rpms/krb5/devel krb5-1.6.1-pam.patch,1.5,1.6 krb5.spec,1.155,1.156
Nalin Somabhai Dahyabhai (nalin)
fedora-extras-commits at redhat.com
Mon Feb 25 18:33:41 UTC 2008
Author: nalin
Update of /cvs/pkgs/rpms/krb5/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26265
Modified Files:
krb5-1.6.1-pam.patch krb5.spec
Log Message:
- in login, allow PAM to interact with the user when they've been strongly
authenticated
- in login, signal PAM when we're changing an expired password that it's an
expired password, so that when cracklib flags a password as being weak it's
treated as an error even if we're running as root
krb5-1.6.1-pam.patch:
Index: krb5-1.6.1-pam.patch
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/devel/krb5-1.6.1-pam.patch,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- krb5-1.6.1-pam.patch 11 Sep 2007 14:11:22 -0000 1.5
+++ krb5-1.6.1-pam.patch 25 Feb 2008 18:33:34 -0000 1.6
@@ -240,7 +240,7 @@
+#ifdef USE_PAM
+ if (login_use_pam) {
-+ if (appl_pam_acct_mgmt(LOGIN_PAM_SERVICE, 0, username, "",
++ if (appl_pam_acct_mgmt(LOGIN_PAM_SERVICE, 1, username, "",
+ ttyname(STDIN_FILENO)) != 0) {
+ printf("Login incorrect\n");
+ sleepexit(1);
@@ -652,9 +652,9 @@
+ int ret = 0;
+ if (appl_pam_started) {
+#ifdef DEBUG
-+ printf("Changing PAM authentication token.\n");
++ printf("Changing PAM expired authentication token.\n");
+#endif
-+ ret = pam_chauthtok(appl_pamh, 0);
++ ret = pam_chauthtok(appl_pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
+ }
+ return ret;
+}
Index: krb5.spec
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/devel/krb5.spec,v
retrieving revision 1.155
retrieving revision 1.156
diff -u -r1.155 -r1.156
--- krb5.spec 18 Feb 2008 18:44:39 -0000 1.155
+++ krb5.spec 25 Feb 2008 18:33:34 -0000 1.156
@@ -226,6 +226,13 @@
certificate.
%changelog
+* Mon Feb 25 2008 Nalin Dahyabhai <nalin at redhat.com>
+- in login, allow PAM to interact with the user when they've been strongly
+ authenticated
+- in login, signal PAM when we're changing an expired password that it's an
+ expired password, so that when cracklib flags a password as being weak it's
+ treated as an error even if we're running as root
+
* Mon Feb 18 2008 Nalin Dahyabhai <nalin at redhat.com> 1.6.3-7
- drop netdb patch
- kdb_ldap: add patch to treat 'nsAccountLock: true' as an indication that
More information about the fedora-extras-commits
mailing list