Fedora 7 Update: krb5-1.6.1-8.fc7

updates at fedoraproject.org updates at fedoraproject.org
Thu Mar 6 16:36:24 UTC 2008

Fedora Update Notification
2008-03-06 16:11:40

Name        : krb5
Product     : Fedora 7
Version     : 1.6.1
Release     : 8.fc7
URL         : http://web.mit.edu/kerberos/www/
Summary     : The Kerberos network authentication system.
Description :
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords.

Update Information:

This update restores kinit's traditional behavior of prompting for a password
change when it receives a password-is-expired error from the KDC.  It modifies
the kdb_ldap plugin so that it honors the 'nsAccountLock' attribute used by
Fedora (and Red Hat, and Netscape) Directory Server.

* Tue Feb 26 2008 Nalin Dahyabhai <nalin at redhat.com> 1.6.1-8
- stop adding a redundant but harmless call to initialize the gssapi internals
- kdb_ldap: add patch to treat 'nsAccountLock: true' as an indication that
  the DISALLOW_ALL_TIX flag is set on an entry, for better interop with Fedora,
  Netscape, Red Hat Directory Server (Simo Sorce)
* Mon Feb 25 2008 Nalin Dahyabhai <nalin at redhat.com>
- remove a patch, to fix problems with interfaces which are "up" but which
  have no address assigned, which conflicted with a different fix for the same
  problem in 1.5 (#200979)
* Wed Jan 23 2008 Nalin Dahyabhai <nalin at redhat.com> 1.6.1-7
- backport fix from 1.6.3 to get back traditional prompt-for-password-change-
  on-expired-password behavior back in kinit (and other users of
  krb5_get_init_creds_opt_alloc()) (#429918)
* Fri Nov 16 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.1-6
- backport a fix to make handling of returned flags during spnego credential
  delegation more forgiving of apps which don't care about flags but still
  want a delegated credential handle (#314651, RT#5802)
- fix retrieval of krb5 credentials from an spnego delegated handle (#319351,
* Mon Sep 17 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.1-5
- fix incorrect call to "test" in the kadmin init script (Fran Taylor, #287291)
* Thu Sep  6 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.1-4
- incorporate updated fix for CVE-2007-3999 (CVE-2007-4743)
* Tue Sep  4 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.1-3
- incorporate fixes for MITKRB5-SA-2007-006 (CVE-2007-3999, CVE-2007-4000)
* Wed Jun 27 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.1-2.1
- incorporate fixes for MITKRB5-SA-2007-004 (CVE-2007-2442,CVE-2007-2443)
  and MITKRB5-SA-2007-005 (CVE-2007-2798)
* Wed Jun 27 2007 Nalin Dahyabhai <nalin at redhat.com>
- preprocess kerberos.ldif into a format FDS will like better, and include
  that as a doc file as well (from 1.6.1-4)
- drop old, incomplete SELinux patch (from 1.6.1-4)
- add patch from Greg Hudson to make srvtab routines report missing-file errors
  at same point that "file" keytab routines do (from 1.6.1-4, #241805)
* Wed Jun 27 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.1-2.0
- pull up from devel HEAD's 1.6.1-2
* Thu May 24 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.1-2
- pull patch from svn to undo unintentional chattiness in ftp
- pull patch from svn to handle NULL krb5_get_init_creds_opt structures
  better in a couple of places where they're expected
* Wed May 23 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.1-1
- update to 1.6.1
  - drop no-longer-needed patches for CVE-2007-0956,CVE-2007-0957,CVE-2007-1216
  - drop patch for sendto bug in 1.6, fixed in 1.6.1
* Fri May 18 2007 Nalin Dahyabhai <nalin at redhat.com>
- kadmind.init: don't fail outright if the default principal database
  isn't there if it looks like we might be using the kldap plugin
- kadmind.init: attempt to extract the key for the host-specific kadmin
  service when we try to create the keytab

  [ 1 ] Bug #200979 - kinit -a segfaults

This update can be installed with the "yum" update program.  Use 
su -c 'yum update krb5' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at

More information about the package-announce mailing list