af9bedd61a- stop exporting kadmin keys to a keytab file when kadmind starts -- the daemon's been able to use the database directly for a long long time now - belatedly add aes128,aes256 to the default set of supported key types
Nalin Dahyabhai
2008-04-04 21:29:53 +0000
f56b6ee2dbbump for build
Nalin Dahyabhai
2008-04-01 20:54:54 +0000
ddde7d0f6e- libgssapi_krb5: properly export the acceptor subkey when creating a lucid context (Kevin Coffman, via the nfs4 mailing list)
Nalin Dahyabhai
2008-04-01 20:53:54 +0000
7668599d1d- add fixes from MITKRB5-SA-2008-001 for use of null or dangling pointer when v4 compatibility is enabled on the KDC (CVE-2008-0062, CVE-2008-0063, #432620, #432621) - add fixes from MITKRB5-SA-2008-002 for array out-of-bounds accesses when high-numbered descriptors are used (CVE-2008-0947, #433596) - add backport bug fix for an attempt to free non-heap memory in libgssapi_krb5 (CVE-2007-5901, #415321) - add backport bug fix for a double-free in out-of-memory situations in libgssapi_krb5 (CVE-2007-5971, #415351)
Nalin Dahyabhai
2008-03-18 18:13:22 +0000
e7e5a76eb7- remove a couple of hunks where on third look we don't need to be using WRITABLEFOPEN instead of fopen, because the mode doesn't include writing
Nalin Dahyabhai
2008-03-18 15:49:52 +0000
638efe585f- rework file labeling patch to not depend on fragile preprocessor trickery, in another attempt at fixing #428355 and friends
Nalin Dahyabhai
2008-03-18 15:35:39 +0000
723980d239bump release number for rebuild
Nalin Dahyabhai
2008-02-26 21:48:24 +0000
d4963922a8- ftp: add patch to fix "runique on" case when globbing fixes applied - stop adding a redundant but harmless call to initialize the gssapi internals
Nalin Dahyabhai
2008-02-26 21:18:38 +0000
2a567feda3- add the bug ID, close the bug
Nalin Dahyabhai
2008-02-25 20:55:41 +0000
d5971d2776- add patch to suppress double-processing of /etc/krb5.conf when we build with --sysconfdir=/etc, thereby suppressing double-logging (#231147)
Nalin Dahyabhai
2008-02-25 20:53:41 +0000
d73fcc15fb- remove a patch to fix problems with interfaces which are "up" but which have no address assigned which conflicted with a change to fix the same problem in 1.5 (#200979)
Nalin Dahyabhai
2008-02-25 19:58:51 +0000
2cc4303bbc- ftp: don't lose track of a descriptor on passive get when the server fails to open a file
Nalin Dahyabhai
2008-02-25 19:50:42 +0000
a7d42c7b03- in login, allow PAM to interact with the user when they've been strongly authenticated - in login, signal PAM when we're changing an expired password that it's an expired password, so that when cracklib flags a password as being weak it's treated as an error even if we're running as root
Nalin Dahyabhai
2008-02-25 18:33:34 +0000
ea9df965b8comment: Treat 'nsAccountLock: true' the same as 'loginDisabled: true'. RT#5891
Nalin Dahyabhai
2008-02-25 18:32:02 +0000
8e9e1c07b0- drop netdb patch - kdb_ldap: add patch to treat 'nsAccountLock: true' as an indication that the DISALLOW_ALL_TIX flag is set on an entry, for better interop with Fedora, Netscape, Red Hat Directory Server (Simo Sorce)
Nalin Dahyabhai
2008-02-18 18:44:39 +0000
d64960eca0- the constants are now provided even without __USE_GNU, so no need for this
Nalin Dahyabhai
2008-02-18 16:54:29 +0000
a77ce35c52- avoid depending on <netdb.h> to define NI_MAXHOST and NI_MAXSERV for us
Nalin Dahyabhai
2008-02-13 23:10:32 +0000
7ccda19051- a second approach proposed in RT
Nalin Dahyabhai
2008-02-12 16:28:13 +0000
e4d2a874a4- enable patch for key-expiration reporting - enable patch to make kpasswd fall back to TCP if UDP fails - enable patch to make kpasswd use the right sequence number on retransmit - enable patch to allow mech-specific creds delegated under spnego to be found when searching for creds
Nalin Dahyabhai
2008-02-12 16:22:38 +0000
3d4d8cf991- note RT numbers for reference - include but don't apply the other suggested patch for kpasswd-doesn't-use-tcp
Nalin Dahyabhai
2008-01-23 18:27:03 +0000
dcfbb5995a- revise to reference a different patch which we also don't apply
Nalin Dahyabhai
2008-01-03 16:51:53 +0000
3a41ec53ed- less invasive approach to letting kpasswd hit tcp-only servers
Nalin Dahyabhai
2008-01-03 16:51:16 +0000
f25a7f96a5- reference unapplied patch to fix password-changing with servers other than the first one we try to contact - reference bug 242502 (rawhide) instead of 242500 (rhel)
Nalin Dahyabhai
2008-01-03 15:47:35 +0000
1343fd1973- bump the release
Nalin Dahyabhai
2008-01-02 17:06:19 +0000
48872e3b7b- right, new year
Nalin Dahyabhai
2008-01-02 17:05:02 +0000
f072055a76- some init script cleanups - drop unquoted check and silent exit for "$NETWORKING" (#426852, #242500) - krb524: don't barf on missing database if it looks like we're using kldap, same as for kadmin - return non-zero status for missing files which cause startup to fail
Nalin Dahyabhai
2008-01-02 17:03:38 +0000
0aaa920daa- allocate space for the nul-terminator in the local pathname when looking up a file context, and properly free a previous context (Jose Plans, #426085)
Nalin Dahyabhai
2007-12-18 18:34:06 +0000
6c3186e173note the CVE for needing the revised patch
Nalin Dahyabhai
2007-11-13 21:58:04 +0000
4ba98f8eabadd duplicate bug id
Nalin Dahyabhai
2007-11-13 21:41:20 +0000
acf89fe1danote the RT number
Nalin Dahyabhai
2007-11-09 15:40:20 +0000
276a481e88- update to 1.6.3, dropping now-integrated patches for CVE-2007-3999 and CVE-2007-4000 (the new pkinit module is built conditionally and goes into the -pkinit-openssl package, at least for now, to make a buildreq loop with openssl avoidable)
Nalin Dahyabhai
2007-10-23 19:40:45 +0000
a0f391756d- make proper use of pam_loginuid and pam_selinux in rshd and ftpd
Nalin Dahyabhai
2007-10-17 17:48:52 +0000
345c67344cmakefile update to properly grab makefile.common
Bill Nottingham
2007-10-15 18:56:42 +0000
528eff0ac5- make krb5.conf %%verify(not md5 size mtime) in addition to %%config(noreplace), like /etc/nsswitch.conf (#329811)
Nalin Dahyabhai
2007-10-12 18:32:28 +0000
6e3299423a- proposed fix for not being able to find delegated krb5 creds when using spnego
Nalin Dahyabhai
2007-10-04 22:08:39 +0000
359196dde6- revert to the version that hit upstream SVN
Nalin Dahyabhai
2007-10-04 21:44:02 +0000
1bb4c4c0c2- reflect the adjustment just submitted to upstream RT #5802
Nalin Dahyabhai
2007-10-01 21:39:09 +0000
1dd0ff3e30- proposed patch to fix receipt of delegated creds in mod_auth_kerb
Nalin Dahyabhai
2007-10-01 19:40:47 +0000
14a08486e8- add the bug ID to the kadmind fixes, note Fran's patch was identical to the one I thought we were already using in the F-7 branch
Nalin Dahyabhai
2007-09-17 20:47:02 +0000
995166d33c- undef functions that we override before redefining them; ultimately this will have to be completely reworked to not use preprocessor magic because it's gotten way uglier than originally planned
Nalin Dahyabhai
2007-09-17 20:46:21 +0000
2688de92f1- move the db2 kdb plugin from -server to -libs, because a multilib libkdb might need it
Nalin Dahyabhai
2007-09-11 20:52:15 +0000
f330d3856e- don't exit if we have a kldap db
Nalin Dahyabhai
2007-09-11 19:03:15 +0000
83381c77e7- also perform PAM session and credential management when ftpd accepts a client using strong authentication, missed earlier - also label kadmind log files and files created by the db2 plugin
Nalin Dahyabhai
2007-09-11 14:12:38 +0000
71c80f37b5- also label kadmind log files and files created by the db2 plugin
Nalin Dahyabhai
2007-09-11 14:12:03 +0000
c6b195a8d3- ftpd: also do PAM management for clients who use strong authentication
Nalin Dahyabhai
2007-09-11 14:11:22 +0000
d360ed53e4- label all files at creation-time according to the SELinux policy (#228157)
Nalin Dahyabhai
2007-06-25 00:55:25 +0000
29d9e8c00d- apply a label to all files upon creation
Nalin Dahyabhai
2007-06-25 00:54:13 +0000
5899ab24a3- also don't error out in the --disable-shared case, which while it doesn't actually build to completion, is pretty handy for testing build changes
Nalin Dahyabhai
2007-06-25 00:52:53 +0000
dbbe71ef2d- adjust the login-specific bits for changes which were made for ftpd
Nalin Dahyabhai
2007-06-25 00:50:30 +0000
8f7d649fe0- that should work better
Nalin Dahyabhai
2007-06-22 23:21:07 +0000
e773dcc288- um, maybe not just yet
Nalin Dahyabhai
2007-06-22 22:33:07 +0000
2ecf4e22d8nope, we don't provide that file
Nalin Dahyabhai
2007-06-22 22:15:03 +0000
70ccd082ae- oops, note that pam changes went in, too
Nalin Dahyabhai
2007-06-22 22:10:15 +0000
117cdbbea7- preprocess kerberos.ldif into a format FDS will like better, and include that as a doc file as well
Nalin Dahyabhai
2007-06-22 22:06:27 +0000
37416c24a6- switch man pages to being generated with the right paths in them - drop old, incomplete SELinux patch - add patch from Greg Hudson to make srvtab routines report missing-file errors at same point that keytab routines do (#241805)
Nalin Dahyabhai
2007-06-22 22:04:38 +0000
513d8d8504- patch to make srvtab routines report missing-file errors at the same point that the keytab routines do
Nalin Dahyabhai
2007-06-22 22:03:42 +0000
547fdc81db- PAM support for rshd, login (used by telnet and rlogind), and ftpd
Nalin Dahyabhai
2007-06-22 22:03:14 +0000
3f47a21b9d- filename listing all of the man pages in the source tree, so that the .spec file can rename them from $foo to $foo.in - patch to replace absolute paths in man pages with configure-based values, and to generate man pages
Nalin Dahyabhai
2007-06-22 22:02:16 +0000
b892316bf5- actually use a configuration file that's not login's as a template
Nalin Dahyabhai
2007-06-22 22:00:29 +0000
7f177b9be9- PAM configuration for ftpd
Nalin Dahyabhai
2007-06-22 21:57:16 +0000
5627f959d0- PAM configuration for krshd when encryption is being used
Nalin Dahyabhai
2007-06-22 21:56:56 +0000
0ac131442d- PAM configuration for krshd when encryption is not being used
Nalin Dahyabhai
2007-06-22 21:56:36 +0000
ad9d82cb5c- pull patch from svn to undo unintentional chattiness in ftp - pull patch from svn to handle NULL krb5_get_init_creds_opt structures better in a couple of places where they're expected
Nalin Dahyabhai
2007-05-24 15:43:24 +0000
d36d579aba- patch from svn to fixup a couple of get_init_creds_opt problems
Nalin Dahyabhai
2007-05-24 15:41:33 +0000
40bfa86a85- patch from svn to fix debug spew in ftp
Nalin Dahyabhai
2007-05-24 15:41:11 +0000
3f30bc2d6dbump release number
Nalin Dahyabhai
2007-05-23 22:06:26 +0000
7877c27fc3- bump to 1.6.1
Nalin Dahyabhai
2007-05-23 21:48:27 +0000
15a4beabc5- obsolete by 1.6.1 release
Nalin Dahyabhai
2007-05-23 21:48:08 +0000
c0edd9e442- obsoleted by krb5-1.6-manpage-paths.patch
Nalin Dahyabhai
2007-05-23 21:47:42 +0000
65b44dedbe- experimental patch to ignore empty values for various environment values
Nalin Dahyabhai
2007-05-23 21:46:54 +0000
5aa33883de- as before, but get the location of the kpropd acl file correct
Nalin Dahyabhai
2007-05-23 21:39:31 +0000
a9c20b1574- kadmind.init: don't fail outright if the default principal database isn't there if it looks like we might be using the kldap plugin - kadmind.init: attempt to extract the key for the host-specific kadmin service when we try to create the keytab
Nalin Dahyabhai
2007-05-18 22:16:16 +0000
ea9e19241a- omit dependent libraries from the krb5-config --libs output, as using shared libraries (no more static libraries) makes them unnecessary and they're not part of the libkrb5 interface (patch by Rex Dieter, #240220) (strips out libkeyutils, libresolv, libdl)
Nalin Dahyabhai
2007-05-16 19:48:19 +0000
a7114b4891- pull in keyutils as a build requirement to get the "KEYRING:" ccache type, because we've merged
Nalin Dahyabhai
2007-05-04 19:03:00 +0000
a321e486d2- fix an uninitialized length value which could cause a crash when parsing key data coming from a directory server - correct a typo in the krb5.conf man page ("ldap_server"->"ldap_servers")
Nalin Dahyabhai
2007-05-04 18:10:01 +0000