pam-krb5 3.4 released
Russ Allbery
rra at stanford.edu
Sun Jan 28 22:42:55 EST 2007
I'm pleased to announce release 3.4 of pam-krb5.
pam-krb5 is a Kerberos v5 PAM module for either MIT Kerberos or Heimdal.
It supports ticket refreshing by screen savers, configurable authorization
handling, authentication of non-local accounts for network services,
password changing, and password expiration, as well as all the standard
expected PAM features. It works correctly with OpenSSH, even with
ChallengeResponseAuthentication and PrivilegeSeparation enabled, and
supports configuration either by PAM options or in krb5.conf or both.
Changes from previous release:
More compilation fixes for Heimdal 0.7, which has a pkinit function
but takes a different number of arguments. Thanks, Morgan LEFIEUX.
Never call error_message directly on Heimdal. krb5_get_err_text can
cope with a NULL context and krb5-config on Heimdal doesn't include
-lcom_err.
Handle a NULL return from krb5_get_error_message, since that seems
possible in some edge cases.
Call krb5_get_error_message on Heimdal as well if it's available,
since it's supported by the 0.8 release candidates.
PKINIT support now builds with Heimdal 0.7, although I don't know if
there's enough in the Heimdal libraries in that release for this to be
useful. If there is, let me know and I'll also update the documentation
to mention that PKINIT will work with 0.7. (The main goal of this work
was to get pam-krb5 to compile properly with 0.7; it was easier to fix the
PKINIT support at least at the level of matching library prototypes than
to try to disable it.)
You can download it from:
<http://www.eyrie.org/~eagle/software/pam-krb5/>
Debian packages will be uploaded to Debian unstable after etch is
released.
Please let me know of any problems or feature requests not already listed
in the TODO file.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list