rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity
211 Commits 9 Branches 46 Tags 7.8 MiB
a7d42c7b03
Commit Graph

211 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nalin Dahyabhai
a7d42c7b03 - in login, allow PAM to interact with the user when they've been strongly 
authenticated
- in login, signal PAM when we're changing an expired password that it's an
    expired password, so that when cracklib flags a password as being weak
    it's treated as an error even if we're running as root
 2008-02-25 18:33:34 +00:00
Nalin Dahyabhai
ea9df965b8 comment: Treat 'nsAccountLock: true' the same as 'loginDisabled: true'. 
RT#5891
 2008-02-25 18:32:02 +00:00
Nalin Dahyabhai
8e9e1c07b0 - drop netdb patch 
- kdb_ldap: add patch to treat 'nsAccountLock: true' as an indication that
    the DISALLOW_ALL_TIX flag is set on an entry, for better interop with
    Fedora, Netscape, Red Hat Directory Server (Simo Sorce)
 2008-02-18 18:44:39 +00:00
Nalin Dahyabhai
d64960eca0 - the constants are now provided even without __USE_GNU, so no need for 
this
 2008-02-18 16:54:29 +00:00
Nalin Dahyabhai
a77ce35c52 - avoid depending on <netdb.h> to define NI_MAXHOST and NI_MAXSERV for us 2008-02-13 23:10:32 +00:00
Nalin Dahyabhai
820100e165 - wow, fix a syntax error 2008-02-12 21:03:29 +00:00
Nalin Dahyabhai
7ccda19051 - a second approach proposed in RT 2008-02-12 16:28:13 +00:00
Nalin Dahyabhai
e4d2a874a4 - enable patch for key-expiration reporting 
- enable patch to make kpasswd fall back to TCP if UDP fails
- enable patch to make kpasswd use the right sequence number on retransmit
- enable patch to allow mech-specific creds delegated under spnego to be
    found when searching for creds
 2008-02-12 16:22:38 +00:00
Nalin Dahyabhai
3d4d8cf991 - note RT numbers for reference 
- include but don't apply the other suggested patch for
    kpasswd-doesn't-use-tcp
 2008-01-23 18:27:03 +00:00
Nalin Dahyabhai
dcfbb5995a - revise to reference a different patch which we also don't apply 2008-01-03 16:51:53 +00:00
Nalin Dahyabhai
3a41ec53ed - less invasive approach to letting kpasswd hit tcp-only servers 2008-01-03 16:51:16 +00:00
Nalin Dahyabhai
f25a7f96a5 - reference unapplied patch to fix password-changing with servers other 
than the first one we try to contact
- reference bug 242502 (rawhide) instead of 242500 (rhel)
 2008-01-03 15:47:35 +00:00
Nalin Dahyabhai
1343fd1973 - bump the release 2008-01-02 17:06:19 +00:00
Nalin Dahyabhai
48872e3b7b - right, new year 2008-01-02 17:05:02 +00:00
Nalin Dahyabhai
f072055a76 - some init script cleanups 
- drop unquoted check and silent exit for "$NETWORKING" (#426852, #242500)
- krb524: don't barf on missing database if it looks like we're using
    kldap, same as for kadmin
- return non-zero status for missing files which cause startup to fail
 2008-01-02 17:03:38 +00:00
Nalin Dahyabhai
0aaa920daa - allocate space for the nul-terminator in the local pathname when looking 
up a file context, and properly free a previous context (Jose Plans,
    #426085)
 2007-12-18 18:34:06 +00:00
Nalin Dahyabhai
ea868608c1 rebuild 2007-12-05 15:21:20 +00:00
Nalin Dahyabhai
6c3186e173 note the CVE for needing the revised patch 2007-11-13 21:58:04 +00:00
Nalin Dahyabhai
4ba98f8eab add duplicate bug id 2007-11-13 21:41:20 +00:00
Nalin Dahyabhai
acf89fe1da note the RT number 2007-11-09 15:40:20 +00:00
Nalin Dahyabhai
276a481e88 - update to 1.6.3, dropping now-integrated patches for CVE-2007-3999 and 
CVE-2007-4000 (the new pkinit module is built conditionally and goes
    into the -pkinit-openssl package, at least for now, to make a buildreq
    loop with openssl avoidable)
 2007-10-23 19:40:45 +00:00
Nalin Dahyabhai
a0f391756d - make proper use of pam_loginuid and pam_selinux in rshd and ftpd 2007-10-17 17:48:52 +00:00
Bill Nottingham
345c67344c makefile update to properly grab makefile.common 2007-10-15 18:56:42 +00:00
Nalin Dahyabhai
528eff0ac5 - make krb5.conf %%verify(not md5 size mtime) in addition to 
%%config(noreplace), like /etc/nsswitch.conf (#329811)
 2007-10-12 18:32:28 +00:00
Nalin Dahyabhai
6e3299423a - proposed fix for not being able to find delegated krb5 creds when using 
spnego
 2007-10-04 22:08:39 +00:00
Nalin Dahyabhai
359196dde6 - revert to the version that hit upstream SVN 2007-10-04 21:44:02 +00:00
Nalin Dahyabhai
1bb4c4c0c2 - reflect the adjustment just submitted to upstream RT #5802 2007-10-01 21:39:09 +00:00
Nalin Dahyabhai
1dd0ff3e30 - proposed patch to fix receipt of delegated creds in mod_auth_kerb 2007-10-01 19:40:47 +00:00
Nalin Dahyabhai
14a08486e8 - add the bug ID to the kadmind fixes, note Fran's patch was identical to 
the one I thought we were already using in the F-7 branch
 2007-09-17 20:47:02 +00:00
Nalin Dahyabhai
995166d33c - undef functions that we override before redefining them; ultimately this 
will have to be completely reworked to not use preprocessor magic
    because it's gotten way uglier than originally planned
 2007-09-17 20:46:21 +00:00
Nalin Dahyabhai
2688de92f1 - move the db2 kdb plugin from -server to -libs, because a multilib libkdb 
might need it
 2007-09-11 20:52:15 +00:00
Nalin Dahyabhai
f330d3856e - don't exit if we have a kldap db 2007-09-11 19:03:15 +00:00
Nalin Dahyabhai
83381c77e7 - also perform PAM session and credential management when ftpd accepts a 
client using strong authentication, missed earlier
- also label kadmind log files and files created by the db2 plugin
 2007-09-11 14:12:38 +00:00
Nalin Dahyabhai
71c80f37b5 - also label kadmind log files and files created by the db2 plugin 2007-09-11 14:12:03 +00:00
Nalin Dahyabhai
c6b195a8d3 - ftpd: also do PAM management for clients who use strong authentication 2007-09-11 14:11:22 +00:00
Nalin Dahyabhai
8684e97aa9 bye-bye obsolete patch 2007-09-06 21:03:00 +00:00
Nalin Dahyabhai
78cfdd7edb - incorporate updated fix for CVE-2007-3999 2007-09-06 20:20:55 +00:00
Nalin Dahyabhai
251df090d0 bump the revision 2007-09-06 20:09:14 +00:00
Nalin Dahyabhai
07adde54fa - incorporate updated fix for CVE-2007-3999 2007-09-06 20:08:19 +00:00
Nalin Dahyabhai
c4bb3c531c - fix incorrect call to test in the kadmin init script 2007-09-06 20:07:18 +00:00
Nalin Dahyabhai
b54c6a0718 - incorporate fixes for MITKRB5-SA-2007-006 (CVE-2007-3999, CVE-2007-4000) 2007-09-04 18:10:23 +00:00
Nalin Dahyabhai
9866e02a96 - Do what the rfc says we should do, rather than what the error message 
suggests we're doing.
 2007-09-04 16:34:44 +00:00
Nalin Dahyabhai
929680a650 add missing gawk buildrequirement 2007-08-25 05:12:34 +00:00
Nalin Dahyabhai
8499d2199c - actually bump the release number 2007-08-25 04:33:13 +00:00
Nalin Dahyabhai
5502d6651d - cover more cases in labeling files on creation 2007-08-25 04:31:34 +00:00
Nalin Dahyabhai
e0443e5457 - experimental ok-as-delegate setting patch (not applied) 2007-08-25 04:28:10 +00:00
Nalin Dahyabhai
79f8a98d4f rebuild 2007-08-23 20:50:42 +00:00
Nalin Dahyabhai
2f7dffc0f3 - include but don't apply 2007-07-26 19:08:20 +00:00
Nalin Dahyabhai
7f381af05d - test patch for login chdir when $HOME is on root-squashed nfs 2007-07-26 19:07:22 +00:00
Nalin Dahyabhai
c7cc1d7d29 - test patch for password expiration reporting 2007-07-26 19:06:51 +00:00