Fedora Core 1 Test Update: pam_krb5-2.0.5-1
Posted on: 11/26/2003 06:52 AM

Fedora Update Notification

Name : pam_krb5
Version : 2.0.5
Release : 1
Summary : A Pluggable Authentication Module for Kerberos 5.
Description :
This is pam_krb5, a pluggable authentication module that can be used with Linux-PAM and Kerberos 5. This module supports password checking, ticket creation, and optional TGT verification and conversion to Kerberos IV tickets. The included pam_krb5afs module also gets AFS tokens if so configured.

Update Information:

The version of pam_krb5 included in Fedora Core 1 did not honor the ticket_lifetime setting in /etc/krb5.conf's [appdefaults] section, in the "pam" subsection. The default renewable lifetime set in this configuration file is 10 hours. The default ticket lifetime used in libkrb5 is 24 hours.

When answering a request for initial credentials which specifies these lifetimes, some KDC implementations will reply with initial credentials with a renewable lifetime increased to match the ticket lifetime. This modification to the response is treated as an error by libkrb5, and authentication fails when it would otherwise succeed.

The updated version of pam_krb5 now honors the ticket_lifetime setting, and the configured default ticket lifetime (10 hours) does not trigger this error condition.

This update can be downloaded from:

md5 sum: ac92e1a6607ac0c7298088d6f561b107
md5 sum: 4c74720189780c9a946d8d5ba1c3a64f
md5 sum: 2f2722b9bf5475589fd09f1891f7af7b

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.

Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/fedora_core_1_test_update_pam_krb5_205_1.html)