lp:debian/libpam-krb5
- Get this branch:
- bzr branch lp:debian/libpam-krb5
Branch information
- Owner:
- Ubuntu branches
- Status:
- Development
Recent revisions
- 29. By Russ Allbery
-
* Upload to unstable.
* Refresh upstream signing key.
* Add debian/gbp.conf reflecting the branch layout of the default
packaging repository. - 28. By Russ Allbery
-
* Drop version qualifications on Build-Depends that are satisfied by
stable. Drop version qualifications on Depends that are satisfied by
oldstable.
* Add the upstream release signing key and verify it in debian/watch.
* Prefer *.tar.xz in debian/watch to match packaging.
* Convert debian/copyright to copyright-format 1.0.
* Specify the Debian packaging branch in the Vcs-Git control field.
* Update standards version to 3.9.5 (no changes required). - 27. By Russ Allbery
-
* Apply upstream patch to add AM_PROG_AR to configure.ac, now apparently
required by Automake for the binutils in unstable. (Closes: #713296)
* Apply upstream patch to build with largefile support. This is
probably pointless for this module, but consistency is good.
* Canonicalize the Vcs-Git and Vcs-Browser URLs.
* Update standards version to 3.9.4 (no changes required). - 26. By Russ Allbery
-
* New upstream release.
- New anon_fast option to attempt anonymous authentication and use
those credentials to provide FAST armor. (Closes: #626509)
- New user_realm option to set the realm for unqualified user
principals without changing the default realm for all other
operations.
- New no_prompt option to suppress PAM prompting in favor of letting
the Kerberos library handle it. (Closes: #626506)
- New silent option that duplicates the behavior of PAM_SILENT.
- New trace option for preliminary support of Kerberos trace logging.
- Fix the doubled colon in password prompts from Heimdal.
- Preserve the realm of the authentication identity when forming an
alt_auth_map identity.
- Allow the alt_auth_map format to contain a realm to force all mapped
principals to be in that realm.
- Avoid a NULL pointer dereference if krb5_init_context fails.
(LP: #998525)
- Close memory leaks in search_k5login and alt_auth_map.
- Suppress bogus error messages about the realm option.
- Retry authentication under try_first_pass for several other error
conditions.
* Regenerate the Autotools build system with dh-autoreconf.
* Add krb5-config to Build-Depends so that the test programs don't abort
with errors about not having a Kerberos configuration.
* Switch to xz compression for the upstream and Debian tarballs.
* Enable parallel builds.
* Update standards version to 3.9.3 (no changes required). - 25. By Russ Allbery
-
* Enable bindnow hardening flags and fix the syntax of the
DEB_BUILD_MAINT_OPTIONS setting.
* Bump debhelper dependency to 9 now that compatibility mode V9 is no
longer experimental.
* Move single-debian-patch to local-options and patch-header to
local-patch-header so that they only apply to the packages I build and
NMUs get regular version-numbered patches. - 24. By Russ Allbery
-
Fix build rule to not override CPPFLAGS, which deactivates some of the
options passed in by dpkg-buildflags. Instead, use --with-krb5-lib
and --with-krb5-include to locate the Kerberos headers and libraries.
Thanks, Moritz Muehlenhoff. (Closes: #654293) - 23. By Russ Allbery
-
Cherry-pick upstream patch to fix initialization of krb5_deltat
defaults on systems where krb5_deltat is not a long. Should fix FTBFS
on s390x. - 22. By Russ Allbery
-
* New upstream release.
- The temporary root-only ticket cache is now stored relative to
ccache_dir rather than hard-coded to be in /tmp.
- Suppress the notice that the password is being changed because it's
expired if force_first_pass or use_first_pass are set in the
password stack.
- Confirm the password can get kadmin/changepw credentials before
returning the status code indicating it's expired, working around a
bug in old Heimdal versions that return expired even for incorrect
passwords.
- Better error reporting of authorization (such as .k5login) failures.
- Prefer the change password protocol when linked with MIT libraries
for better compatibility with older KDCs.
- Improve logging and authorization when defer_pwchange is set.
- Close some memory leaks.
- Report symbolic names of PAM flags in debug logging.
* Enable compiler hardening flags.
* Remove "v5" from the long description. Kerberos v5 has been the
default version of Kerberos for over ten years. - 21. By Russ Allbery
-
* Change the pam-auth-update configuration to skip remaining password
stack by default modules if the Kerberos password change succeeds.
This is more useful behavior for the common case of Kerberos accounts
not having local passwords. See README.Debian.gz for information
about how to synchronize Kerberos and local passwords. (LP: #826989)
* Update README.Debian.gz documentation with more current options for
pam_unix and document password synchronization configuration.
* Convert to multiarch. Depend on the multiarch version of libpam0g,
install the modules into the multiarch version of /lib/security, and
declare the packages Multi-Arch: same.
* Update to debhelper compatibility level V9 (experimental).
- Build-Depend on debhelper 8.9.4 or later for hardening flags.
- Add Pre-Depends: ${misc:Pre-Depends} .
* Update standards version to 3.9.2 (no changes required).
* Fix formal name of the GPL in debian/copyright. (This will also be
done upstream in the next release.) - 20. By Russ Allbery
-
* Add the architecture to the library path for heimdal-multidev and
krb5-multidev since the *.so symlinks were moved in 1.5.dfsg.1-1 and
1.9.1+dfsg-2 respectively. (Closes: #642688)
* Tighten build dependencies on heimdal-multidev and krb5-multidev
accordingly.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:debian/squeeze/libpam-krb5