pam-krb5 3.1 released

Russ Allbery rra at stanford.edu
Wed Jan 3 22:51:10 EST 2007


I'm pleased to announce release 3.1 of pam-krb5.

pam-krb5 is a Kerberos v5 PAM module for either MIT Kerberos or Heimdal.
It supports ticket refreshing by screen savers, configurable authorization
handling, authentication of non-local accounts for network services,
password changing, and password expiration, as well as all the standard
expected PAM features.  It works correctly with OpenSSH, even with
ChallengeResponseAuthentication and PrivilegeSeparation enabled, and
supports configuration either by PAM options or in krb5.conf or both.

Changes from previous release:

    Fix an infinite loop with failed Kerberos authentication and a doubled
    colon that causes a syntax error with some compilers.  Thanks, Markus
    Moeller.

    Move the check for users we should ignore to pam_sm_authenticate
    from pamk5_password_auth so that it's consistently done in the API
    function.  This also avoids bogus log messages when authenticating as
    an ignored user with debug enabled.

You can download it from:

    <http://www.eyrie.org/~eagle/software/pam-krb5/>

Debian packages will be uploaded to Debian unstable after etch releases.

Please let me know of any problems or feature requests not already listed
in the TODO file.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the Kerberos mailing list