pam-krb5 4.3 released

Russ Allbery rra at stanford.edu
Wed Jun 9 21:53:30 EDT 2010


I'm pleased to announce release 4.3 of pam-krb5.

pam-krb5 is a Kerberos v5 PAM module for either MIT Kerberos or Heimdal.
It supports ticket refreshing by screen savers, configurable authorization
handling, authentication of non-local accounts for network services,
password changing, and password expiration, as well as all the standard
expected PAM features.  It works correctly with OpenSSH, even with
ChallengeResponseAuthentication and PrivilegeSeparation enabled, and
supports extensive configuration either by PAM options or in krb5.conf or
both.  PKINIT is supported with recent versions of both MIT Kerberos and
Heimdal and FAST is supported with recent MIT Kerberos.

Changes from previous release:

    Add a new option fast_ccache, which if set points to a Kerberos ticket
    cache used for Flexible Authentication Secure Tunneling (FAST) to
    protect the authentication.  FAST is a mechanism to protect Kerberos
    against password guessing attacks and provide other security
    improvements.  This option is only available when built against
    Kerberos libraries with FAST support (currently only MIT Kerberos 1.7
    or later).  Patch from Sam Hartman.

    Fix error in freeing a previous alt_auth_map setting when parsing
    configuration options.  Patch from Sam Hartman.

    Fix the linker flags for Solaris with the native compiler.  Thanks,
    Kevin Sumner.

You can download it from:

    <http://www.eyrie.org/~eagle/software/pam-krb5/>

This package is maintained using Git; see the instructions on the above
page to access the Git repository.

Debian packages have been uploaded to Debian unstable.

Please let me know of any problems or feature requests not already listed
in the TODO file.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the Kerberos mailing list