Skip Menu |
 

From: Sam Hartman <hartmans@MIT.EDU>
To: krb5-bugs@MIT.EDU
Subject: krb5_get_init_creds_opt_alloc needs to initialize the opt structure
Date: Mon, 01 Oct 2007 15:30:22 -0400
I think this is important enough to go into 1.6.3
Download (untitled)
message/rfc822 5.8KiB
Return-Path: <kerberos-bounces@MIT.EDU>
Received: from localhost ([unix socket])
by mail.suchdamage.org (Cyrus v2.2.13-Debian-2.2.13-10) with LMTPA;
Sun, 30 Sep 2007 15:12:35 -0400
X-Sieve: CMU Sieve 2.2
Received: from south-station-annex.mit.edu (SOUTH-STATION-ANNEX.MIT.EDU
[18.72.1.2])
by mail.suchdamage.org (Postfix) with ESMTP id 0C8E5232FF
for <hartmans@suchdamage.org>; Sun, 30 Sep 2007 15:12:33 -0400 (EDT)
Received: from central-city-carrier-station.mit.edu
(CENTRAL-CITY-CARRIER-STATION.MIT.EDU [18.7.7.72])
by south-station-annex.mit.edu (8.13.6/8.9.2) with ESMTP id
l8UJCVRg021804; Sun, 30 Sep 2007 15:12:31 -0400 (EDT)
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90])
by central-city-carrier-station.mit.edu (8.13.6/8.9.2) with ESMTP id
l8UJCJv0028230; Sun, 30 Sep 2007 15:12:19 -0400 (EDT)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l8UJCDPH029583;
Sun, 30 Sep 2007 15:12:13 -0400
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU
[18.7.21.83])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l8UJCCnn029580
for <kerberos@PCH.mit.edu>; Sun, 30 Sep 2007 15:12:12 -0400
Received: from mit.edu (W92-130-BARRACUDA-3.MIT.EDU [18.7.21.224])
by pacific-carrier-annex.mit.edu (8.13.6/8.9.2) with ESMTP id
l8UJC5Kq005219
for <kerberos@mit.edu>; Sun, 30 Sep 2007 15:12:06 -0400 (EDT)
Received: from smtp1.stanford.edu (smtp1.Stanford.EDU [171.67.22.28])
by mit.edu (Spam Firewall) with ESMTP id DA3A0A39943
for <kerberos@mit.edu>; Sun, 30 Sep 2007 15:12:04 -0400 (EDT)
Received: from smtp1.stanford.edu (localhost.localdomain [127.0.0.1])
by localhost (Postfix) with SMTP id 624614D198
for <kerberos@mit.edu>; Sun, 30 Sep 2007 12:12:04 -0700 (PDT)
Received: from windlord.stanford.edu (windlord.Stanford.EDU [171.64.19.147])
by smtp1.stanford.edu (Postfix) with ESMTP id 491BF4CF0A
for <kerberos@mit.edu>; Sun, 30 Sep 2007 12:12:04 -0700 (PDT)
Received: by windlord.stanford.edu (Postfix, from userid 1000)
id 3D98AE78C2; Sun, 30 Sep 2007 12:12:04 -0700 (PDT)
From: Russ Allbery <rra@stanford.edu>
To: kerberos@MIT.EDU
Subject: pam-krb5 3.8 released
Organization: The Eyrie
Date: Sun, 30 Sep 2007 12:12:04 -0700
Message-ID: <87myv40xyz.fsf@windlord.stanford.edu>
User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux)
X-Spam-Score: -2.599
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=subscribe>
Sender: kerberos-bounces@MIT.EDU
Errors-To: kerberos-bounces@MIT.EDU
X-DSPAM-Result: Whitelisted
X-DSPAM-Processed: Sun Sep 30 15:12:35 2007
X-DSPAM-Confidence: 0.9993
X-DSPAM-Probability: 0.0000
X-DSPAM-Signature: 46fff52365861402392547
X-DSPAM-Factors: 27, From*Russ Allbery <rra@stanford.edu>, 0.00015,
to+Debian, 0.00025, Allbery, 0.00028, Russ+Allbery, 0.00029,
Url*eyrie, 0.00044, Url*eyrie, 0.00044, Allbery+(rra, 0.00045,
Url*org/~eagle/, 0.00045, (rra, 0.00045, From*<rra, 0.00055,
From*Allbery+<rra, 0.00055, From*Allbery, 0.00055,
Received*windlord.stanford.edu+(Postfix, 0.00061,
Received*windlord.stanford.edu, 0.00061,
Received*windlord.stanford.edu, 0.00061,
Received*[171.64.19.147]), 0.00061,
Received*by+windlord.stanford.edu, 0.00061,
Received*windlord.stanford.edu+(windlord.Stanford.EDU, 0.00061,
Received*(windlord.Stanford.EDU, 0.00061,
Received*from+windlord.stanford.edu, 0.00061,
From*Russ+Allbery, 0.00061,
Message-ID*windlord.stanford.edu>, 0.00062,
Organization*The+Eyrie, 0.00062, Organization*Eyrie, 0.00062,
Received*(windlord.Stanford.EDU+[171.64.19.147]), 0.00062,
Subject*krb5, 0.00075, PAM+module, 0.00097
MIME-Version: 1.0

It's always right after a release that someone reports a major bug that's
been present for a while.

I'm pleased to announce release 3.8 of pam-krb5.

pam-krb5 is a Kerberos v5 PAM module for either MIT Kerberos or Heimdal.
It supports ticket refreshing by screen savers, configurable authorization
handling, authentication of non-local accounts for network services,
password changing, and password expiration, as well as all the standard
expected PAM features. It works correctly with OpenSSH, even with
ChallengeResponseAuthentication and PrivilegeSeparation enabled, and
supports configuration either by PAM options or in krb5.conf or both.

Changes from previous release:

krb5_get_init_creds_opt_alloc doesn't initialize the returned
structure with the default flags in MIT Kerberos 1.6, which meant that
users with expired passwords were not being prompted to change their
password but just rejected. Fixed by always calling _init before
setting the credential flags, regardless of the provenance of the opt
structure. Thanks, Michael Richters.

Fix configure and Makefile glue so that Mac OS X and HP-UX have a
chance of working (still untested).

Add a make warnings target with aggressive gcc warning options. Treat
negative minimum UIDs as zero so that UID comparisons can always be
done unsigned. Add casts and unused attributes as needed.

You can download it from:

<http://www.eyrie.org/~eagle/software/pam-krb5/>

Debian packages have been uploaded to Debian unstable.

Please let me know of any problems or feature requests not already listed
in the TODO file.

--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
Show quoted text
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
From: raeburn@mit.edu
Subject: SVN Commit
Initialize options for _alloc interface to same defaults as for _init.

Commit By: raeburn



Revision: 20064
Changed Files:
U trunk/src/lib/krb5/krb/gic_opt.c
From: tlyu@mit.edu
Subject: SVN Commit
pull up r20064 from trunk

r20064@cathode-dark-space: raeburn | 2007-10-01 19:48:57 -0400
ticket: 5800
tags: pullup

Initialize options for _alloc interface to same defaults as for _init.



Commit By: tlyu



Revision: 20078
Changed Files:
_U branches/krb5-1-6/
U branches/krb5-1-6/src/lib/krb5/krb/gic_opt.c