pam-krb5 3.5 released

Markus Moeller huaraz at moeller.plus.com
Tue Jun 12 14:31:51 EDT 2007 

Russ,

FYI

I tried to use your module on OpenSolaris and Solaris10 (with the standard 
hack of using OpenSolaris header files). It works fine on OpenSolaris but it 
fails on Solaris 10 as krb5_change_password does not seem to be an exported 
symbol of mech_krb5.so and I guess there is no easy fix.

ldd -r pam_krb5.so
warning: ldd: pam_krb5.so: is not executable
        libpam.so.1 =>   /lib/libpam.so.1
        libkadm5clnt.so.1 =>     /usr/lib/krb5/libkadm5clnt.so.1
        mech_krb5.so.1 =>        /usr/lib/gss/mech_krb5.so.1
        libsocket.so.1 =>        /lib/libsocket.so.1
        libnsl.so.1 =>   /lib/libnsl.so.1
        libcmd.so.1 =>   /lib/libcmd.so.1
        libc.so.1 =>     /lib/libc.so.1
        libgss.so.1 =>   /usr/lib/libgss.so.1
        libresolv.so.2 =>        /lib/libresolv.so.2
        libpkcs11.so.1 =>        /usr/lib/libpkcs11.so.1
        libmp.so.2 =>    /lib/libmp.so.2
        libmd5.so.1 =>   /lib/libmd5.so.1
        libscf.so.1 =>   /lib/libscf.so.1
        libcryptoutil.so.1 =>    /usr/lib/libcryptoutil.so.1
        libdoor.so.1 =>  /lib/libdoor.so.1
        libuutil.so.1 =>         /lib/libuutil.so.1
        /platform/SUNW,Sun-Fire-T200/lib/libc_psr.so.1
        symbol not found: krb5_change_password          (./pam_krb5.so)
        libm.so.2 =>     /lib/libm.so.2

Regards
Markus

BTW Why does Sun put so much energy into having Kerberos integrated into the 
kernel but make only 20% of it available via gssapi ? Everyone who uses a 
bit more Kerberos will install ontop of the Sun version a standard MIT 
version.

"Russ Allbery" <rra at stanford.edu> wrote in message 
news:87bqhvhjk0.fsf at windlord.stanford.edu...
> I'm pleased to announce release 3.5 of pam-krb5.
>
> pam-krb5 is a Kerberos v5 PAM module for either MIT Kerberos or Heimdal.
> It supports ticket refreshing by screen savers, configurable authorization
> handling, authentication of non-local accounts for network services,
> password changing, and password expiration, as well as all the standard
> expected PAM features.  It works correctly with OpenSSH, even with
> ChallengeResponseAuthentication and PrivilegeSeparation enabled, and
> supports configuration either by PAM options or in krb5.conf or both.
>
> Changes from previous release:
>
>    Don't try to chown non-FILE ticket caches, which among other things
>    breaks using pam-krb5 with Heimdal KCM caches.  Thanks, Jeremy
>    Jackson.
>
>    When logging session deletion via pam_setcred or pam_close_session,
>    don't look for the username in the PAM context after it's been freed.
>    Thanks, Markus Moeller.
>
>    Map more Kerberos status codes to PAM status codes for authentication
>    errors.
>
> You can download it from:
>
>    <http://www.eyrie.org/~eagle/software/pam-krb5/>
>
> Debian packages have been uploaded to Debian unstable.
>
> Please let me know of any problems or feature requests not already listed
> in the TODO file.
>
> -- 
> Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>

More information about the Kerberos mailing list