| < pam-afs-session 1.5 | Russ Allbery > Eagle's Path > September 2007 |
It's always right after I finally do a release that someone reports a major bug that's been there for several releases.
It turns out that the new credential option allocation function introduced with PKINIT doesn't initialize the returned option struct and you're still expected to call _init. Weird. The result was that, when built against a sufficiently new version of Kerberos, users with expired passwords would no longer be prompted to change them and instead just wouldn't be able to log in.
While I was fixing that, I also cranked up the warnings and included some build system fixes that missed the last release.
You can get the latest version from the pam-krb5 distribution page.
Posted: 2007-09-30 12:30 — Why no comments?
| < pam-afs-session 1.5 | Russ Allbery > Eagle's Path > September 2007 |