- Issued:
- 2009-05-18
- Updated:
- 2009-05-18
RHBA-2009:0987 - Bug Fix Advisory
Synopsis
pam_krb5 bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An updated pam_krb5 package that fixes various bugs is now available.
Description
The pam_krb5 module allows Pluggable Authentication Modules (PAM) aware
applications to use Kerberos to verify user identities by obtaining user
credentials at log in time.
This updated package addresses the following bugs:
- when logging in without an AFS instance, multiple attempts for AFS
service tickets could be unsuccessful. This patch includes a backported
"nullafs" option, which can be used to prevent the module looking for an
assumed instance of the form afs/cell@REALM, and to use afs@REALM
directly, instead. (BZ#231137)
- during user authentication, the pam_krb5 module would not reset the
PAM_AUTHTOK item if it had been set previously. If a user supplied an
incorrect password on the first attempt, and the correct password on
subsequent attempts, only the first, incorrect password would be seen by
modules called after pam_krb5. This update corrects this bug, and
authentication should now work as expected. (BZ#437179)
- when a user who is unknown to Kerberos attempted to change their
password, a "passwd: Authentication failure" error occurred. The correct
error message, "passwd: User not known to the underlying authentication
module" is now returned in this circumstance. (BZ#436968)
Users of pam_krb5 are advised to upgrade to this updated package, which
resolves these issues.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
Affected Products
- Red Hat Enterprise Linux Server 4 x86_64
- Red Hat Enterprise Linux Server 4 ia64
- Red Hat Enterprise Linux Server 4 i386
- Red Hat Enterprise Linux Workstation 4 x86_64
- Red Hat Enterprise Linux Workstation 4 ia64
- Red Hat Enterprise Linux Workstation 4 i386
- Red Hat Enterprise Linux Desktop 4 x86_64
- Red Hat Enterprise Linux Desktop 4 i386
- Red Hat Enterprise Linux for IBM z Systems 4 s390x
- Red Hat Enterprise Linux for IBM z Systems 4 s390
- Red Hat Enterprise Linux for Power, big endian 4 ppc
Fixes
- BZ - 231137 - [PATCH]: use instance-less AFS service tickets
- BZ - 437179 - pam_krb5.so doesn't seem to set the password correctly for other PAM modules
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 4
SRPM | |
---|---|
pam_krb5-2.1.17-8.el4.src.rpm | SHA-256: d8a3e9609ff4b45c175d39c5011144da34e97c7bc5ed2fc586c4535da8f6ab9c |
x86_64 | |
pam_krb5-2.1.17-8.el4.i386.rpm | SHA-256: 4046edeb5108eed552528fa10527e73ac3d7bf12aeb2f9421c3544f3e92c4c54 |
pam_krb5-2.1.17-8.el4.i386.rpm | SHA-256: 4046edeb5108eed552528fa10527e73ac3d7bf12aeb2f9421c3544f3e92c4c54 |
pam_krb5-2.1.17-8.el4.x86_64.rpm | SHA-256: c1538603ac2ab565ce8263ae91d389392bf82af7b2f8d1ae9158bcbd6f8b8a3a |
pam_krb5-2.1.17-8.el4.x86_64.rpm | SHA-256: c1538603ac2ab565ce8263ae91d389392bf82af7b2f8d1ae9158bcbd6f8b8a3a |
ia64 | |
pam_krb5-2.1.17-8.el4.i386.rpm | SHA-256: 4046edeb5108eed552528fa10527e73ac3d7bf12aeb2f9421c3544f3e92c4c54 |
pam_krb5-2.1.17-8.el4.i386.rpm | SHA-256: 4046edeb5108eed552528fa10527e73ac3d7bf12aeb2f9421c3544f3e92c4c54 |
pam_krb5-2.1.17-8.el4.ia64.rpm | SHA-256: b2b5abdd3d0adf568376b81c271deee545e9223046680eafa1461962a8474231 |
pam_krb5-2.1.17-8.el4.ia64.rpm | SHA-256: b2b5abdd3d0adf568376b81c271deee545e9223046680eafa1461962a8474231 |
i386 | |
pam_krb5-2.1.17-8.el4.i386.rpm | SHA-256: 4046edeb5108eed552528fa10527e73ac3d7bf12aeb2f9421c3544f3e92c4c54 |
pam_krb5-2.1.17-8.el4.i386.rpm | SHA-256: 4046edeb5108eed552528fa10527e73ac3d7bf12aeb2f9421c3544f3e92c4c54 |
Red Hat Enterprise Linux Workstation 4
SRPM | |
---|---|
pam_krb5-2.1.17-8.el4.src.rpm | SHA-256: d8a3e9609ff4b45c175d39c5011144da34e97c7bc5ed2fc586c4535da8f6ab9c |
x86_64 | |
pam_krb5-2.1.17-8.el4.i386.rpm | SHA-256: 4046edeb5108eed552528fa10527e73ac3d7bf12aeb2f9421c3544f3e92c4c54 |
pam_krb5-2.1.17-8.el4.x86_64.rpm | SHA-256: c1538603ac2ab565ce8263ae91d389392bf82af7b2f8d1ae9158bcbd6f8b8a3a |
ia64 | |
pam_krb5-2.1.17-8.el4.i386.rpm | SHA-256: 4046edeb5108eed552528fa10527e73ac3d7bf12aeb2f9421c3544f3e92c4c54 |
pam_krb5-2.1.17-8.el4.ia64.rpm | SHA-256: b2b5abdd3d0adf568376b81c271deee545e9223046680eafa1461962a8474231 |
i386 | |
pam_krb5-2.1.17-8.el4.i386.rpm | SHA-256: 4046edeb5108eed552528fa10527e73ac3d7bf12aeb2f9421c3544f3e92c4c54 |
Red Hat Enterprise Linux Desktop 4
SRPM | |
---|---|
pam_krb5-2.1.17-8.el4.src.rpm | SHA-256: d8a3e9609ff4b45c175d39c5011144da34e97c7bc5ed2fc586c4535da8f6ab9c |
x86_64 | |
pam_krb5-2.1.17-8.el4.i386.rpm | SHA-256: 4046edeb5108eed552528fa10527e73ac3d7bf12aeb2f9421c3544f3e92c4c54 |
pam_krb5-2.1.17-8.el4.x86_64.rpm | SHA-256: c1538603ac2ab565ce8263ae91d389392bf82af7b2f8d1ae9158bcbd6f8b8a3a |
i386 | |
pam_krb5-2.1.17-8.el4.i386.rpm | SHA-256: 4046edeb5108eed552528fa10527e73ac3d7bf12aeb2f9421c3544f3e92c4c54 |
Red Hat Enterprise Linux for IBM z Systems 4
SRPM | |
---|---|
pam_krb5-2.1.17-8.el4.src.rpm | SHA-256: d8a3e9609ff4b45c175d39c5011144da34e97c7bc5ed2fc586c4535da8f6ab9c |
s390x | |
pam_krb5-2.1.17-8.el4.s390.rpm | SHA-256: 23e5e49e7fd96658b59f3861bd0a300ae63c064ea09dd0a4451494c3e08dd28d |
pam_krb5-2.1.17-8.el4.s390x.rpm | SHA-256: 704cce5bb04fca54048cbed4008c7535a40fcd23fbbba8ec768f5f10de5fef14 |
s390 | |
pam_krb5-2.1.17-8.el4.s390.rpm | SHA-256: 23e5e49e7fd96658b59f3861bd0a300ae63c064ea09dd0a4451494c3e08dd28d |
Red Hat Enterprise Linux for Power, big endian 4
SRPM | |
---|---|
pam_krb5-2.1.17-8.el4.src.rpm | SHA-256: d8a3e9609ff4b45c175d39c5011144da34e97c7bc5ed2fc586c4535da8f6ab9c |
ppc | |
pam_krb5-2.1.17-8.el4.ppc.rpm | SHA-256: 9bdb5e71200d373d9e7102e0c9d1bf2d1e7ef7a7bc12e496b54fbece689975d0 |
pam_krb5-2.1.17-8.el4.ppc64.rpm | SHA-256: f303dc16ef40c6b65c25251870f172c9658a0f6e5e94be4e36cd6c88f40eb236 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.