pam_krb5-32bit-2.4.13-1.36 RPM for x86_64

From OpenSuSE Leap 15.5 for x86_64

This PAM module supports authentication against a Kerberos KDC. It also
supports updating your Kerberos password.

Provides

• pam_krb5-32bit
• pam_krb5-32bit(x86-32)

Requires

• /bin/sh
• libc.so.6
• libc.so.6(GLIBC_2.0)
• libc.so.6(GLIBC_2.1)
• libc.so.6(GLIBC_2.1.2)
• libc.so.6(GLIBC_2.1.3)
• libc.so.6(GLIBC_2.15)
• libc.so.6(GLIBC_2.2)
• libc.so.6(GLIBC_2.3)
• libc.so.6(GLIBC_2.3.4)
• libc.so.6(GLIBC_2.4)
• libcom_err.so.2
• libk5crypto.so.3
• libk5crypto.so.3(k5crypto_3_MIT)
• libkrb5.so.3
• libkrb5.so.3(krb5_3_MIT)
• libpam.so.0
• libpam.so.0(LIBPAM_1.0)
• libselinux.so.1
• rpmlib(CompressedFileNames) <= 3.0.4-1
• rpmlib(FileDigests) <= 4.6.0-1
• rpmlib(PayloadFilesHavePrefix) <= 4.0-1
• rpmlib(PayloadIsXz) <= 5.2-1

License

BSD-3-Clause or LGPL-2.1+

Changelog

* Wed Jul 26 2017 josef.moellers@suse.com
  - Update to 2.4.13:
    * Fix a memory leak on FAST-capable clients
    * Learn to run 'kdc' and 'kpasswdd', if appropriate
    * Add the ability to specify a server principal
    * Drop _pam_krb5_stash_chown_keyring functionality
    * Fix a configure syntax error
    * Handle ccname templates that don't include a type
    * Fix a memory leak (static analysis)
    * default to subsequent_prompt=false for chauthtok
    * Don't close descriptors for fork-without-exec
    * Handle PKINIT without duplicate prompting
    * Add support for rxkad-k5-kdf
    [pam_krb5-LINGUAS.dif]
* Wed May 28 2014 ckornacker@suse.com
  - serialize make process to prevent build failures on s390
* Tue Apr 16 2013 mc@suse.de
  - update to version 2.4.4
    * drop configuration settings that duplicated library settings
    * drop the existing_ticket option
    * drop krb4 support
    * add support for preserving configuration information in ccaches
    * add support for creating and cleaning up DIR: ccaches
    * finish cleaning up KEYRING: ccaches
    * add experimental "armor" and "armor_strategy" options
    * handle creation of /run/user/XXX for FILE: and DIR: caches
    * handle different function signatures for krb5_trace_callback
    * avoid overriding the primary when updating DIR: caches
  - obsolets patches (upstream):
    * pam_krb5-2.2.0-0.5-configure_ac.dif
    * use-urandom-for-tests.dif
* Thu Mar 07 2013 cfarrell@suse.com
  - license update: BSD-3-Clause or LGPL-2.1+
    it is a dual license - hence the operator is ^or^ not ^and^
* Fri Mar 01 2013 coolo@suse.com
  - update license to new format
* Tue Aug 23 2011 mc@suse.de
  - disable checks during build. Does not work reliable in the
    buildservice
* Sun Aug 21 2011 mc@novell.com
  - update to version 2.3.13
    * don't bother creating a v5 ccache in "external" mode
    * add a "trace" option to enable libkrb5 tracing, if available
    * avoid trying to get password-change creds twice
    * use an in-memory ccache when obtaining tokens using v5 creds
    * turn off creds==session in "sshd"
    * add a "validate_user_user" option to control trying to perform
      user-to-user authentication to validate TGTs when a keytab is not
      available
    * add an "ignore_k5login" option to control whether or not the module
      will use the krb5_kuserok() function to perform additional
      authorization checks
    * turn on validation by default - verify_ap_req_nofail controls how we
      treat errors reading keytab files now
    * add an "always_allow_localname" option when we can use
      krb5_aname_to_localname() to second-guess the krb5_kuserok() check
    * prefer krb5_change_password() to krb5_set_password()
* Tue Mar 01 2011 mc@suse.de
  - make pam_sm_setcred less verbose (bnc#641008)
* Fri Nov 19 2010 coolo@novell.com
  - remove autoreconf call - breaks more than it helps
* Mon Mar 22 2010 mc@suse.de
  - update to version 2.3.11
    * create credentials before trying to look up the location of
      the user's home directory via krb5_kuserok()
* Thu Mar 04 2010 mc@suse.de
  - update to version 2.3.10-3
    * add a "chpw_prompt" option
    * add a "multiple_ccaches" option
    * fine-tune the logic for selecting which key we use for
      validating credentials
    * fixes
* Mon Feb 01 2010 jengelh@medozas.de
  - package baselibs.conf
* Tue Nov 03 2009 coolo@novell.com
  - updated patches to apply with fuzz=0
* Mon Jul 27 2009 mc@novell.com
  - version 2.3.7
    * when refreshing credentials, store the new creds in the default
      ccache if $KRB5CCNAME isn't set.
    * prefer a "host" key, if one is found, when validating TGTs
* Wed Jun 24 2009 sbrabec@suse.cz
  - Supplement pam-32bit/pam-64bit in baselibs.conf (bnc#354164).
* Mon Jun 15 2009 mc@suse.de
  - compile fixes for krb5 1.7
* Mon Jun 08 2009 mc@suse.de
  - update to version 2.3.5
    * make prompting behavior for non-existent accounts and users who
      just press enter match up with those who aren't/don't (#502602,
      CVE-2009-1384)
* Wed May 20 2009 mc@suse.de
  - update to version 2.3.4
    * don't request password-changing credentials using the same options
      we use for ticket-granting tickets
    * close a couple of open pipes to defunct processes, fix a couple
      of debug messages
    * fix ccache permissions bypass when the "existing_ticket" option is
      used (CVE-2008-3825, which affects 2.2.0-2.2.25, 2.3.0, and 2.3.1)
  - obsolete a lot of patches.

Files

/lib/security
/lib/security/pam_krb5.so
/lib/security/pam_krb5afs.so

Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Jul 9 18:11:13 2024