Nalin Dahyabhai
17238354c3
don't skip the PAM account check for root or the same user (more of
...
#477033 )
2010-05-27 20:53:30 +00:00
Nalin Dahyabhai
ccdc4a4228
- ksu: move session management calls to before we drop privileges, like su
...
does (#596887 )
2010-05-27 20:01:43 +00:00
Nalin Dahyabhai
b60e63ef2b
- that -fno-strict-aliasing change merits a rebuild
2010-05-24 22:15:15 +00:00
Nalin Dahyabhai
ab9e2985db
- go back to building without strict aliasing (compiler warnings in gssrpc)
2010-05-24 21:31:38 +00:00
Nalin Dahyabhai
5d72216a22
- drop explicit linking with libtinfo for applications that use libss, now
...
that readline itself links with libtinfo (as of readline-5.2-3, since
fedora 7 or so)
2010-05-24 20:42:04 +00:00
Nalin Dahyabhai
c430745262
- make krb5-server-ldap also depend on the same version-release of
...
krb5-libs, as the other subpackages do, if only to make it clearer than
it is when we just do it through krb5-server
2010-05-24 20:07:09 +00:00
Nalin Dahyabhai
b3e836cce9
- add patch to correct GSSAPI library null pointer dereference which could
...
be triggered by malformed client requests (CVE-2010-1321, #582466 )
2010-05-18 18:14:30 +00:00
Nalin Dahyabhai
59f0148016
- fix output of kprop's init script's "status" and "reload" commands
...
(#588222 )
2010-05-04 19:32:52 +00:00
Nalin Dahyabhai
98bc7d7d76
- incorporate patch to fix double-free in the KDC (CVE-2010-1320, #581922 )
2010-04-20 18:26:39 +00:00
Nalin Dahyabhai
044f184f7a
- fix a typo in kerberos.ldif
2010-04-14 14:28:32 +00:00
Nalin Dahyabhai
b48f2bcb58
- update to 1.8.1
...
- no longer need patches for #555875 , #561174 , #563431 , RT#6661,
CVE-2010-0628
- replace buildrequires on tetex-latex with one on texlive-latex, which is
the package that provides it now
2010-04-09 13:44:05 +00:00
Nalin Dahyabhai
6b3df78771
- kdc.conf: no more need to suggest a v4 mode, or listening on the v4 port
2010-04-08 21:27:15 +00:00
Nalin Dahyabhai
8d606a93f5
- drop patch to suppress key expiration warnings sent from the KDC in the
...
last-req field, as the KDC is expected to just be configured to either
send them or not as a particular key approaches expiration (#556495 )
2010-04-08 19:14:31 +00:00
Nalin Dahyabhai
dc32b53c2d
- note why we're going to drop this patch
2010-04-08 18:53:15 +00:00
Nalin Dahyabhai
665fa22b0f
- add bug numbers for the fix for CVE-2010-0628
2010-03-23 22:56:35 +00:00
Nalin Dahyabhai
cac63d2dfa
- kdc.conf: no more need to suggest keeping keys with v4-compatible salting
2010-03-23 18:18:32 +00:00
Nalin Dahyabhai
4a2bf7dc5d
- add upstream fix for denial-of-service in SPNEGO (CVE-2010-0628)
2010-03-23 18:07:13 +00:00
Nalin Dahyabhai
1f83fab4c7
- remove the krb5-appl bits (the -workstation-clients and
...
-workstation-servers subpackages) now that krb5-appl is its own package
2010-03-19 21:15:33 +00:00
Nalin Dahyabhai
5d2ca1d225
- replace our patch for #563431 (kpasswd doesn't fall back to guessing your
...
principal name using your user name if you don't have a ccache) with
the on upstream uses
2010-03-19 21:15:10 +00:00
Nalin Dahyabhai
39cf8a4b2d
- whoops, -p level off by one
2010-03-12 22:26:03 +00:00
Nalin Dahyabhai
fafc4a2352
- add the RT entry number
2010-03-12 22:13:15 +00:00
Nalin Dahyabhai
ecf57bb1a5
- the last members of the ops structure are pointers
2010-03-12 21:09:55 +00:00
Nalin Dahyabhai
8ba624d90a
- this needs to be more portable before we try to send it upstream
2010-03-12 21:09:35 +00:00
Nalin Dahyabhai
be17b47a39
- note Sam's RT entry that this fixes
2010-03-12 21:08:54 +00:00
Nalin Dahyabhai
f3d0ea68ff
- oh wait, i did that
2010-03-12 21:08:20 +00:00
Nalin Dahyabhai
fe99267cdf
- add documentation for the ticket_lifetime option ( #561174 )
2010-03-12 20:44:02 +00:00
Nalin Dahyabhai
daa38f9cf3
- drop this; we're not going to worry about it
2010-03-11 19:24:17 +00:00
Nalin Dahyabhai
5ade34aee9
- add a header describing the what and why here
2010-03-11 19:23:59 +00:00
Nalin Dahyabhai
e03499409a
- drop this; it's not sufficient any more anyway
2010-03-11 19:20:22 +00:00
Nalin Dahyabhai
fde0ac5843
- note the RT number
2010-03-11 19:19:55 +00:00
Nalin Dahyabhai
0f6f154014
- correct a few typos
...
- note the review bug for splitting out krb5-appl
2010-03-08 20:10:52 +00:00
Nalin Dahyabhai
a32fda650f
- this patch is no longer needed; at some point between 1.7 and 1.8 this
...
was fixed in SVN
2010-03-08 18:16:23 +00:00
Nalin Dahyabhai
516763ea91
- pull up patch to get the client libraries to correctly perform password
...
changes over IPv6 (Sumit Bose, RT#6661)
2010-03-08 16:47:24 +00:00
Nalin Dahyabhai
70840ba4e4
- whoops, need these lists, too
2010-03-05 22:27:37 +00:00
Nalin Dahyabhai
75b08040ff
- update to 1.8
...
- temporarily bundling the krb5-appl package (split upstream as of 1.8)
until its package review is complete
- profile.d scriptlets are now only needed by -workstation-clients
- adjust paths in init scripts
- drop upstreamed fix for KDC denial of service (CVE-2010-0283)
- drop patch to check the user's password correctly using crypt(), which
isn't a code path we hit when we're using PAM
2010-03-05 22:19:38 +00:00
Nalin Dahyabhai
9c84ef7b56
- whoops, revert inadvertent not-working version bump
2010-03-03 16:16:35 +00:00
Nalin Dahyabhai
5ee10a1ffb
- fix a null pointer dereference and crash introduced in our PAM patch that
...
would happen if ftpd was given the name of a user who wasn't known to
the local system, limited to being triggerable by gssapi-authenticated
clients by the default xinetd config (Olivier Fourdan, #569472 )
2010-03-03 16:09:47 +00:00
Nalin Dahyabhai
d605c80ae2
- fix a regression (not labeling a kdb database lock file correctly,
...
#569902 )
2010-03-02 23:01:23 +00:00
Nalin Dahyabhai
669a15d24b
- move the package changelog to the end to match the usual style (jdennis)
...
- scrub out references to $RPM_SOURCE_DIR (jdennis)
- include a symlink to the readme with the name LICENSE so that people can
find it more easily (jdennis)
2010-02-25 23:00:23 +00:00
Nalin Dahyabhai
33efa14da1
- pull up the change to make kpasswd's behavior better match the docs when
...
there's no ccache (#563431 )
2010-02-17 23:25:50 +00:00
Nalin Dahyabhai
6a46621b1a
- forwardable=yes -> forwardable=true, which should mean the same thing,
...
but matches the man page better
- take port numbers off of the server names; i'm assuming that it's rare
for them to need specifying because i assume the defaults are used more
often than not
2010-02-16 22:38:25 +00:00
Nalin Dahyabhai
20683b0e60
- whoops, that's the wrong filename for the patch
2010-02-16 22:15:46 +00:00
Nalin Dahyabhai
19c7a3451b
- upstream patch to correct a denial-of-service in KDCs in 1.7 and later
2010-02-16 21:53:47 +00:00
Nalin Dahyabhai
c84cd0185b
- apply patch from upstream to fix KDC denial of service (CVE-2010-0283,
...
#566002 )
2010-02-16 21:45:25 +00:00
Nalin Dahyabhai
edcbea8d17
- update to 1.7.1
...
- don't trip AD lockout on wrong password (#542687 , #554351 )
- incorporates fixes for CVE-2009-4212 and CVE-2009-3295
- fixes gss_krb5_copy_ccache() when SPNEGO is used
- move sim_client/sim_server, gss-client/gss-server, uuclient/uuserver to
the devel subpackage, better lining up with the expected krb5/krb5-appl
split in 1.8
- drop kvno,kadmin,k5srvutil,ktutil from -workstation-servers, as it
already depends on -workstation which also includes them
2010-02-03 17:11:35 +00:00
Nalin Dahyabhai
f20db54891
- tighten up default permissions on kdc.conf and kadm5.acl ( #558343 )
2010-01-25 16:58:14 +00:00
Nalin Dahyabhai
9a31789f24
- use portreserve correctly -- portrelease takes the basename of the file
...
whose entries should be released, so we need three files, not one
2010-01-22 15:08:24 +00:00
Nalin Dahyabhai
304c10003d
- suppress warnings of impending password expiration if expiration is more
...
than seven days away when the KDC reports it via the last-req field,
just as we already do when it reports expiration via the key-expiration
field (#556495 )
- link with libtinfo rather than libncurses, when we can, in future RHEL
2010-01-18 20:13:04 +00:00
Nalin Dahyabhai
fba11018d1
- suppress warnings of impending password expiration if expiration is more
...
than seven days away when the KDC reports it via the last-req field,
just as we already do when it reports expiration via the key-expiration
field (#556495 )
2010-01-18 20:03:17 +00:00
Nalin Dahyabhai
da536a5974
- krb5_get_init_creds_password: check opte->flags instead of options->flags
...
when checking whether or not we get to use the prompter callback
(#555875 )
2010-01-15 20:24:36 +00:00