lp:ubuntu/trusty/libpam-krb5
- Get this branch:
- bzr branch lp:ubuntu/trusty/libpam-krb5
Branch information
- Owner:
- Ubuntu branches
- Status:
- Mature
Recent revisions
- 26. By Russ Allbery
-
* Apply upstream patch to add AM_PROG_AR to configure.ac, now apparently
required by Automake for the binutils in unstable. (Closes: #713296)
* Apply upstream patch to build with largefile support. This is
probably pointless for this module, but consistency is good.
* Canonicalize the Vcs-Git and Vcs-Browser URLs.
* Update standards version to 3.9.4 (no changes required). - 25. By Russ Allbery
-
* New upstream release.
- New anon_fast option to attempt anonymous authentication and use
those credentials to provide FAST armor. (Closes: #626509)
- New user_realm option to set the realm for unqualified user
principals without changing the default realm for all other
operations.
- New no_prompt option to suppress PAM prompting in favor of letting
the Kerberos library handle it. (Closes: #626506)
- New silent option that duplicates the behavior of PAM_SILENT.
- New trace option for preliminary support of Kerberos trace logging.
- Fix the doubled colon in password prompts from Heimdal.
- Preserve the realm of the authentication identity when forming an
alt_auth_map identity.
- Allow the alt_auth_map format to contain a realm to force all mapped
principals to be in that realm.
- Avoid a NULL pointer dereference if krb5_init_context fails.
(LP: #998525)
- Close memory leaks in search_k5login and alt_auth_map.
- Suppress bogus error messages about the realm option.
- Retry authentication under try_first_pass for several other error
conditions.
* Regenerate the Autotools build system with dh-autoreconf.
* Add krb5-config to Build-Depends so that the test programs don't abort
with errors about not having a Kerberos configuration.
* Switch to xz compression for the upstream and Debian tarballs.
* Enable parallel builds.
* Update standards version to 3.9.3 (no changes required). - 24. By Russ Allbery
-
* Enable bindnow hardening flags and fix the syntax of the
DEB_BUILD_MAINT_OPTIONS setting.
* Bump debhelper dependency to 9 now that compatibility mode V9 is no
longer experimental.
* Move single-debian-patch to local-options and patch-header to
local-patch-header so that they only apply to the packages I build and
NMUs get regular version-numbered patches. - 23. By Russ Allbery
-
Fix build rule to not override CPPFLAGS, which deactivates some of the
options passed in by dpkg-buildflags. Instead, use --with-krb5-lib
and --with-krb5-include to locate the Kerberos headers and libraries.
Thanks, Moritz Muehlenhoff. (Closes: #654293) - 22. By Russ Allbery
-
* Change the pam-auth-update configuration to skip remaining password
stack by default modules if the Kerberos password change succeeds.
This is more useful behavior for the common case of Kerberos accounts
not having local passwords. See README.Debian.gz for information
about how to synchronize Kerberos and local passwords. (LP: #826989)
* Update README.Debian.gz documentation with more current options for
pam_unix and document password synchronization configuration.
* Convert to multiarch. Depend on the multiarch version of libpam0g,
install the modules into the multiarch version of /lib/security, and
declare the packages Multi-Arch: same.
* Update to debhelper compatibility level V9 (experimental).
- Build-Depend on debhelper 8.9.4 or later for hardening flags.
- Add Pre-Depends: ${misc:Pre-Depends} .
* Update standards version to 3.9.2 (no changes required).
* Fix formal name of the GPL in debian/copyright. (This will also be
done upstream in the next release.) - 20. By Russ Allbery
-
* New upstream release.
- Do not prompt for a password when try_pkinit is set, removing a
spurious password prompt introduced in 4.1, but partly reintroducing
a bug causing the password to not be saved in the PAM data if
authentication falls back to password after a PKINIT failure.
- Organize the pam_krb5 man page into sections.
* Fix custom patch header to refer to pam-krb5, not remctl.
* Update standards version to 3.9.1.
- Refer to the GPL version 1 now that it's in common-licenses.
* Update to debhelper compatibility level V8 (no changes required). - 19. By Russ Allbery
-
* New upstream release.
- New fail_pwchange option which treats expired passwords like
authentication failure and suppresses password change. - 18. By Russ Allbery
-
* New upstream release.
- Fix a segfault if pam-krb5 is configured with use_first_pass or
use_authtok and there is no stored password. Thanks, Jonathan
Guthrie. (Closes: #537729)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/utopic/libpam-krb5