MDKA-2005:032 - Updated pam_ldap packages fix
Posted on: 06/24/2005 07:27 PM
A pam_ldap security update has been released for Mandriva Linux 10.2
Mandriva Linux Update Advisory
Package name: pam_ldap
Advisory ID: MDKA-2005:032
Date: June 24th, 2005
Affected versions: 10.2
This package fixes a bug that prevents password changes via pam_ldap from succeeding when configured to use the password type "exop" (via a "pam_password exop" entry in /etc/ldap.conf or the configuration file provided as an option in the pam configuration file) against a server which doens't allow exop password changes which include the old password (such as OpenLDAP 2.1.x).
The update applies the changes made between pam_ldap versions 174 and 175, and changes the behaviour for the "exop" password method to not send the old password. The behaviour that was exhibited by the original package may be obtained by changing the password method to "exop_send_old".
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact