Updated pam-krb5 packages that resolve an issue are now available.
The pam_krb5 package contains a pluggable authentication module which
allows PAM-aware applications to use Kerberos 5 to verify a user's password
and to obtain and manage Kerberos credentials associated with a user session.
These updated pam-krb5 packages fix a bug which caused user authentication
to fail under certain circumstances. When authenticating a user, if the
user's password was expired, the module would attempt to obtain
password-changing credentials in order to verify the user's password. When
the module was configured to validate credentials, it would incorrectly
attempt to validate the password-changing credentials, which cannot be
validated in the way that a ticket-granting ticket can. In these updated
packages, an exception is made in this case, thus resolving the issue.
All users of pam-krb5 are advised to upgrade to these updated packages,
which resolve this issue.
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
| Red Hat Desktop (v. 3) |
|
| SRPMS: |
| pam_krb5-1.81-1.src.rpm |
bd0074a9c5df4a67ee3b1cf9df680420 |
| |
| IA-32: |
| pam_krb5-1.81-1.i386.rpm |
90bcfca550d83ebb1d0be57d0bf04ab7 |
| |
| x86_64: |
| pam_krb5-1.81-1.i386.rpm |
90bcfca550d83ebb1d0be57d0bf04ab7 |
| pam_krb5-1.81-1.x86_64.rpm |
b8cdb874f967fbcd5e5b3f4bb085ccb7 |
| |
| Red Hat Enterprise Linux AS (v. 3) |
|
| SRPMS: |
| pam_krb5-1.81-1.src.rpm |
bd0074a9c5df4a67ee3b1cf9df680420 |
| |
| IA-32: |
| pam_krb5-1.81-1.i386.rpm |
90bcfca550d83ebb1d0be57d0bf04ab7 |
| |
| IA-64: |
| pam_krb5-1.81-1.i386.rpm |
90bcfca550d83ebb1d0be57d0bf04ab7 |
| pam_krb5-1.81-1.ia64.rpm |
079e4ddd0d7737665c25bc86492b4fe0 |
| |
| PPC: |
| pam_krb5-1.81-1.ppc.rpm |
65e2774997aba3df7c75de88753a75c8 |
| pam_krb5-1.81-1.ppc64.rpm |
ebf58f7b067084acb8e87f7b908eab4b |
| |
| s390: |
| pam_krb5-1.81-1.s390.rpm |
fa9b2b7622afa3ccbe9254fa0d962166 |
| |
| s390x: |
| pam_krb5-1.81-1.s390.rpm |
fa9b2b7622afa3ccbe9254fa0d962166 |
| pam_krb5-1.81-1.s390x.rpm |
ec6b1194d76fa9d588298047014f286a |
| |
| x86_64: |
| pam_krb5-1.81-1.i386.rpm |
90bcfca550d83ebb1d0be57d0bf04ab7 |
| pam_krb5-1.81-1.x86_64.rpm |
b8cdb874f967fbcd5e5b3f4bb085ccb7 |
| |
| Red Hat Enterprise Linux ES (v. 3) |
|
| SRPMS: |
| pam_krb5-1.81-1.src.rpm |
bd0074a9c5df4a67ee3b1cf9df680420 |
| |
| IA-32: |
| pam_krb5-1.81-1.i386.rpm |
90bcfca550d83ebb1d0be57d0bf04ab7 |
| |
| IA-64: |
| pam_krb5-1.81-1.i386.rpm |
90bcfca550d83ebb1d0be57d0bf04ab7 |
| pam_krb5-1.81-1.ia64.rpm |
079e4ddd0d7737665c25bc86492b4fe0 |
| |
| x86_64: |
| pam_krb5-1.81-1.i386.rpm |
90bcfca550d83ebb1d0be57d0bf04ab7 |
| pam_krb5-1.81-1.x86_64.rpm |
b8cdb874f967fbcd5e5b3f4bb085ccb7 |
| |
| Red Hat Enterprise Linux WS (v. 3) |
|
| SRPMS: |
| pam_krb5-1.81-1.src.rpm |
bd0074a9c5df4a67ee3b1cf9df680420 |
| |
| IA-32: |
| pam_krb5-1.81-1.i386.rpm |
90bcfca550d83ebb1d0be57d0bf04ab7 |
| |
| IA-64: |
| pam_krb5-1.81-1.i386.rpm |
90bcfca550d83ebb1d0be57d0bf04ab7 |
| pam_krb5-1.81-1.ia64.rpm |
079e4ddd0d7737665c25bc86492b4fe0 |
| |
| x86_64: |
| pam_krb5-1.81-1.i386.rpm |
90bcfca550d83ebb1d0be57d0bf04ab7 |
| pam_krb5-1.81-1.x86_64.rpm |
b8cdb874f967fbcd5e5b3f4bb085ccb7 |
| |
(The unlinked packages above are only available from the Red Hat Network)
|
435168 - User cannot authenticate if the password has been expired and option validate is used.
pam_krb5 bug fix update