pam-krb5 3.5 released
Russ Allbery
rra at stanford.edu
Tue Apr 10 19:54:39 EDT 2007
I'm pleased to announce release 3.5 of pam-krb5.
pam-krb5 is a Kerberos v5 PAM module for either MIT Kerberos or Heimdal.
It supports ticket refreshing by screen savers, configurable authorization
handling, authentication of non-local accounts for network services,
password changing, and password expiration, as well as all the standard
expected PAM features. It works correctly with OpenSSH, even with
ChallengeResponseAuthentication and PrivilegeSeparation enabled, and
supports configuration either by PAM options or in krb5.conf or both.
Changes from previous release:
Don't try to chown non-FILE ticket caches, which among other things
breaks using pam-krb5 with Heimdal KCM caches. Thanks, Jeremy
Jackson.
When logging session deletion via pam_setcred or pam_close_session,
don't look for the username in the PAM context after it's been freed.
Thanks, Markus Moeller.
Map more Kerberos status codes to PAM status codes for authentication
errors.
You can download it from:
<http://www.eyrie.org/~eagle/software/pam-krb5/>
Debian packages have been uploaded to Debian unstable.
Please let me know of any problems or feature requests not already listed
in the TODO file.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list