List Info

Thread: Re: pam-krb5 3.4 released
Re: pam-krb5 3.4 released
country flaguser name
United Kingdom		 2007-04-09 13:47:26 
Russ,

does your module compile on Opensolaris (I know it won't on
Solaris 10 
because of missing header files and libkrb5) ?

Thanks
Markus

"Russ Allbery" <rrastanford.edu> wrote in
message 
news:87hcua4hxc.fsfwindlord.stanford.edu...
> I'm pleased to announce release 3.4 of pam-krb5.
>
> pam-krb5 is a Kerberos v5 PAM module for either MIT
Kerberos or Heimdal.
> It supports ticket refreshing by screen savers,
configurable authorization
> handling, authentication of non-local accounts for
network services,
> password changing, and password expiration, as well as
all the standard
> expected PAM features.  It works correctly with
OpenSSH, even with
> ChallengeResponseAuthentication and PrivilegeSeparation
enabled, and
> supports configuration either by PAM options or in
krb5.conf or both.
>
> Changes from previous release:
>
>    More compilation fixes for Heimdal 0.7, which has a
pkinit function
>    but takes a different number of arguments.  Thanks,
Morgan LEFIEUX.
>
>    Never call error_message directly on Heimdal. 
krb5_get_err_text can
>    cope with a NULL context and krb5-config on Heimdal
doesn't include
>    -lcom_err.
>
>    Handle a NULL return from krb5_get_error_message,
since that seems
>    possible in some edge cases.
>
>    Call krb5_get_error_message on Heimdal as well if
it's available,
>    since it's supported by the 0.8 release candidates.
>
> PKINIT support now builds with Heimdal 0.7, although I
don't know if
> there's enough in the Heimdal libraries in that release
for this to be
> useful.  If there is, let me know and I'll also update
the documentation
> to mention that PKINIT will work with 0.7.  (The main
goal of this work
> was to get pam-krb5 to compile properly with 0.7; it
was easier to fix the
> PKINIT support at least at the level of matching
library prototypes than
> to try to disable it.)
>
> You can download it from:
>
>    <ht
tp://www.eyrie.org/~eagle/software/pam-krb5/>
>
> Debian packages will be uploaded to Debian unstable
after etch is
> released.
>
> Please let me know of any problems or feature requests
not already listed
> in the TODO file.
>
> -- 
> Russ Allbery (rrastanford.edu)             <http://www.eyrie.org
/~eagle/>
> ________________________________________________
> Kerberos mailing list           Kerberosmit.edu
> htt
ps://mailman.mit.edu/mailman/listinfo/kerberos
> 



________________________________________________
Kerberos mailing list           Kerberosmit.edu
htt
ps://mailman.mit.edu/mailman/listinfo/kerberos
Re: pam-krb5 3.4 released
country flaguser name
United States		 2007-04-09 14:54:33 
Markus Moeller <huarazmoeller.plus.com>
writes:

> does your module compile on Opensolaris (I know it
won't on Solaris 10
> because of missing header files and libkrb5) ?

I haven't tried it personally, but I know of no reason why
it shouldn't
work if the full Kerberos library interface is now exposed. 
I do know it
works on Solaris 10 when using MIT Kerberos rather than the
native Solaris
Kerberos (which as you mention doesn't expose enough
interfaces).

-- 
Russ Allbery (rrastanford.edu)             <http://www.eyrie.org
/~eagle/>
________________________________________________
Kerberos mailing list           Kerberosmit.edu
htt
ps://mailman.mit.edu/mailman/listinfo/kerberos
[1-2]

about | contact  Other archives ( Real Estate discussion Medical topics )