Ubuntu
libpam-krb5 package

lp:ubuntu/trusty/libpam-krb5

  1. Trusty (14.04)
  2. trusty
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/trusty/libpam-krb5
Members of Ubuntu branches can upload to this branch. Log in for directions.

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Status:
Mature

Recent revisions

26. By Russ Allbery

* Apply upstream patch to add AM_PROG_AR to configure.ac, now apparently
  required by Automake for the binutils in unstable. (Closes: #713296)
* Apply upstream patch to build with largefile support. This is
  probably pointless for this module, but consistency is good.
* Canonicalize the Vcs-Git and Vcs-Browser URLs.
* Update standards version to 3.9.4 (no changes required).

25. By Russ Allbery

* New upstream release.
  - New anon_fast option to attempt anonymous authentication and use
    those credentials to provide FAST armor. (Closes: #626509)
  - New user_realm option to set the realm for unqualified user
    principals without changing the default realm for all other
    operations.
  - New no_prompt option to suppress PAM prompting in favor of letting
    the Kerberos library handle it. (Closes: #626506)
  - New silent option that duplicates the behavior of PAM_SILENT.
  - New trace option for preliminary support of Kerberos trace logging.
  - Fix the doubled colon in password prompts from Heimdal.
  - Preserve the realm of the authentication identity when forming an
    alt_auth_map identity.
  - Allow the alt_auth_map format to contain a realm to force all mapped
    principals to be in that realm.
  - Avoid a NULL pointer dereference if krb5_init_context fails.
    (LP: #998525)
  - Close memory leaks in search_k5login and alt_auth_map.
  - Suppress bogus error messages about the realm option.
  - Retry authentication under try_first_pass for several other error
    conditions.
* Regenerate the Autotools build system with dh-autoreconf.
* Add krb5-config to Build-Depends so that the test programs don't abort
  with errors about not having a Kerberos configuration.
* Switch to xz compression for the upstream and Debian tarballs.
* Enable parallel builds.
* Update standards version to 3.9.3 (no changes required).

24. By Russ Allbery

* Enable bindnow hardening flags and fix the syntax of the
  DEB_BUILD_MAINT_OPTIONS setting.
* Bump debhelper dependency to 9 now that compatibility mode V9 is no
  longer experimental.
* Move single-debian-patch to local-options and patch-header to
  local-patch-header so that they only apply to the packages I build and
  NMUs get regular version-numbered patches.

23. By Russ Allbery

Fix build rule to not override CPPFLAGS, which deactivates some of the
options passed in by dpkg-buildflags. Instead, use --with-krb5-lib
and --with-krb5-include to locate the Kerberos headers and libraries.
Thanks, Moritz Muehlenhoff. (Closes: #654293)

22. By Russ Allbery

* Change the pam-auth-update configuration to skip remaining password
  stack by default modules if the Kerberos password change succeeds.
  This is more useful behavior for the common case of Kerberos accounts
  not having local passwords. See README.Debian.gz for information
  about how to synchronize Kerberos and local passwords. (LP: #826989)
* Update README.Debian.gz documentation with more current options for
  pam_unix and document password synchronization configuration.
* Convert to multiarch. Depend on the multiarch version of libpam0g,
  install the modules into the multiarch version of /lib/security, and
  declare the packages Multi-Arch: same.
* Update to debhelper compatibility level V9 (experimental).
  - Build-Depend on debhelper 8.9.4 or later for hardening flags.
  - Add Pre-Depends: ${misc:Pre-Depends}.
* Update standards version to 3.9.2 (no changes required).
* Fix formal name of the GPL in debian/copyright. (This will also be
  done upstream in the next release.)

21. By Matthias Klose

Search for heimdal and kerberos libraries in multiarch locations.

20. By Russ Allbery

* New upstream release.
  - Do not prompt for a password when try_pkinit is set, removing a
    spurious password prompt introduced in 4.1, but partly reintroducing
    a bug causing the password to not be saved in the PAM data if
    authentication falls back to password after a PKINIT failure.
  - Organize the pam_krb5 man page into sections.
* Fix custom patch header to refer to pam-krb5, not remctl.
* Update standards version to 3.9.1.
  - Refer to the GPL version 1 now that it's in common-licenses.
* Update to debhelper compatibility level V8 (no changes required).

19. By Russ Allbery

* New upstream release.
  - New fail_pwchange option which treats expired passwords like
    authentication failure and suppresses password change.

18. By Russ Allbery

* New upstream release.
  - Fix a segfault if pam-krb5 is configured with use_first_pass or
    use_authtok and there is no stored password. Thanks, Jonathan
    Guthrie. (Closes: #537729)

17. By Steve Langasek

No-change rebuild against libkrb5-3.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/utopic/libpam-krb5
This branch contains Public information 
Everyone can see this information.

Subscribers