pam_krb5-vl.spec 22 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581
  1. Summary: A Pluggable Authentication Module for Kerberos 5.
  2. Summary(ja): Kerberos 5 の PAM モジュール
  3. Name: pam_krb5
  4. Version: 2.3.12
  5. Release: 1%{?_dist_release}
  6. Source0: pam_krb5-%{version}-1.tar.gz
  7. License: BSD or LGPLv2+
  8. Group: System Environment/Base
  9. BuildPrereq: keyutils-libs-devel, krb5-devel, pam-devel
  10. BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
  11. %description
  12. This is pam_krb5, a pluggable authentication module that can be used with
  13. Linux-PAM and Kerberos 5. This module supports password checking, ticket
  14. creation, and optional TGT verification and conversion to Kerberos IV tickets.
  15. The included pam_krb5afs module also gets AFS tokens if so configured.
  16. %prep
  17. %setup -q -n pam_krb5-%{version}-1
  18. %build
  19. CFLAGS="$RPM_OPT_FLAGS -fPIC"; export CFLAGS
  20. %configure --libdir=/%{_lib} \
  21. --with-default-use-shmem=sshd --with-default-external=sshd
  22. make
  23. %install
  24. [ "$RPM_BUILD_ROOT" != "/" ] && rm -fr $RPM_BUILD_ROOT
  25. make install DESTDIR=$RPM_BUILD_ROOT
  26. ln -s pam_krb5.so $RPM_BUILD_ROOT/%{_lib}/security/pam_krb5afs.so
  27. rm -f $RPM_BUILD_ROOT/%{_lib}/security/*.la
  28. # Make the paths jive to avoid conflicts on multilib systems.
  29. sed -ri -e 's|/lib(64)?/|/\$LIB/|g' $RPM_BUILD_ROOT/%{_mandir}/man*/pam_krb5*.8*
  30. %find_lang %{name}
  31. %clean
  32. [ "$RPM_BUILD_ROOT" != "/" ] && rm -fr $RPM_BUILD_ROOT
  33. %files -f %{name}.lang
  34. %defattr(-,root,root)
  35. %{_bindir}/*
  36. /%{_lib}/security/pam_krb5.so
  37. /%{_lib}/security/pam_krb5afs.so
  38. /%{_lib}/security/pam_krb5
  39. %{_mandir}/man1/*
  40. %{_mandir}/man5/*
  41. %{_mandir}/man8/*
  42. %doc README* COPYING* ChangeLog NEWS
  43. %changelog
  44. * Sat Apr 02 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 2.3.12-1
  45. - new upstream release
  46. * Tue Jun 30 2009 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 2.3.5-1
  47. - new upstream release
  48. - fix CVE-2009-1384 (RH bugzilla #502602)
  49. * Wed May 13 2009 Daisuke SUZUKI <daisuke@linux.or.jp> 2.3.4-1
  50. - initial build for Vine Linux
  51. * Wed Mar 4 2009 Nalin Dahyabhai <nalin@redhat.com> - 2.3.4-1
  52. - don't request password-changing credentials with the same options that we
  53. use when requesting ticket granting tickets, which might run afoul of KDC
  54. policies
  55. * Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3.3-2
  56. - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
  57. * Fri Feb 6 2009 Nalin Dahyabhai <nalin@redhat.com> - 2.3.3-1
  58. - clean up a couple of debug messages
  59. * Fri Feb 6 2009 Nalin Dahyabhai <nalin@redhat.com>
  60. - clean up a couple of unclosed pipes to nowhere
  61. * Wed Oct 1 2008 Nalin Dahyabhai <nalin@redhat.com> - 2.3.2-1
  62. - fix ccache permissions bypass when the "existing_ticket" option is used
  63. (CVE-2008-3825)
  64. * Wed Aug 27 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 2.3.0-2
  65. - fix license tag
  66. * Wed Apr 9 2008 Nalin Dahyabhai <nalin@redhat.com> - 2.3.1-1
  67. - don't bother trying to set up a temporary v4 ticket file during session open
  68. unless we obtained v4 creds somewhere
  69. * Mon Mar 10 2008 Nalin Dahyabhai <nalin@redhat.com> - 2.3.0-1
  70. - add a "null_afs" option
  71. - add a "token_strategy" option
  72. * Mon Mar 10 2008 Nalin Dahyabhai <nalin@redhat.com> - 2.2.23-1
  73. - when we're changing passwords, force at least one attempt to authenticate
  74. using the KDC, even in the pathological case where there's no previously-
  75. entered password and we were told not to ask for one (#400611)
  76. * Fri Feb 8 2008 Nalin Dahyabhai <nalin@redhat.com> - 2.2.22-1
  77. - make sure we don't fall out of the calling process's PAG when we check
  78. the .k5login (fallout from #371761)
  79. - make most boolean options controllable on a per-service basis
  80. * Fri Nov 9 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.21-1
  81. - make sure that we have tokens when checking the user's .k5login (#371761)
  82. * Thu Nov 8 2007 Nalin Dahyabhai <nalin@redhat.com>
  83. - set perms on the user's KEYRING: ccache so that the user can write to it
  84. - suppress an error message if a KEYRING: ccache we're about to destroy has
  85. already been revoked
  86. * Fri Oct 26 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.20-1
  87. - move temporary ccaches which aren't used for serializing from FILE: type
  88. into MEMORY: type
  89. - don't barf during credential refresh when $KRB5CCNAME isn't set
  90. * Thu Oct 25 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.19-1
  91. - log to AUTHPRIV facility by default
  92. - add a "ccname_template" option, which can be set to "KEYRING:..." to switch
  93. to using the kernel keyring
  94. - add a "preauth_options" option for setting generic preauth parameters
  95. - allow "keytab" locations to be specified on a per-service basis, so that
  96. unprivileged apps which do password-checking and which have their own
  97. keytabs can use their own keys to validate the KDC's response
  98. * Wed Aug 15 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.18-1
  99. - fix permissions-related problems creating v4 ticket files
  100. * Thu Aug 2 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.17-1
  101. - correct the license: tag -- this module is dual-licensed (LGPL+ or BSD)
  102. - fix a man page missing line
  103. - tactfully suggest in the man page that if your app needs the "tokens"
  104. flag in order to work properly, it's broken
  105. * Fri Jul 27 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.16-1
  106. - update to 2.2.16, also avoiding use of the helper if we're creating a ticket
  107. file for our own use
  108. * Mon Jul 23 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.15-2
  109. - rebuild
  110. * Mon Jul 23 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.15-1
  111. - update to 2.2.15, adjusting the fix for #150056 so that it doesn't run
  112. afoul of SELinux policy by attempting to read a ccache which was created
  113. for use by the user via the helper
  114. - build with --with-default-use-shmem=sshd --with-default-external=sshd, to
  115. get the expected behavior without requiring administrator intervention
  116. * Thu Jul 19 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.14-2
  117. - rebuild
  118. * Fri Jul 13 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.14-1
  119. - update to 2.2.14
  120. * Thu Jul 12 2007 Nalin Dahyabhai <nalin@redhat.com>
  121. - update to 2.2.13
  122. * Mon Jun 25 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.12-2
  123. - rebuild
  124. * Sun Jun 24 2007 Nalin Dahyabhai <nalin@redhat.com> - 2.2.12-1
  125. - update to 2.2.12
  126. * Sun Oct 01 2006 Jesse Keating <jkeating@redhat.com> - 2.2.11-2
  127. - rebuilt for unwind info generation, broken in gcc-4.1.1-21
  128. * Thu Sep 21 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.11-1
  129. - update to 2.2.11
  130. * Wed Sep 13 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.10-1
  131. - build
  132. * Tue Sep 12 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.10-0.1
  133. - revert previous changes to how prompting works, and add a
  134. no_subsequent_prompt option to suppress libkrb5-based prompts during
  135. authentication, providing the PAM_AUTHTOK for all questions which
  136. libkrb5 asks
  137. * Fri Sep 8 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.10-0
  138. - rework prompting so that we stop getting stray prompts every now and then,
  139. and so that use_first_pass will *never* prompt for any information
  140. * Tue Jul 25 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.9-1
  141. - return PAM_IGNORE instead of PAM_SERVICE_ERR when we're called in
  142. an unsafe situation and told to refresh credentials (#197428)
  143. - drop from setuid to "normal" before calling our storetmp helper, so that
  144. it doesn't freak out except when *it* is setuid (#190159)
  145. - fix handling of "external" cases where the forwarded creds don't belong to
  146. the principal name we guessed for the user (#182239,#197660)
  147. * Mon Jul 17 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.8-1.2
  148. - rebuild
  149. * Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 2.2.8-1.1
  150. - rebuild
  151. * Wed Mar 29 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.8-1
  152. - don't try to validate creds in a password-changing situation, because the
  153. attempt will always fail unless the matching key is in the keytab, which
  154. should never be the case for the password-changing service (#187303, rbasch)
  155. - if v4 has been disabled completely, go ahead and try to set 2b tokens
  156. because we're going to end up having to do that anyway (#182378)
  157. * Fri Mar 10 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.7-2
  158. - fixup man page conflicts in %%install
  159. * Wed Mar 8 2006 Bill Nottingham <notting@redhat.com> - 2.2.6-2.2
  160. - don't use paths in man pages - avoids multilib conflicts
  161. * Tue Feb 21 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.7-1
  162. - add v4 credential conversion for "use_shmem" and "external" cases (though
  163. it should be redundant with "use_shmem") (#182239)
  164. * Mon Feb 13 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.6-2
  165. - rebuild
  166. * Mon Feb 6 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.6-1
  167. - add a "krb4_use_as_req" option so that obtaining v4 creds kinit-style can
  168. be disabled completely (Hugo Meiland)
  169. * Thu Jan 26 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.5-1
  170. - don't log debug messages that we're skipping session setup/teardown unless
  171. debugging is enabled (#179037)
  172. - try to build the module with -Bsymbolic if we can figure out how to do that
  173. * Tue Jan 17 2006 Nalin Dahyabhai <nalin@redhat.com>
  174. - include the NEWS file as documentation
  175. * Mon Jan 16 2006 Nalin Dahyabhai <nalin@redhat.com> - 2.2.4-1
  176. - fix reporting of the exact reason why a password change failed
  177. * Mon Dec 19 2005 Nalin Dahyabhai <nalin@redhat.com> - 2.2.3-1
  178. - fix a compile problem caused by a missing #include (Jesse Keating)
  179. * Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com> - 2.2.2-1.3
  180. - rebuilt
  181. * Mon Nov 21 2005 Nalin Dahyabhai <nalin@redhat.com> - 2.2.2-1
  182. - don't leak the keytab descriptor during validation (#173681)
  183. * Tue Nov 15 2005 Nalin Dahyabhai <nalin@redhat.com> - 2.2.1-1
  184. - update to 2.2.1
  185. * Fri Nov 11 2005 Nalin Dahyabhai <nalin@redhat.com> - 2.2.0-2
  186. - rebuild
  187. * Fri Nov 11 2005 Nalin Dahyabhai <nalin@redhat.com> - 2.2.0-1
  188. - update to 2.2.0
  189. * Wed Oct 5 2005 Nalin Dahyabhai <nalin@redhat.com> - 2.1.95-0
  190. - update to 2.1.95
  191. * Mon Aug 30 2004 Nalin Dahyabhai <nalin@redhat.com> - 2.1.2-1
  192. - update to 2.1.2
  193. * Mon Jun 21 2004 Nalin Dahyabhai <nalin@redhat.com> - 2.1.1-1
  194. - update to 2.1.1
  195. * Wed Apr 21 2004 Nalin Dahyabhai <nalin@redhat.com> - 2.1.0-1
  196. - update to 2.1.0
  197. * Tue Mar 23 2004 Nalin Dahyabhai <nalin@redhat.com> - 2.0.11-1
  198. - update to 2.0.11
  199. * Tue Mar 16 2004 Nalin Dahyabhai <nalin@redhat.com> - 2.0.10-1
  200. - update to 2.0.10
  201. * Tue Mar 16 2004 Nalin Dahyabhai <nalin@redhat.com> - 2.0.9-1
  202. - update to 2.0.9
  203. * Tue Mar 16 2004 Nalin Dahyabhai <nalin@redhat.com> - 2.0.8-1
  204. - update to 2.0.8
  205. * Wed Mar 10 2004 Nalin Dahyabhai <nalin@redhat.com> - 2.0.7-1
  206. - update to 2.0.7
  207. * Fri Feb 27 2004 Nalin Dahyabhai <nalin@redhat.com> - 2.0.6-1
  208. - update to 2.0.6
  209. * Tue Feb 24 2004 Harald Hoyer <harald@redhat.com> - 2.0.5-3
  210. - rebuilt
  211. * Tue Nov 25 2003 Nalin Dahyabhai <nalin@redhat.com> 2.0.5-2
  212. - actually changelog the update to 2.0.5
  213. * Tue Nov 25 2003 Nalin Dahyabhai <nalin@redhat.com> 2.0.5-1
  214. - update to 2.0.5
  215. * Fri Oct 10 2003 Nalin Dahyabhai <nalin@redhat.com> 2.0.4-1
  216. - update to 2.0.4
  217. * Fri Sep 19 2003 Nalin Dahyabhai <nalin@redhat.com> 2.0.3-1
  218. - update to 2.0.3
  219. * Fri Sep 5 2003 Nalin Dahyabhai <nalin@redhat.com> 2.0.2-1
  220. - update to 2.0.2
  221. * Thu Aug 14 2003 Nalin Dahyabhai <nalin@redhat.com> 2.0.1-1
  222. - update to 2.0.1
  223. * Fri Aug 8 2003 Nalin Dahyabhai <nalin@redhat.com> 2.0-1
  224. - update to 2.0
  225. * Thu Jan 30 2003 Nalin Dahyabhai <nalin@redhat.com> 1.60-1
  226. - fix uninitialized pointer crash reading cached return values
  227. * Wed Jan 29 2003 Nalin Dahyabhai <nalin@redhat.com> 1.59-1
  228. - fix crash with per-user stashes and return values
  229. * Tue Jan 28 2003 Nalin Dahyabhai <nalin@redhat.com> 1.58-1
  230. - fix configure to not link with both libk5crypto and libcrypto
  231. * Mon Jan 27 2003 Nalin Dahyabhai <nalin@redhat.com> 1.57-1
  232. - force -fPIC
  233. - add --with-moduledir, --with-krb5-libs, --with-krbafs-libs to configure
  234. - add per-user stashes and return values
  235. * Tue May 28 2002 Nalin Dahyabhai <nalin@redhat.com> 1.56-1
  236. - guess a default cell name
  237. - fix what's hopefully the last parser bug
  238. * Thu May 16 2002 Nalin Dahyabhai <nalin@redhat.com> 1.55-2
  239. - rebuild in new environment
  240. * Mon Mar 25 2002 Nalin Dahyabhai <nalin@redhat.com> 1.55-1
  241. - handle account management for expired accounts correctly
  242. * Wed Mar 20 2002 Nalin Dahyabhai <nalin@redhat.com> 1.54-1
  243. - reorder configuration checks so that setting afs_cells will properly
  244. force krb4_convert on
  245. * Wed Mar 20 2002 Nalin Dahyabhai <nalin@redhat.com> 1.53-1
  246. - fix what's hopefully the last parser bug
  247. * Mon Mar 18 2002 Nalin Dahyabhai <nalin@redhat.com> 1.52-1
  248. - apply patch from David Howells to add retain_tokens option
  249. * Thu Mar 7 2002 Nalin Dahyabhai <nalin@redhat.com> 1.51-1
  250. - fix what's hopefully the last parser bug
  251. * Sat Feb 23 2002 Nalin Dahyabhai <nalin@redhat.com> 1.50-3
  252. - rebuild
  253. * Wed Feb 20 2002 Nalin Dahyabhai <nalin@redhat.com> 1.50-2
  254. - rebuild in new environment
  255. * Fri Feb 15 2002 Nalin Dahyabhai <nalin@redhat.com> 1.50-1
  256. - documentation updates (no code changes)
  257. * Tue Feb 12 2002 Nalin Dahyabhai <nalin@redhat.com> 1.49-1
  258. - set PAM_USER using the user's parsed name, converted back to a local name
  259. - add account management service (checks for key expiration and krb5_kuserok())
  260. - handle account expiration errors
  261. * Fri Jan 25 2002 Nalin Dahyabhai <nalin@redhat.com> 1.48-1
  262. - autoconf fixes
  263. * Fri Oct 26 2001 Nalin Dahyabhai <nalin@redhat.com> 1.47-2
  264. - bump release number and rebuild to link with new version of krbafs
  265. * Tue Sep 25 2001 Nalin Dahyabhai <nalin@redhat.com> 1.47-1
  266. - fix parsing of options which have multiple whitespace-separated values,
  267. like afs_cells
  268. * Wed Sep 5 2001 Nalin Dahyabhai <nalin@redhat.com> 1.46-1
  269. - link with libresolv to get res_search, tip from Justin McNutt, who
  270. built it statically
  271. - explicitly link with libdes425
  272. - handle cases where getpwnam_r fails but still sets the result pointer
  273. - if use_authtok is given and there is no authtok, error out
  274. * Mon Aug 27 2001 Nalin Dahyabhai <nalin@redhat.com> 1.45-1
  275. - set the default realm when a default realm is specified
  276. * Thu Aug 23 2001 Nalin Dahyabhai <nalin@redhat.com> 1.44-1
  277. - only use Kerberos error codes when there is no PAM error yet
  278. * Wed Aug 22 2001 Nalin Dahyabhai <nalin@redhat.com> 1.43-1
  279. - add minimum UID support (#52358)
  280. - don't link pam_krb5 with libkrbafs
  281. - make all options in krb5.conf available as PAM config arguments
  282. * Tue Jul 31 2001 Nalin Dahyabhai <nalin@redhat.com>
  283. - merge patch from Chris Chiappa for building with Heimdal
  284. * Mon Jul 24 2001 Nalin Dahyabhai <nalin@redhat.com>
  285. - note that we had to prepend the current directory to a given path in
  286. dlopen.c when we had to (noted by Onime Clement)
  287. * Tue Jul 17 2001 Nalin Dahyabhai <nalin@redhat.com> 1.42-1
  288. - return PAM_NEW_AUTHTOK_REQD when attempts to get initial credentials
  289. fail with KRB5KDC_ERR_KEY_EXP (noted by Onime Clement)
  290. * Thu Jul 12 2001 Nalin Dahyabhai <nalin@redhat.com>
  291. - add info about accessing the CVS repository to the README
  292. - parser cleanups (thanks to Dane Skow for a more complicated sample)
  293. * Wed Jul 11 2001 Nalin Dahyabhai <nalin@redhat.com>
  294. - buildprereq the krbafs-devel package
  295. * Fri Jul 6 2001 Nalin Dahyabhai <nalin@redhat.com>
  296. - don't set forwardable and assorted other flags when getting password-
  297. changing service ticket (noted, and fix supplied, by Onime Clement)
  298. - try __posix_getpwnam_r on Solaris before we try getpwnam_r, which may
  299. or may not be expecting the same number/type of arguments (noted by
  300. Onime Clement)
  301. - use krb5_aname_to_localname to convert the principal to a login name
  302. and set PAM_USER to the result when authenticating
  303. - some autoconf fixes for failure cases
  304. * Wed Jun 26 2001 Nalin Dahyabhai <nalin@redhat.com>
  305. - use krb5_change_password() to change passwords
  306. * Tue Jun 12 2001 Nalin Dahyabhai <nalin@redhat.com>
  307. - use getpwnam_r instead of getpwnam when available
  308. * Fri Jun 8 2001 Nalin Dahyabhai <nalin@redhat.com>
  309. - cleanup some autoconf checks
  310. * Thu Jun 7 2001 Nalin Dahyabhai <nalin@redhat.com>
  311. - don't call initialize_krb5_error_table() or initialize_ovk_error_table()
  312. if they're not found at compile-time (reported for RHL 6.x by Chris Riley)
  313. * Thu May 31 2001 Nalin Dahyabhai <nalin@redhat.com>
  314. - note that [pam] is still checked in addition to [appdefaults]
  315. - note that AFS and Kerberos IV support requires working Kerberos IV
  316. configuration files (i.e., kinit -4 needs to work) (doc changes
  317. suggested by Martin Schulz)
  318. * Tue May 29 2001 Nalin Dahyabhai <nalin@redhat.com>
  319. - add max_timeout, timeout_shift, initial_timeout, and addressless options
  320. (patches from Simon Wilkinson)
  321. - fix the README to document the [appdefaults] section instead of [pam]
  322. - change example host and cell names in the README to use example domains
  323. * Wed May 2 2001 Nalin Dahyabhai <nalin@redhat.com>
  324. - don't delete tokens unless we're also removing ticket files (report and
  325. patch from Sean Dilda)
  326. - report initialization errors better
  327. * Thu Apr 26 2001 Nalin Dahyabhai <nalin@redhat.com>
  328. - treat semicolons as a comment character, like hash marks (bug reported by
  329. Greg Francis at Gonzaga University)
  330. - use the [:blank:] equivalence class to simplify the configuration file parser
  331. - don't mess with the real environment
  332. - implement mostly-complete aging support
  333. * Sat Apr 7 2001 Nalin Dahyabhai <nalin@redhat.com>
  334. - tweak the man page (can't use italics and bold simultaneously)
  335. * Fri Apr 6 2001 Nalin Dahyabhai <nalin@redhat.com>
  336. - restore the default TGS value (#35015)
  337. * Wed Mar 28 2001 Nalin Dahyabhai <nalin@redhat.com>
  338. - fix a debug message
  339. - fix uninitialized pointer error
  340. * Mon Mar 26 2001 Nalin Dahyabhai <nalin@redhat.com>
  341. - don't fail to fixup the krb5 ccache if something goes wrong obtaining
  342. v4 credentials or creating a krb4 ticket file (#33262)
  343. * Thu Mar 22 2001 Nalin Dahyabhai <nalin@redhat.com>
  344. - fixup the man page
  345. - log return code from k_setpag() when debugging
  346. - create credentials and get tokens when setcred is called for REINITIALIZE
  347. * Wed Mar 21 2001 Nalin Dahyabhai <nalin@redhat.com>
  348. - don't twiddle ownerships until after we get AFS tokens
  349. - use the current time instead of the issue time when storing v4 creds, since
  350. we don't know the issuing host's byte order
  351. - depend on a PAM development header again instead of pam-devel
  352. * Tue Mar 20 2001 Nalin Dahyabhai <nalin@redhat.com>
  353. - add a separate config file parser for compatibility with settings that
  354. predate the appdefault API
  355. - use a version script under Linux to avoid polluting the global namespace
  356. - don't have a default for afs_cells
  357. - need to close the file when we succeed in fixing permissions (noted by
  358. jlkatz@eos.ncsu.edu)
  359. * Mon Mar 19 2001 Nalin Dahyabhai <nalin@redhat.com>
  360. - use the appdefault API to read krb5.conf if available
  361. - create v4 tickets in such a way as to allow 1.2.2 to not think there's
  362. something fishy going on
  363. * Tue Feb 13 2001 Nalin Dahyabhai <nalin@redhat.com>
  364. - don't log unknown user names to syslog -- they might be sensitive information
  365. * Fri Feb 9 2001 Nalin Dahyabhai <nalin@redhat.com>
  366. - handle cases where krb5_init_context() fails
  367. * Wed Jan 17 2001 Nalin Dahyabhai <nalin@redhat.com>
  368. - be more careful around memory allocation (fixes from David J. MacKenzie)
  369. * Mon Jan 15 2001 Nalin Dahyabhai <nalin@redhat.com>
  370. - no fair trying to make me authenticate '(null)'
  371. * Tue Dec 5 2000 Nalin Dahyabhai <nalin@redhat.com>
  372. - rebuild in new environment
  373. * Fri Dec 1 2000 Nalin Dahyabhai <nalin@redhat.com>
  374. - rebuild in new environment
  375. * Wed Nov 8 2000 Nalin Dahyabhai <nalin@redhat.com>
  376. - only try to delete ccache files once
  377. - ignore extra data in v4 TGTs, but log that we got some
  378. - require "validate" to be true to try validating, and fail if validation fails
  379. * Thu Oct 19 2000 Nalin Dahyabhai <nalin@redhat.com>
  380. - catch and ignore errors reading keys from the keytab (for xscreensaver, vlock)
  381. * Wed Oct 18 2000 Nalin Dahyabhai <nalin@redhat.com>
  382. - fix prompting when the module's first in the stack and the user does not have
  383. a corresponding principal in the local realm
  384. - properly implement TGT validation
  385. - change a few non-error status messages into debugging messages
  386. - sync the README and the various man pages up
  387. * Mon Oct 2 2000 Nalin Dahyabhai <nalin@redhat.com>
  388. - fix "use_authtok" logic when password was not set by previous module
  389. - require pam-devel to build
  390. * Sun Aug 27 2000 Nalin Dahyabhai <nalin@redhat.com>
  391. - fix errors with multiple addresses (#16847)
  392. * Wed Aug 16 2000 Nalin Dahyabhai <nalin@redhat.com>
  393. - change summary
  394. * Thu Aug 10 2000 Nalin Dahyabhai <nalin@redhat.com>
  395. - fix handling of null passwords
  396. * Wed Jul 5 2000 Nalin Dahyabhai <nalin@redhat.com>
  397. - fixes for Solaris 7 from Trevor Schroeder
  398. * Tue Jun 27 2000 Nalin Dahyabhai <nalin@redhat.com>
  399. - add Seth Vidal's no_user_check flag
  400. - document no_user_check and skip_first_pass options in the man pages
  401. - rebuild against Kerberos 5 1.2 (release 15)
  402. * Mon Jun 5 2000 Nalin Dahyabhai <nalin@redhat.com>
  403. - move man pages to %{_mandir}
  404. * Wed May 17 2000 Nalin Dahyabhai <nalin@redhat.com>
  405. - Make errors chown()ing ccache files non-fatal if (getuid() != 0), suggested
  406. by Steve Langasek.
  407. * Mon May 15 2000 Nalin Dahyabhai <nalin@redhat.com>
  408. - Attempt to get initial Kerberos IV credentials when we get Kerberos 5 creds
  409. * Thu Apr 20 2000 Nalin Dahyabhai <nalin@redhat.com>
  410. - Chris Chiappa's modifications for customizing the ccache directory
  411. * Wed Apr 19 2000 Nalin Dahyabhai <nalin@redhat.com>
  412. - Mark Dawson's fix for krb4_convert not being forced on when afs_cells defined
  413. * Thu Mar 23 2000 Nalin Dahyabhai <nalin@redhat.com>
  414. - fix problem with leftover ticket files after multiple setcred() calls
  415. * Mon Mar 20 2000 Nalin Dahyabhai <nalin@redhat.com>
  416. - add proper copyright statements
  417. - save password for modules later in the stack
  418. * Fri Mar 03 2000 Nalin Dahyabhai <nalin@redhat.com>
  419. - clean up prompter
  420. * Thu Mar 02 2000 Nalin Dahyabhai <nalin@redhat.com>
  421. - add krbafs as a requirement
  422. * Fri Feb 04 2000 Nalin Dahyabhai <nalin@redhat.com>
  423. - pick up non-afs PAM config files again
  424. * Wed Feb 02 2000 Nalin Dahyabhai <nalin@redhat.com>
  425. - autoconf and putenv() fixes for broken apps
  426. - fix for compressed man pages
  427. * Fri Jan 14 2000 Nalin Dahyabhai <nalin@redhat.com>
  428. - tweak passwd, su, and vlock configuration files
  429. * Fri Jan 07 2000 Nalin Dahyabhai <nalin@redhat.com>
  430. - added both modules to spec file
  431. * Wed Dec 22 1999 Nalin Dahyabhai <nalin@redhat.com>
  432. - adapted the original spec file from pam_ldap