Commit Graph

13 Commits

Author SHA1 Message Date
Robbie Harwood (frozencemetery)
6cb6b69409 Support config snippets in /etc/krb5.conf.d/ and /usr/share/krb5.conf.d/
Resolves: rhbz#1225792, rhbz#1146370, rhbz#1145808
2015-09-10 19:45:12 +00:00
Nalin Dahyabhai
977a60b72c set "rdns = false" in the default krb5.conf
set "rdns = false" in the default krb5.conf (#908323)
2013-02-08 10:29:14 -05:00
Nalin Dahyabhai
f2a7c1df57 - comment out example.com examples in default krb5.conf (Stef Walter, #805320) 2012-03-20 18:21:01 -04:00
Stef Walter
2da8874065 Change back dns_lookup_kdc to the default
The specifications recommend against using TXT records to mapping
hostnames to realms. However they do not recommend against using
SRV records to lookup the KDC.

Change back to the MIT default of enabling DNS for KDC lookup.
This allows automatic configuration and failover.

A theoretical attack involving SRV records could be similarly
accomplished by a similar attack involving the A records for
the KDC hosts.
2012-03-20 18:16:59 -04:00
Nalin Dahyabhai
6a46621b1a - forwardable=yes -> forwardable=true, which should mean the same thing,
but matches the man page better
- take port numbers off of the server names; i'm assuming that it's rare
    for them to need specifying because i assume the defaults are used more
    often than not
2010-02-16 22:38:25 +00:00
Nalin Dahyabhai
fae1002a8e - drop pam_krb5-specific settings which override library defaults
- drop v4-specific default_domain
2009-06-04 22:35:56 +00:00
Nalin Dahyabhai
160a188e65 - merge back changes made between fc6 and rawhide to date
- somewhere in here we fixed the spelling of James's last name
2007-01-22 21:27:49 +00:00
Nalin Dahyabhai
f3820b972d - preserve timestamps on profile.d shell scriptlets
- first cut at making RPM scriptlets failproof for install-info
- pull up pre-generated PDF docs so that we don't have multiarch
    differences due to document IDs, timestamps, and compressed data,
- pull up the script to make sure that the PDF matches its source to guard
    against the package maintainer forgetting to update when we move to a
    new release
2007-01-22 21:23:54 +00:00
Nalin Dahyabhai
3ffdc43878 - don't bail from the KDC init script if there's no database, it may be in
a different location than the default (fenlason)
- remove the [kdc] section from the default krb5.conf -- doesn't seem to
    have been applicable for a while
2006-10-23 20:23:05 +00:00
Nalin Dahyabhai
708fedd9ea - update to 1.4
- v1.4 kadmin client requires a v1.4 kadmind on the server, or use the "-O"
    flag to specify that it should communicate with the server using the
    older protocol
- new libkrb5support library
- v5passwdd and kadmind4 are gone
- versioned symbols
- pick up $KRB5KDC_ARGS from /etc/sysconfig/krb5kdc, if it exists, and pass
    it on to krb5kdc
- pick up $KADMIND_ARGS from /etc/sysconfig/kadmin, if it exists, and pass
    it on to kadmind
- pick up $KRB524D_ARGS from /etc/sysconfig/krb524, if it exists, and pass
    it on to krb524d *instead of* "-m"
- set "forwardable" in [libdefaults] in the default krb5.conf to match the
    default setting which we supply for pam_krb5
- set a default of 24h for "ticket_lifetime" in [libdefaults], reflecting
    the compiled-in default
2005-02-24 23:16:08 +00:00
cvsdist
dc2fe09903 auto-import changelog data from krb5-1.3.1-7.src.rpm
Mon Nov 24 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-7
- fix combination of --with-netlib and --enable-dns
Tue Nov 18 2003 Nalin Dahyabhai <nalin@redhat.com>
- remove libdefault ticket_lifetime option from the default krb5.conf, it
    is ignored by libkrb5
2004-09-09 07:16:33 +00:00
cvsdist
f58b9ed595 auto-import krb5-1.2.3-5 from krb5-1.2.3-5.src.rpm 2004-09-09 07:11:12 +00:00
cvsdist
af3b5464f0 auto-import changelog data from krb5-1.2.1-8.src.rpm
Wed Aug 16 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix summaries and descriptions
- switched the default transfer protocol from PORT to PASV as proposed on
    bugzilla (#16134), and to match the regular ftp package's behavior
Wed Jul 19 2000 Jeff Johnson <jbj@redhat.com>
- rebuild to compress man pages.
Sat Jul 15 2000 Bill Nottingham <notting@redhat.com>
- move initscript back
Fri Jul 14 2000 Nalin Dahyabhai <nalin@redhat.com>
- disable servers by default to keep linuxconf from thinking they need to
    be started when they don't
Thu Jul 13 2000 Prospector <bugzilla@redhat.com>
- automatic rebuild
Mon Jul 10 2000 Nalin Dahyabhai <nalin@redhat.com>
- change cleanup code in post to not tickle chkconfig
- add grep as a Prereq: for -libs
Thu Jul 06 2000 Nalin Dahyabhai <nalin@redhat.com>
- move condrestarts to postun
- make xinetd configs noreplace
- add descriptions to xinetd configs
- add /etc/init.d as a prereq for the -server package
- patch to properly truncate $TERM in krlogind
Fri Jun 30 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to 1.2.1
- back out Tom Yu's patch, which is a big chunk of the 1.2 -> 1.2.1 update
- start using the official source tarball instead of its contents
Thu Jun 29 2000 Nalin Dahyabhai <nalin@redhat.com>
- Tom Yu's patch to fix compatibility between 1.2 kadmin and 1.1.1 kadmind
- pull out 6.2 options in the spec file (sonames changing in 1.2 means it's
    not compatible with other stuff in 6.2, so no need)
Wed Jun 28 2000 Nalin Dahyabhai <nalin@redhat.com>
- tweak graceful start/stop logic in post and preun
Mon Jun 26 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to the 1.2 release
- ditch a lot of our patches which went upstream
- enable use of DNS to look up things at build-time
- disable use of DNS to look up things at run-time in default krb5.conf
- change ownership of the convert-config-files script to root.root
- compress PS docs
- fix some typos in the kinit man page
- run condrestart in server post, and shut down in preun
Mon Jun 19 2000 Nalin Dahyabhai <nalin@redhat.com>
- only remove old krb5server init script links if the init script is there
Sat Jun 17 2000 Nalin Dahyabhai <nalin@redhat.com>
- disable kshell and eklogin by default
Thu Jun 15 2000 Nalin Dahyabhai <nalin@redhat.com>
- patch mkdir/rmdir problem in ftpcmd.y
- add condrestart option to init script
- split the server init script into three pieces and add one for kpropd
Wed Jun 14 2000 Nalin Dahyabhai <nalin@redhat.com>
- make sure workstation servers are all disabled by default
- clean up krb5server init script
Fri Jun 09 2000 Nalin Dahyabhai <nalin@redhat.com>
- apply second set of buffer overflow fixes from Tom Yu
- fix from Dirk Husung for a bug in buffer cleanups in the test suite
- work around possibly broken rev binary in running test suite
- move default realm configs from /var/kerberos to /var/kerberos
Tue Jun 06 2000 Nalin Dahyabhai <nalin@redhat.com>
- make ksu and v4rcp owned by root
Sat Jun 03 2000 Nalin Dahyabhai <nalin@redhat.com>
- use %{_infodir} to better comply with FHS
- move .so files to -devel subpackage
- tweak xinetd config files (bugs #11833, #11835, #11836, #11840)
- fix package descriptions again
Wed May 24 2000 Nalin Dahyabhai <nalin@redhat.com>
- change a LINE_MAX to 1024, fix from Ken Raeburn
- add fix for login vulnerability in case anyone rebuilds without krb4
    compat
- add tweaks for byte-swapping macros in krb.h, also from Ken
- add xinetd config files
- make rsh and rlogin quieter
- build with debug to fix credential forwarding
- add rsh as a build-time req because the configure scripts look for it to
    determine paths
Wed May 17 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix config_subpackage logic
Tue May 16 2000 Nalin Dahyabhai <nalin@redhat.com>
- remove setuid bit on v4rcp and ksu
- apply patches from Jeffrey Schiller to fix overruns Chris Evans found
- reintroduce configs subpackage for use in the errata
- add PreReq: sh-utils
Mon May 15 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix double-free in the kdc (patch merged into MIT tree)
- include convert-config-files script as a documentation file
Wed May 03 2000 Nalin Dahyabhai <nalin@redhat.com>
- patch ksu man page because the -C option never works
- add access() checks and disable debug mode in ksu
- modify default ksu build arguments to specify more directories in
    CMD_PATH and to use getusershell()
Wed May 03 2000 Bill Nottingham <notting@redhat.com>
- fix configure stuff for ia64
Mon Apr 10 2000 Nalin Dahyabhai <nalin@redhat.com>
- add LDCOMBINE=-lc to configure invocation to use libc versioning (bug
    #10653)
- change Requires: for/in subpackages to include 1.2.1
Wed Apr 05 2000 Nalin Dahyabhai <nalin@redhat.com>
- add man pages for kerberos(1), kvno(1), .k5login(5)
- add kvno to -workstation
Mon Apr 03 2000 Nalin Dahyabhai <nalin@redhat.com>
- Merge krb5-configs back into krb5-libs. The krb5.conf file is marked as a
    %config file anyway.
- Make krb5.conf a noreplace config file.
Thu Mar 30 2000 Nalin Dahyabhai <nalin@redhat.com>
- Make klogind pass a clean environment to children, like NetKit's rlogind
    does.
Wed Mar 08 2000 Nalin Dahyabhai <nalin@redhat.com>
- Don't enable the server by default.
- Compress info pages.
- Add defaults for the PAM module to krb5.conf
Mon Mar 06 2000 Nalin Dahyabhai <nalin@redhat.com>
- Correct copyright: it's exportable now, provided the proper paperwork is
    filed with the government.
Fri Mar 03 2000 Nalin Dahyabhai <nalin@redhat.com>
- apply Mike Friedman's patch to fix format string problems
- don't strip off argv[0] when invoking regular rsh/rlogin
Thu Mar 02 2000 Nalin Dahyabhai <nalin@redhat.com>
- run kadmin.local correctly at startup
Mon Feb 28 2000 Nalin Dahyabhai <nalin@redhat.com>
- pass absolute path to kadm5.keytab if/when extracting keys at startup
Sat Feb 19 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix info page insertions
Wed Feb 09 2000 Nalin Dahyabhai <nalin@redhat.com>
- tweak server init script to automatically extract kadm5 keys if
    /var/kerberos/krb5kdc/kadm5.keytab doesn't exist yet
- adjust package descriptions
Thu Feb 03 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix for potentially gzipped man pages
Fri Jan 21 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix comments in krb5-configs
Fri Jan 07 2000 Nalin Dahyabhai <nalin@redhat.com>
- move /usr/kerberos/bin to end of PATH
Tue Dec 28 1999 Nalin Dahyabhai <nalin@redhat.com>
- install kadmin header files
Tue Dec 21 1999 Nalin Dahyabhai <nalin@redhat.com>
- patch around TIOCGTLC defined on alpha and remove warnings from libpty.h
- add installation of info docs
- remove krb4 compat patch because it doesn't fix workstation-side servers
Mon Dec 20 1999 Nalin Dahyabhai <nalin@redhat.com>
- remove hesiod dependency at build-time
Sun Dec 19 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu>
- rebuild on 1.1.1
Thu Oct 07 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu>
- clean up init script for server, verify that it works [jlkatz]
- clean up rotation script so that rc likes it better
- add clean stanza
Mon Oct 04 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu>
- backed out ncurses and makeshlib patches
- update for krb5-1.1
- add KDC rotation to rc.boot, based on ideas from Michael's C version
Sun Sep 26 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu>
- added -lncurses to telnet and telnetd makefiles
Mon Jul 05 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu>
- added krb5.csh and krb5.sh to /etc/profile.d
Tue Jun 22 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu>
- broke out configuration files
Mon Jun 14 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu>
- fixed server package so that it works now
Sat May 15 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu>
- started changelog
- updated existing 1.0.5 RPM from Eos Linux to krb5 1.0.6
- added --force to makeinfo commands to skip errors during build
2004-09-09 07:05:48 +00:00