rpms/krb5/devel ekshell.pamd, 1.1, 1.2 gssftp.pamd, 1.2, 1.3 krb5.spec, 1.140, 1.141 kshell.pamd, 1.1, 1.2
Nalin Somabhai Dahyabhai (nalin)
fedora-extras-commits at redhat.com
Wed Oct 17 17:49:25 UTC 2007
- Previous message (by thread): rpms/keyjnote/devel keyjnote.spec,1.5,1.6
- Next message (by thread): rpms/memtest86+/devel additional-lib-functions.diff, NONE, 1.1 console-boot-parameter.diff, NONE, 1.1 use-strtoul-in-getval.diff, NONE, 1.1 memtest86+.spec, 1.27, 1.28
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: nalin
Update of /cvs/pkgs/rpms/krb5/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10216
Modified Files:
ekshell.pamd gssftp.pamd krb5.spec kshell.pamd
Log Message:
- make proper use of pam_loginuid and pam_selinux in rshd and ftpd
Index: ekshell.pamd
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/devel/ekshell.pamd,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- ekshell.pamd 22 Jun 2007 21:56:56 -0000 1.1
+++ ekshell.pamd 17 Oct 2007 17:48:52 -0000 1.2
@@ -6,5 +6,10 @@
auth required pam_env.so
auth required pam_rhosts_auth.so
account include system-auth
-session optional pam_keyinit.so force revoke
+# pam_selinux.so close should be the first session rule
+session required pam_selinux.so close
+session optional pam_keyinit.so force revoke
session include system-auth
+# pam_selinux.so open should only be called for sessions to be executed in the user context
+session required pam_loginuid.so
+session required pam_selinux.so open
Index: gssftp.pamd
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/devel/gssftp.pamd,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- gssftp.pamd 22 Jun 2007 22:00:29 -0000 1.2
+++ gssftp.pamd 17 Oct 2007 17:48:52 -0000 1.3
@@ -4,6 +4,10 @@
auth include system-auth
account required pam_nologin.so
account include system-auth
+# pam_selinux.so close should be the first session rule
+session required pam_selinux.so close
session optional pam_keyinit.so force revoke
session include system-auth
+# pam_selinux.so open should only be called for sessions to be executed in the user context
session required pam_loginuid.so
+session required pam_selinux.so open
Index: krb5.spec
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/devel/krb5.spec,v
retrieving revision 1.140
retrieving revision 1.141
diff -u -r1.140 -r1.141
--- krb5.spec 12 Oct 2007 18:32:28 -0000 1.140
+++ krb5.spec 17 Oct 2007 17:48:52 -0000 1.141
@@ -14,7 +14,7 @@
Summary: The Kerberos network authentication system.
Name: krb5
Version: 1.6.2
-Release: 9%{?dist}
+Release: 10%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.6/krb5-1.6.2-signed.tar
Source0: krb5-%{version}.tar.gz
@@ -210,6 +210,9 @@
%endif
%changelog
+* Wed Oct 17 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.2-10
+- make proper use of pam_loginuid and pam_selinux in rshd and ftpd
+
* Fri Oct 12 2007 Nalin Dahyabhai <nalin at redhat.com>
- make krb5.conf %%verify(not md5 size mtime) in addition to
%%config(noreplace), like /etc/nsswitch.conf (#329811)
Index: kshell.pamd
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/devel/kshell.pamd,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- kshell.pamd 22 Jun 2007 21:56:36 -0000 1.1
+++ kshell.pamd 17 Oct 2007 17:48:52 -0000 1.2
@@ -6,5 +6,10 @@
auth required pam_env.so
auth required pam_rhosts_auth.so
account include system-auth
-session optional pam_keyinit.so force revoke
+# pam_selinux.so close should be the first session rule
+session required pam_selinux.so close
+session optional pam_keyinit.so force revoke
session include system-auth
+# pam_selinux.so open should only be called for sessions to be executed in the user context
+session required pam_loginuid.so
+session required pam_selinux.so open
- Previous message (by thread): rpms/keyjnote/devel keyjnote.spec,1.5,1.6
- Next message (by thread): rpms/memtest86+/devel additional-lib-functions.diff, NONE, 1.1 console-boot-parameter.diff, NONE, 1.1 use-strtoul-in-getval.diff, NONE, 1.1 memtest86+.spec, 1.27, 1.28
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list