pam-krb5 3.15 released

Russ Allbery rra at
Tue Jul 21 12:40:27 EDT 2009

I'm pleased to announce release 3.15 of pam-krb5.  This is a pure bug-fix
release, fixing a crash in pam-krb5 in a particular PAM configuration.

pam-krb5 is a Kerberos v5 PAM module for either MIT Kerberos or Heimdal.
It supports ticket refreshing by screen savers, configurable authorization
handling, authentication of non-local accounts for network services,
password changing, and password expiration, as well as all the standard
expected PAM features.  It works correctly with OpenSSH, even with
ChallengeResponseAuthentication and PrivilegeSeparation enabled, and
supports configuration either by PAM options or in krb5.conf or both.

Changes from previous release:

    Fix a segfault (null pointer dereference) if pam-krb5 is configured
    with use_first_pass or use_authtok and there is no password stored in
    the PAM stack.  Thanks to Jonathan Guthrie for the bug report.

You can download it from:


This package is maintained using Git; see the instructions on the above
page to access the Git repository.

Debian packages have been uploaded to Debian unstable.

Please let me know of any problems or feature requests not already listed
in the TODO file.

Russ Allbery (rra at             <>

More information about the Kerberos mailing list