lp:ubuntu/karmic/libpam-krb5
- Get this branch:
- bzr branch lp:ubuntu/karmic/libpam-krb5
Branch information
Recent revisions
- 18. By Russ Allbery
-
* New upstream release.
- Fix a segfault if pam-krb5 is configured with use_first_pass or
use_authtok and there is no stored password. Thanks, Jonathan
Guthrie. (Closes: #537729) - 16. By Steve Langasek
-
* Merge from Debian unstable, remaining changes:
- debian/{pam-auth- update, postinst, prerm}, debian/rules, debian/dirs:
enable pam_krb5 by default using the new pam-auth-update support.
- debian/control: depend on libpam-runtime (>= 1.0.1-6) for the
above.
* Logging is now done with the LOG_AUTHPRIV facility. LP: #227531. - 15. By Marc Deslauriers
-
* Merge from debian unstable, remaining changes:
- debian/libpam- krb5.{pam- auth-update, install, postinst, prerm},
debian/rules, debian/dirs: enable pam_krb5 by default using the new
pam-auth-update support. LP: #275169.
- debian/control: depend on libpam-runtime (>= 1.0.1-4ubuntu1) for the
above. - 14. By Steve Langasek
-
* debian/
libpam- krb5.{pam- auth-update, install, postinst, prerm},
debian/rules, debian/dirs: enable pam_krb5 by default using the new
pam-auth-update support. LP: #275169.
* debian/control: depend on libpam-runtime (>= 1.0.1-4ubuntu1) for the
above. - 13. By Russ Allbery
-
Fix segfault after detection of unsafe .k5login ownership when
search_k5login is set. Thanks, Andrew Deason. (Closes: #499479) - 12. By Russ Allbery
-
* New upstream release.
- If no_ccache is set, don't fail if we can't find module data.
- Better error handling when reading keytabs.
* Document in README.Debian that accounts must still exist in
/etc/shadow when following the standard configuration and suggest an
alternate configuration when that isn't appropriate. Thanks, Raoul
Borenius. (Closes: #452592)
* No longer build-depend on comerr-dev, since the module no longer links
to it directly.
* Update standards version to 3.7.3 (no changes required). - 11. By Russ Allbery
-
* New upstream release.
- If use_authtok is set, fail if we retrieve a NULL password, since
that's how pam_cracklib rejects passwords. (Closes: #447306)
- Add clear_on_fail option to clear the password on failed password
change to force later password modules using use_authtok to fail.
- Fix parsing of the keytab PAM option.
- Return PAM_AUTHINFO_UNAVAIL when unable to resolve the realm.
- Additional debugging information in README.
* Add Homepage control field. - 10. By Russ Allbery
-
* New upstream release.
- Restore prompting for expired passwords. (Closes: #444740)
- Correctly handle a negative minimum UID setting. - 9. By Russ Allbery
-
* New upstream release.
- Fix compilation errors with Heimdal. (Closes: #413553)
- Document that ChallengeResponseAuthenticatio n must be enabled in
sshd to prompt users to change expired passwords. (Closes: #411816)
- Support specifying a keytab other than the system keytab to use to
verify passwords. (Partly addresses #399002)
- New ticket_lifetime, banner, and expose_account config options.
- Honor PAM_SILENT where appropriate.
- Prefix the default cache type with FILE: to be explicit.
- If PAM_USER is set to a fully-qualified principal that the Kerberos
library can map to a local account name, reset PAM_USER to that
local account name after authentication.
- Return better PAM error codes for authentication failures.
- Fix various memory leaks and memory handling problems.
- Better error message handling with later Kerberos releases.
- Various improvements to debug logging.
* Update debhelper compatibility level to V5.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/libpam-krb5