dahyabhai
60b2cbeb09 - fix the description of the problem 2010-01-12 19:27:00 +00:00
Nalin Dahyabhai
c81c7789b7 - add upstream patches for KDC crash during AES and RC4 decryption
(CVE-2009-4212), via Tom Yu (#545015)
2010-01-12 19:24:24 +00:00
Nalin Dahyabhai
3ad86e219a - back down to the earlier version of the patch for #551764; the backported
alternate version was incomplete
2010-01-06 23:54:23 +00:00
Nalin Dahyabhai
abd49c944b - put the conditional back for the -devel subpackage 2010-01-06 20:05:00 +00:00
Nalin Dahyabhai
f6701d5d64 - revise this to look more like what's been done in upstream trunk 2010-01-05 23:38:49 +00:00
Nalin Dahyabhai
b199476767 - pull up proposed patch for creating previously-not-there lock files for
kdb databases when 'kdb5_util' is called to 'load' (#551764)
2010-01-05 22:55:55 +00:00
Nalin Dahyabhai
65631fa1bb - use %%global instead of %%define
- fix conditional for future RHEL
2010-01-05 22:55:30 +00:00
Nalin Dahyabhai
14efc0c6dd - add tracking bug ID for the latest security patch 2010-01-04 15:59:00 +00:00
Nalin Dahyabhai
795e5e14a6 - add upstream patch for KDC crash during referral processing
(CVE-2009-3295), via Tom Yu
2010-01-04 15:56:24 +00:00
Nalin Dahyabhai
a019df8a50 - fix a typo 2009-12-21 19:41:25 +00:00
Nalin Dahyabhai
cc8c049fe1 refresh patch for #542868 from trunk 2009-12-21 19:27:25 +00:00
Nalin Dahyabhai
439a1c75e7 - add the upstream RT number 2009-12-11 18:08:12 +00:00
Nalin Dahyabhai
ec702e8192 - move man pages that live in the -libs subpackage into the regular
%%{_mandir} tree where they'll still be found if that package is the
    only one %installed (#529319)
2009-12-10 22:50:50 +00:00
Nalin Dahyabhai
bfccd3939a - re-enable this change:
- try to make gss_krb5_copy_ccache() work correctly for spnego (#542868)
2009-12-09 21:40:48 +00:00
Nalin Dahyabhai
ca17214610 - if the result of our attempt to look up the context is NULL, either
because the right function returned NULL or we failed to initialize the
    library, just skip it, as that's all we can do
2009-12-09 00:18:58 +00:00
Nalin Dahyabhai
f21202d6a4 back that last change out 2009-12-08 20:51:25 +00:00
Nalin Dahyabhai
2358ad9bad - try to make gss_krb5_copy_ccache() work correctly for spnego (#542868) 2009-12-08 20:05:41 +00:00