pam-krb5 3.4 released - Kerberos

This is a discussion on pam-krb5 3.4 released - Kerberos ; I'm pleased to announce release 3.4 of pam-krb5. pam-krb5 is a Kerberos v5 PAM module for either MIT Kerberos or Heimdal. It supports ticket refreshing by screen savers, configurable authorization handling, authentication of non-local accounts for network services, password changing, ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: pam-krb5 3.4 released

  1. pam-krb5 3.4 released

    I'm pleased to announce release 3.4 of pam-krb5.

    pam-krb5 is a Kerberos v5 PAM module for either MIT Kerberos or Heimdal.
    It supports ticket refreshing by screen savers, configurable authorization
    handling, authentication of non-local accounts for network services,
    password changing, and password expiration, as well as all the standard
    expected PAM features. It works correctly with OpenSSH, even with
    ChallengeResponseAuthentication and PrivilegeSeparation enabled, and
    supports configuration either by PAM options or in krb5.conf or both.

    Changes from previous release:

    More compilation fixes for Heimdal 0.7, which has a pkinit function
    but takes a different number of arguments. Thanks, Morgan LEFIEUX.

    Never call error_message directly on Heimdal. krb5_get_err_text can
    cope with a NULL context and krb5-config on Heimdal doesn't include
    -lcom_err.

    Handle a NULL return from krb5_get_error_message, since that seems
    possible in some edge cases.

    Call krb5_get_error_message on Heimdal as well if it's available,
    since it's supported by the 0.8 release candidates.

    PKINIT support now builds with Heimdal 0.7, although I don't know if
    there's enough in the Heimdal libraries in that release for this to be
    useful. If there is, let me know and I'll also update the documentation
    to mention that PKINIT will work with 0.7. (The main goal of this work
    was to get pam-krb5 to compile properly with 0.7; it was easier to fix the
    PKINIT support at least at the level of matching library prototypes than
    to try to disable it.)

    You can download it from:



    Debian packages will be uploaded to Debian unstable after etch is
    released.

    Please let me know of any problems or feature requests not already listed
    in the TODO file.

    --
    Russ Allbery (rra@stanford.edu)
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  2. Re: pam-krb5 3.4 released

    Russ,

    does your module compile on Opensolaris (I know it won't on Solaris 10
    because of missing header files and libkrb5) ?

    Thanks
    Markus

    "Russ Allbery" wrote in message
    news:87hcua4hxc.fsf@windlord.stanford.edu...
    > I'm pleased to announce release 3.4 of pam-krb5.
    >
    > pam-krb5 is a Kerberos v5 PAM module for either MIT Kerberos or Heimdal.
    > It supports ticket refreshing by screen savers, configurable authorization
    > handling, authentication of non-local accounts for network services,
    > password changing, and password expiration, as well as all the standard
    > expected PAM features. It works correctly with OpenSSH, even with
    > ChallengeResponseAuthentication and PrivilegeSeparation enabled, and
    > supports configuration either by PAM options or in krb5.conf or both.
    >
    > Changes from previous release:
    >
    > More compilation fixes for Heimdal 0.7, which has a pkinit function
    > but takes a different number of arguments. Thanks, Morgan LEFIEUX.
    >
    > Never call error_message directly on Heimdal. krb5_get_err_text can
    > cope with a NULL context and krb5-config on Heimdal doesn't include
    > -lcom_err.
    >
    > Handle a NULL return from krb5_get_error_message, since that seems
    > possible in some edge cases.
    >
    > Call krb5_get_error_message on Heimdal as well if it's available,
    > since it's supported by the 0.8 release candidates.
    >
    > PKINIT support now builds with Heimdal 0.7, although I don't know if
    > there's enough in the Heimdal libraries in that release for this to be
    > useful. If there is, let me know and I'll also update the documentation
    > to mention that PKINIT will work with 0.7. (The main goal of this work
    > was to get pam-krb5 to compile properly with 0.7; it was easier to fix the
    > PKINIT support at least at the level of matching library prototypes than
    > to try to disable it.)
    >
    > You can download it from:
    >
    >
    >
    > Debian packages will be uploaded to Debian unstable after etch is
    > released.
    >
    > Please let me know of any problems or feature requests not already listed
    > in the TODO file.
    >
    > --
    > Russ Allbery (rra@stanford.edu)
    > ________________________________________________
    > Kerberos mailing list Kerberos@mit.edu
    > https://mailman.mit.edu/mailman/listinfo/kerberos
    >




    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  3. Re: pam-krb5 3.4 released

    Markus Moeller writes:

    > does your module compile on Opensolaris (I know it won't on Solaris 10
    > because of missing header files and libkrb5) ?


    I haven't tried it personally, but I know of no reason why it shouldn't
    work if the full Kerberos library interface is now exposed. I do know it
    works on Solaris 10 when using MIT Kerberos rather than the native Solaris
    Kerberos (which as you mention doesn't expose enough interfaces).

    --
    Russ Allbery (rra@stanford.edu)
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


+ Reply to Thread