krb5-sync 2.3

The primary change in this release is a serious bug fix for MIT Kerberos. When a new principal is created with addprinc -randkey, the password parameter is NULL, which caused a segfault inside the plugin. Silently ignore that case, since this module can only synchronize passwords and can't do anything with a key randomization.

The plugin is now installed in a kadm5_hook subdirectory, matching the layout expected by MIT Kerberos.

krb5-sync-backend, when running in silent mode, now ignores "Operation not permitted" errors from krb5_set_password. Heimdal 1.5.2 returns this error from Active Directory if the account doesn't exist.

There are also multiple fixes to the build system and portability layer, bring it up to date with the latest rra-c-util release.

You can get the latest version from the krb5-sync distribution page.

Posted: 2012-09-18 13:31 — Why no comments?

Last spun 2013-07-01 from thread modified 2013-01-04