rpms/krb5/devel krb5-1.6.1-pam.patch,1.5,1.6 krb5.spec,1.155,1.156

Nalin Somabhai Dahyabhai (nalin) fedora-extras-commits at redhat.com
Mon Feb 25 18:33:41 UTC 2008 

Author: nalin

Update of /cvs/pkgs/rpms/krb5/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26265

Modified Files:
	krb5-1.6.1-pam.patch krb5.spec 
Log Message:
- in login, allow PAM to interact with the user when they've been strongly
  authenticated
- in login, signal PAM when we're changing an expired password that it's an
  expired password, so that when cracklib flags a password as being weak it's
  treated as an error even if we're running as root


krb5-1.6.1-pam.patch:

Index: krb5-1.6.1-pam.patch
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/devel/krb5-1.6.1-pam.patch,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- krb5-1.6.1-pam.patch	11 Sep 2007 14:11:22 -0000	1.5
+++ krb5-1.6.1-pam.patch	25 Feb 2008 18:33:34 -0000	1.6
@@ -240,7 +240,7 @@
  
 +#ifdef USE_PAM
 +    if (login_use_pam) {
-+	if (appl_pam_acct_mgmt(LOGIN_PAM_SERVICE, 0, username, "",
++	if (appl_pam_acct_mgmt(LOGIN_PAM_SERVICE, 1, username, "",
 +			       ttyname(STDIN_FILENO)) != 0) {
 +	    printf("Login incorrect\n");
 +	    sleepexit(1);
@@ -652,9 +652,9 @@
 +	int ret = 0;
 +	if (appl_pam_started) {
 +#ifdef DEBUG
-+		printf("Changing PAM authentication token.\n");
++		printf("Changing PAM expired authentication token.\n");
 +#endif
-+		ret = pam_chauthtok(appl_pamh, 0);
++		ret = pam_chauthtok(appl_pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
 +	}
 +	return ret;
 +}


Index: krb5.spec
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/devel/krb5.spec,v
retrieving revision 1.155
retrieving revision 1.156
diff -u -r1.155 -r1.156
--- krb5.spec	18 Feb 2008 18:44:39 -0000	1.155
+++ krb5.spec	25 Feb 2008 18:33:34 -0000	1.156
@@ -226,6 +226,13 @@
 certificate.
 
 %changelog
+* Mon Feb 25 2008 Nalin Dahyabhai <nalin at redhat.com>
+- in login, allow PAM to interact with the user when they've been strongly
+  authenticated
+- in login, signal PAM when we're changing an expired password that it's an
+  expired password, so that when cracklib flags a password as being weak it's
+  treated as an error even if we're running as root
+
 * Mon Feb 18 2008 Nalin Dahyabhai <nalin at redhat.com> 1.6.3-7
 - drop netdb patch
 - kdb_ldap: add patch to treat 'nsAccountLock: true' as an indication that

More information about the fedora-extras-commits mailing list