pam-krb5 3.2 released

Russ Allbery rra at stanford.edu
Tue Jan 16 16:28:15 EST 2007


I'm pleased to announce release 3.2 of pam-krb5.

pam-krb5 is a Kerberos v5 PAM module for either MIT Kerberos or Heimdal.
It supports ticket refreshing by screen savers, configurable authorization
handling, authentication of non-local accounts for network services,
password changing, and password expiration, as well as all the standard
expected PAM features.  It works correctly with OpenSSH, even with
ChallengeResponseAuthentication and PrivilegeSeparation enabled, and
supports configuration either by PAM options or in krb5.conf or both.

Changes from previous release:

    This release fixes numerous bugs all identified by Douglas E. Engert
    while testing with Heimdal and PKINIT support.  Thank you!

    Rewrite the code to drop the credlist data structure since we only
    ever have one set of credentials, allocate new krb5_creds objects, and
    do proper memory management, which should plug some memory leaks of
    the contents of krb5_creds objects.

    Probe for the correct Heimdal function to set default initial
    credential options.

    Prefix the default cache path with "FILE:" to make the cache type
    explicit.

    Fix installation of the manual page when building from a different
    directory than the source directory.

    Fix several compilation errors with the PKINIT support with Heimdal
    0.8rc1 or later.  This code should still be considered alpha-quality.

You can download it from:

    <http://www.eyrie.org/~eagle/software/pam-krb5/>

Debian packages will be uploaded to Debian unstable after the etch
release.

Please let me know of any problems or feature requests not already listed
in the TODO file.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the Kerberos mailing list