Bug Fix Advisory krb5 bug fix and enhancement update

Advisory: RHBA-2009:1378-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2009-09-02
Last updated on: 2009-09-02
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
OVAL: N/A

Details

Updated krb5 packages which fix several bugs and adds enhancements are now
available for Red Hat Enterprise Linux 5.

Kerberos 5 is a network authentication system which authenticates clients
and servers to each other using symmetric key encryption and a trusted
third party, the KDC.

These updated packages address the following bugs:

* one of the error messages printed by the "ksu" command contained a
spelling error ("geting"). This has been corrected. (BZ#462890)

* several dozen spelling errors across 21 krb5-related manual pages were
corrected. (BZ#499190)

* this update no longer attempts to create a keytab for use by the kadmin
service when the service is started; doing so is redundant and may
interfere with third-party password-changing services such as those
provided by IPA. (BZ#473151)

* with this update an attempt to load a database dump into a database which
has not been created will cause kdb5_util to create the database.
(BZ#442879)

* this update now correctly reports an error if an attempt to use rcp to
copy data to a remote system encounters an error as the file is closed.
(BZ#461902)

These new packages also add the following enhancements:

* the "ksu" command can now perform PAM account and session management for
the target user. (BZ#477033)

* the Kerberos-aware rsh, rlogin, telnet, and ftp services can now set the
PAM_RHOST item for users who log in or connect to a server remotely.
(BZ#479071)

All users of the krb5 workstation utilities and services are advised to
update to these packages which address these issues and add this
enhancement.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)
SRPMS:
krb5-1.6.1-36.el5.src.rpm     dcad42705196c5310502bd2128b91bbb
 
IA-32:
krb5-devel-1.6.1-36.el5.i386.rpm     db74534bfc1367fb8d5a01226523aa98
krb5-server-1.6.1-36.el5.i386.rpm     bbef29439e51ce399c3a0ec8861d5919
 
x86_64:
krb5-devel-1.6.1-36.el5.i386.rpm     db74534bfc1367fb8d5a01226523aa98
krb5-devel-1.6.1-36.el5.x86_64.rpm     6f0b752da16a837d16187409c3efba23
krb5-server-1.6.1-36.el5.x86_64.rpm     53d8ef28b1b178ec2ed1afb446a38b6f
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
krb5-1.6.1-36.el5.src.rpm     dcad42705196c5310502bd2128b91bbb
 
IA-32:
krb5-devel-1.6.1-36.el5.i386.rpm     db74534bfc1367fb8d5a01226523aa98
krb5-libs-1.6.1-36.el5.i386.rpm     6e8eb82250d78ba907261bdb5c9214db
krb5-server-1.6.1-36.el5.i386.rpm     bbef29439e51ce399c3a0ec8861d5919
krb5-workstation-1.6.1-36.el5.i386.rpm     49162ad6380a9ee3ab17e233fd2411a8
 
IA-64:
krb5-devel-1.6.1-36.el5.ia64.rpm     00c42f499263a6c390e7e8f52f9d1fe1
krb5-libs-1.6.1-36.el5.i386.rpm     6e8eb82250d78ba907261bdb5c9214db
krb5-libs-1.6.1-36.el5.ia64.rpm     fbbe087b8c51e6d5634ea4f32789d4e8
krb5-server-1.6.1-36.el5.ia64.rpm     70e24a9b87656a50835ffc5313b33cd3
krb5-workstation-1.6.1-36.el5.ia64.rpm     492b1b0ff0badb4432547a5e1d3be11c
 
PPC:
krb5-devel-1.6.1-36.el5.ppc.rpm     41cfe6f2227c8a749dfa1b31faa30d69
krb5-devel-1.6.1-36.el5.ppc64.rpm     fdd302be9810b364464f52b175b6ad40
krb5-libs-1.6.1-36.el5.ppc.rpm     c2487a0dca9bb45e8b25f3dd6c4c29d5
krb5-libs-1.6.1-36.el5.ppc64.rpm     95657391ec5924df6201489a60f658ca
krb5-server-1.6.1-36.el5.ppc.rpm     9bc6051dfb66950158fabf7ff85e532f
krb5-workstation-1.6.1-36.el5.ppc.rpm     2dfd00bf3a91e96a325a8cab9eb19961
 
s390x:
krb5-devel-1.6.1-36.el5.s390.rpm     f9c967f52bb025bcc919e722a69e01d0
krb5-devel-1.6.1-36.el5.s390x.rpm     39c06136cfd6e541b0f3e83f84612382
krb5-libs-1.6.1-36.el5.s390.rpm     3a06bc35b750c2e34d16618d36134ea8
krb5-libs-1.6.1-36.el5.s390x.rpm     bc79f10466ee15286601707b13b32173
krb5-server-1.6.1-36.el5.s390x.rpm     0ad1fda7adbc8d93efaf836e994597b6
krb5-workstation-1.6.1-36.el5.s390x.rpm     48b30ac8e20f30ae47dbff1274e2c369
 
x86_64:
krb5-devel-1.6.1-36.el5.i386.rpm     db74534bfc1367fb8d5a01226523aa98
krb5-devel-1.6.1-36.el5.x86_64.rpm     6f0b752da16a837d16187409c3efba23
krb5-libs-1.6.1-36.el5.i386.rpm     6e8eb82250d78ba907261bdb5c9214db
krb5-libs-1.6.1-36.el5.x86_64.rpm     fa1ee55bb36d90de1d8d3d26fbcceef5
krb5-server-1.6.1-36.el5.x86_64.rpm     53d8ef28b1b178ec2ed1afb446a38b6f
krb5-workstation-1.6.1-36.el5.x86_64.rpm     82dd3b039ce9b05109a8e2bdda3077df
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
krb5-1.6.1-36.el5.src.rpm     dcad42705196c5310502bd2128b91bbb
 
IA-32:
krb5-libs-1.6.1-36.el5.i386.rpm     6e8eb82250d78ba907261bdb5c9214db
krb5-workstation-1.6.1-36.el5.i386.rpm     49162ad6380a9ee3ab17e233fd2411a8
 
x86_64:
krb5-libs-1.6.1-36.el5.i386.rpm     6e8eb82250d78ba907261bdb5c9214db
krb5-libs-1.6.1-36.el5.x86_64.rpm     fa1ee55bb36d90de1d8d3d26fbcceef5
krb5-workstation-1.6.1-36.el5.x86_64.rpm     82dd3b039ce9b05109a8e2bdda3077df
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

442879 - Kerberos replication problems (RHEL5 master -> RHEL5 slave)
461902 - rcp does not return ENOSPC error on full NFS-File system
462890 - typo in "ksu: Server not found in Kerberos database while geting credentials from kdc"
473151 - stop setting up a kadmind keytab
479071 - [from RHEL4][RFE][PATCH] PAM_RHOST enabling KRB utilities
499190 - typo error in man pages


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/