I'm pleased to announce release 3.1 of pam-krb5.

pam-krb5 is a Kerberos v5 PAM module for either MIT Kerberos or Heimdal.
It supports ticket refreshing by screen savers, configurable authorization
handling, authentication of non-local accounts for network services,
password changing, and password expiration, as well as all the standard
expected PAM features. It works correctly with OpenSSH, even with
ChallengeResponseAuthentication and PrivilegeSeparation enabled, and
supports configuration either by PAM options or in krb5.conf or both.

Changes from previous release:

Fix an infinite loop with failed Kerberos authentication and a doubled
colon that causes a syntax error with some compilers. Thanks, Markus
Moeller.

Move the check for users we should ignore to pam_sm_authenticate
from pamk5_password_auth so that it's consistently done in the API
function. This also avoids bogus log messages when authenticating as
an ignored user with debug enabled.

You can download it from:



Debian packages will be uploaded to Debian unstable after etch releases.

Please let me know of any problems or feature requests not already listed
in the TODO file.

--
Russ Allbery (rra@stanford.edu)