pam_krb5 bug fix update

Advisory:	RHBA-2008:0813-2
Type:	Bug Fix Advisory
Severity:	N/A
Issued on:	2008-08-04
Last updated on:	2008-08-04
Affected Products:	Red Hat Desktop (v. 3) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux WS (v. 3)

Details

Updated pam-krb5 packages that resolve an issue are now available.

The pam_krb5 package contains a pluggable authentication module which
allows PAM-aware applications to use Kerberos 5 to verify a user's password
and to obtain and manage Kerberos credentials associated with a user session.

These updated pam-krb5 packages fix a bug which caused user authentication
to fail under certain circumstances. When authenticating a user, if the
user's password was expired, the module would attempt to obtain
password-changing credentials in order to verify the user's password. When
the module was configured to validate credentials, it would incorrectly
attempt to validate the password-changing credentials, which cannot be
validated in the way that a ticket-granting ticket can. In these updated
packages, an exception is made in this case, thus resolving the issue.

All users of pam-krb5 are advised to upgrade to these updated packages,
which resolve this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
ftp://updates.redhat.com/rhn/public/NULL/pam_krb5/1.81-1/SRPMS/pam_krb5-1.81-1.src.rpm Missing file	`MD5: bd0074a9c5df4a67ee3b1cf9df680420`

IA-32:
ftp://updates.redhat.com/rhn/public/NULL/pam_krb5/1.81-1/i386/pam_krb5-1.81-1.i386.rpm Missing file	`MD5: 90bcfca550d83ebb1d0be57d0bf04ab7`

x86_64:
ftp://updates.redhat.com/rhn/public/NULL/pam_krb5/1.81-1/i386/pam_krb5-1.81-1.i386.rpm Missing file	`MD5: 90bcfca550d83ebb1d0be57d0bf04ab7`
ftp://updates.redhat.com/rhn/public/NULL/pam_krb5/1.81-1/x86_64/pam_krb5-1.81-1.x86_64.rpm Missing file	`MD5: b8cdb874f967fbcd5e5b3f4bb085ccb7`

Red Hat Enterprise Linux AS (v. 3)

SRPMS:
ftp://updates.redhat.com/rhn/public/NULL/pam_krb5/1.81-1/SRPMS/pam_krb5-1.81-1.src.rpm Missing file	`MD5: bd0074a9c5df4a67ee3b1cf9df680420`

IA-32:
ftp://updates.redhat.com/rhn/public/NULL/pam_krb5/1.81-1/i386/pam_krb5-1.81-1.i386.rpm Missing file	`MD5: 90bcfca550d83ebb1d0be57d0bf04ab7`

IA-64:
ftp://updates.redhat.com/rhn/public/NULL/pam_krb5/1.81-1/i386/pam_krb5-1.81-1.i386.rpm Missing file	`MD5: 90bcfca550d83ebb1d0be57d0bf04ab7`
ftp://updates.redhat.com/rhn/public/NULL/pam_krb5/1.81-1/ia64/pam_krb5-1.81-1.ia64.rpm Missing file	`MD5: 079e4ddd0d7737665c25bc86492b4fe0`

PPC:
ftp://updates.redhat.com/rhn/public/NULL/pam_krb5/1.81-1/ppc/pam_krb5-1.81-1.ppc.rpm Missing file	`MD5: 65e2774997aba3df7c75de88753a75c8`
ftp://updates.redhat.com/rhn/public/NULL/pam_krb5/1.81-1/ppc64/pam_krb5-1.81-1.ppc64.rpm Missing file	`MD5: ebf58f7b067084acb8e87f7b908eab4b`

s390:
ftp://updates.redhat.com/rhn/public/NULL/pam_krb5/1.81-1/s390/pam_krb5-1.81-1.s390.rpm Missing file	`MD5: fa9b2b7622afa3ccbe9254fa0d962166`

s390x:
ftp://updates.redhat.com/rhn/public/NULL/pam_krb5/1.81-1/s390/pam_krb5-1.81-1.s390.rpm Missing file	`MD5: fa9b2b7622afa3ccbe9254fa0d962166`
ftp://updates.redhat.com/rhn/public/NULL/pam_krb5/1.81-1/s390x/pam_krb5-1.81-1.s390x.rpm Missing file	`MD5: ec6b1194d76fa9d588298047014f286a`

x86_64:
ftp://updates.redhat.com/rhn/public/NULL/pam_krb5/1.81-1/i386/pam_krb5-1.81-1.i386.rpm Missing file	`MD5: 90bcfca550d83ebb1d0be57d0bf04ab7`
ftp://updates.redhat.com/rhn/public/NULL/pam_krb5/1.81-1/x86_64/pam_krb5-1.81-1.x86_64.rpm Missing file	`MD5: b8cdb874f967fbcd5e5b3f4bb085ccb7`

Red Hat Enterprise Linux ES (v. 3)

SRPMS:
ftp://updates.redhat.com/rhn/public/NULL/pam_krb5/1.81-1/SRPMS/pam_krb5-1.81-1.src.rpm Missing file	`MD5: bd0074a9c5df4a67ee3b1cf9df680420`

IA-32:
ftp://updates.redhat.com/rhn/public/NULL/pam_krb5/1.81-1/i386/pam_krb5-1.81-1.i386.rpm Missing file	`MD5: 90bcfca550d83ebb1d0be57d0bf04ab7`

IA-64:
ftp://updates.redhat.com/rhn/public/NULL/pam_krb5/1.81-1/i386/pam_krb5-1.81-1.i386.rpm Missing file	`MD5: 90bcfca550d83ebb1d0be57d0bf04ab7`
ftp://updates.redhat.com/rhn/public/NULL/pam_krb5/1.81-1/ia64/pam_krb5-1.81-1.ia64.rpm Missing file	`MD5: 079e4ddd0d7737665c25bc86492b4fe0`

x86_64:
ftp://updates.redhat.com/rhn/public/NULL/pam_krb5/1.81-1/i386/pam_krb5-1.81-1.i386.rpm Missing file	`MD5: 90bcfca550d83ebb1d0be57d0bf04ab7`
ftp://updates.redhat.com/rhn/public/NULL/pam_krb5/1.81-1/x86_64/pam_krb5-1.81-1.x86_64.rpm Missing file	`MD5: b8cdb874f967fbcd5e5b3f4bb085ccb7`

Red Hat Enterprise Linux WS (v. 3)

SRPMS:
ftp://updates.redhat.com/rhn/public/NULL/pam_krb5/1.81-1/SRPMS/pam_krb5-1.81-1.src.rpm Missing file	`MD5: bd0074a9c5df4a67ee3b1cf9df680420`

IA-32:
ftp://updates.redhat.com/rhn/public/NULL/pam_krb5/1.81-1/i386/pam_krb5-1.81-1.i386.rpm Missing file	`MD5: 90bcfca550d83ebb1d0be57d0bf04ab7`

IA-64:
ftp://updates.redhat.com/rhn/public/NULL/pam_krb5/1.81-1/i386/pam_krb5-1.81-1.i386.rpm Missing file	`MD5: 90bcfca550d83ebb1d0be57d0bf04ab7`
ftp://updates.redhat.com/rhn/public/NULL/pam_krb5/1.81-1/ia64/pam_krb5-1.81-1.ia64.rpm Missing file	`MD5: 079e4ddd0d7737665c25bc86492b4fe0`

x86_64:
ftp://updates.redhat.com/rhn/public/NULL/pam_krb5/1.81-1/i386/pam_krb5-1.81-1.i386.rpm Missing file	`MD5: 90bcfca550d83ebb1d0be57d0bf04ab7`
ftp://updates.redhat.com/rhn/public/NULL/pam_krb5/1.81-1/x86_64/pam_krb5-1.81-1.x86_64.rpm Missing file	`MD5: b8cdb874f967fbcd5e5b3f4bb085ccb7`

Bugs fixed (see bugzilla for more information)

435168 - User cannot authenticate if the password has been expired and option validate is used.

Keywords

expiration, validate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/