Fedora 8 Update: krb5-1.6.2-13.fc8

updates at fedoraproject.org updates at fedoraproject.org
Thu Mar 6 16:35:54 UTC 2008

Fedora Update Notification
2008-03-06 16:10:54

Name        : krb5
Product     : Fedora 8
Version     : 1.6.2
Release     : 13.fc8
URL         : http://web.mit.edu/kerberos/www/
Summary     : The Kerberos network authentication system.
Description :
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords.

Update Information:

This update restores kinit's traditional behavior of prompting for a password
change when it receives a password-is-expired error from the KDC.  It corrects a
couple of problems in how login.krb5 (used by the rlogin and telnet servers)
dealt with expired passwords.  It modifies the kdb_ldap plugin so that it honors
the 'nsAccountLock' attribute used by Fedora (and Red Hat, and Netscape)
Directory Server.

* Tue Feb 26 2008 Nalin Dahyabhai <nalin at redhat.com> 1.6.2-13
- stop adding a redundant but harmless call to initialize the gssapi internals
- kdb_ldap: add patch to treat 'nsAccountLock: true' as an indication that
  the DISALLOW_ALL_TIX flag is set on an entry, for better interop with Fedora,
  Netscape, Red Hat Directory Server (Simo Sorce)
* Mon Feb 25 2008 Nalin Dahyabhai <nalin at redhat.com>
- in login, allow PAM to interact with the user when they've been strongly
- in login, signal PAM when we're changing an expired password that it's an
  expired password, so that when cracklib flags a password as being weak it's
  treated as an error even if we're running as root
* Mon Feb 25 2008 Nalin Dahyabhai <nalin at redhat.com>
- remove a patch, to fix problems with interfaces which are "up" but which
  have no address assigned, which conflicted with a different fix for the same
  problem in 1.5 (#200979)
* Wed Jan 23 2008 Nalin Dahyabhai <nalin at redhat.com> 1.6.2-12
- backport fix from 1.6.3 to get back traditional prompt-for-password-change-
  on-expired-password behavior back in kinit (and other users of
  krb5_get_init_creds_opt_alloc()) (#433818)
* Fri Nov 16 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.2-11
- backport a fix to make handling of returned flags during spnego credential
  delegation more forgiving of apps which don't care about flags but still
  want a delegated credential handle (#314651, RT#5802)
- fix retrieval of krb5 credentials from an spnego delegated handle (#319351,
* Wed Oct 17 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.2-10
- make proper use of pam_loginuid and pam_selinux in rshd and ftpd
* Fri Oct 12 2007 Nalin Dahyabhai <nalin at redhat.com>
- make krb5.conf %verify(not md5 size mtime) in addition to
  %config(noreplace), like /etc/nsswitch.conf (#329811)

  [ 1 ] Bug #200979 - kinit -a segfaults

This update can be installed with the "yum" update program.  Use 
su -c 'yum update krb5' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at

More information about the Fedora-package-announce mailing list