libpam-krb5 on Ubuntu 8.04 with MIT Kerberos and PKINIT

Russ Allbery rra at
Thu May 15 14:43:52 EDT 2008

"Douglas E. Engert" <deengert at> writes:

> I was trying to get the PKINIT working on Ubuntu 8.04
> which comes with:
>     libpam-krb5 3.10-1
>     krb5-pkinit 1.6.dfsg.3~beta1-2ubuntu1
> I had to make a change to the libpam-krb5 auth.c to remove a test for
> a bug that appears to be fixed in krb5-1.6.3 I just changed the #ifdef
> to not include the call to clear out the opts structure.

The bug was fixed in 1.6.3, but I didn't think it was fixed in such a way
as to make that code break anything.  Not running that fixed something?
Does MIT now do what Heimdal does and zero out the allocated memory as
well when one runs opt_init?

Russ Allbery (rra at             <>

More information about the krbdev mailing list