pam-krb5 3.12

I'd accumulated a few significant bug fixes since the previous release and some additional options, so it was time for a new release.

The main reason to upgrade are two potential crasher bug fixes. The error handling code for a .k5login file with improper ownership was incorrect, leading to a NULL pointer dereference if search_k5login was set. There was also a double-free of the ticket cache structure if creation of the ticket cache in the session module failed for some reason. Those have both also been fixed with more targetted patches in the version that will release with Debian lenny.

The main new feature is new alt_auth_map, force_alt_auth, and only_alt_auth options to map usernames to alternative Kerberos principals for authentication. This is mostly useful in the PAM configuration for specific applications if you want the application to use an instance instead of the primary principal for authentication. This was contributed by Booker Bense.

Finally, there are some logging improvements (including logging to authpriv instead of to auth) and documentation improvements resolving a couple of Debian bugs, plus a portability fix for AIX's bundled Kerberos.

You can get the latest version from the pam-krb5 distribution page.

Posted: 2008-11-13 11:32 — Why no comments?

Last spun 2013-07-01 from thread modified 2013-01-04