lp:debian/squeeze/libpam-krb5
- Get this branch:
- bzr branch lp:debian/squeeze/libpam-krb5
Branch information
- Owner:
- Ubuntu branches
- Status:
- Development
Recent revisions
- 18. By Russ Allbery
-
* New upstream release.
- New fast_ccache option, which if set attempts to use credentials in
that ticket cache to protect the Kerberos authentication with FAST.
Requires FAST support in the Kerberos libraries and hence only is
available in libpam-krb5, not libpam-heimdal, for right now.
- Fix error in freeing a previous alt_auth_map setting.
* Switch to 3.0 (quilt) source format. Force a single Debian patch and
include a custom patch header explaining that it is a rollup of any
fixes cherry-picked from upstream and breaking those patches out
separately would be work for no gain. - 17. By Russ Allbery
-
* Build libpam-krb5 and libpam-heimdal from the same source package.
* Acknowledge libpam-heimdal NMU.
- Rebuild against current Heimdal libraries. (Closes: #559779)
- Add support for pam-auth-update. (Closes: #551455)
* Lower libpam-heimdal priority to extra, since it conflicts with
libpam-krb5 and the MIT Kerberos version will be sufficient for most
users.
* Fix spelling error in manual page.
* Update standards version to 3.8.4 (no changes required). - 16. By Russ Allbery
-
* New upstream release.
- New fail_pwchange option which treats expired passwords like
authentication failure and suppresses password change. - 15. By Russ Allbery
-
* New upstream release.
- Fix a segfault if pam-krb5 is configured with use_first_pass or
use_authtok and there is no stored password. Thanks, Jonathan
Guthrie. (Closes: #537729) - 14. By Russ Allbery
-
Return PAM_IGNORE for ignored users in pam_chauthtok instead of
PAM_PERM_DENIED. This change is necessary for the pam-auth-update
configuration to work properly. Thanks, Steve Langasek. - 13. By Russ Allbery
-
Fix segfault after detection of unsafe .k5login ownership when
search_k5login is set. Thanks, Andrew Deason. (Closes: #499479) - 12. By Russ Allbery
-
* New upstream release.
- If no_ccache is set, don't fail if we can't find module data.
- Better error handling when reading keytabs.
* Document in README.Debian that accounts must still exist in
/etc/shadow when following the standard configuration and suggest an
alternate configuration when that isn't appropriate. Thanks, Raoul
Borenius. (Closes: #452592)
* No longer build-depend on comerr-dev, since the module no longer links
to it directly.
* Update standards version to 3.7.3 (no changes required). - 11. By Russ Allbery
-
* New upstream release.
- If use_authtok is set, fail if we retrieve a NULL password, since
that's how pam_cracklib rejects passwords. (Closes: #447306)
- Add clear_on_fail option to clear the password on failed password
change to force later password modules using use_authtok to fail.
- Fix parsing of the keytab PAM option.
- Return PAM_AUTHINFO_UNAVAIL when unable to resolve the realm.
- Additional debugging information in README.
* Add Homepage control field. - 10. By Russ Allbery
-
* New upstream release.
- Restore prompting for expired passwords. (Closes: #444740)
- Correctly handle a negative minimum UID setting. - 9. By Russ Allbery
-
* New upstream release.
- Fix compilation errors with Heimdal. (Closes: #413553)
- Document that ChallengeResponseAuthenticatio n must be enabled in
sshd to prompt users to change expired passwords. (Closes: #411816)
- Support specifying a keytab other than the system keytab to use to
verify passwords. (Partly addresses #399002)
- New ticket_lifetime, banner, and expose_account config options.
- Honor PAM_SILENT where appropriate.
- Prefix the default cache type with FILE: to be explicit.
- If PAM_USER is set to a fully-qualified principal that the Kerberos
library can map to a local account name, reset PAM_USER to that
local account name after authentication.
- Return better PAM error codes for authentication failures.
- Fix various memory leaks and memory handling problems.
- Better error message handling with later Kerberos releases.
- Various improvements to debug logging.
* Update debhelper compatibility level to V5.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)