- Issued:
- 2011-01-13
- Updated:
- 2011-01-13
RHBA-2011:0098 - Bug Fix Advisory
Synopsis
krb5 bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated krb5 packages that fix several bugs and provide two new features are now
available for Red Hat Enterprise Linux 5.
Description
Kerberos is a network authentication system which allows clients and servers to
authenticate each other with the help of a trusted third party, the Key
Distribution Center (KDC).
This update addresses these issues:
- Servers which were not able to determine to which realm they belonged may have
failed to accept authentication from clients. (BZ#450122)
- Log files were not rotated on KDCs. (BZ#462658)
- Replicated servers could not use master key stash files generated on a KDC of
different endianness. (BZ#514741)
- Authentication to GSSAPI-enabled FTP servers could have failed if the server
was known by multiple names and the client knew the server by a name other than
the server's configured host name. (BZ#538075)
- Some applications that attempted to obtain initial credentials for a user
could have crashed if the user's password had expired. (BZ#555875)
- The default kdc.conf configuration file did not list AES encryption types in
the included example. (BZ#565941)
- When the credentials used to establish a GSSAPI context expired, communication
using the context began to fail. (BZ#605367)
- The Kerberos-aware version of rshd unnecessarily failed if the name of the
local user account being accessed was more than 16--but less than 32--characters
long. (BZ#611713)
- The password expiration time recorded in a user entry in a realm database
accessed using LDAP was always ignored if the user entry had an associated
password policy. (BZ#627038)
This update also provides these features:
- A realm database can now be stored in an LDAP directory server. (BZ#514362)
- The k5login_authoritative setting can be used to adjust the logic of the
commonly-used krb5_kuserok() function to allow access to a user account when the
principal name can be mapped to user's name, but the principal name is not
explicitly listed in the user's .k5login file. (BZ#539423)
Users should upgrade to these updated packages, which resolve these issues and
add these enhancements.
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Server 5 ia64
- Red Hat Enterprise Linux Server 5 i386
- Red Hat Enterprise Linux Workstation 5 x86_64
- Red Hat Enterprise Linux Workstation 5 i386
- Red Hat Enterprise Linux Desktop 5 x86_64
- Red Hat Enterprise Linux Desktop 5 i386
- Red Hat Enterprise Linux for IBM z Systems 5 s390x
- Red Hat Enterprise Linux for Power, big endian 5 ppc
- Red Hat Enterprise Linux Server from RHUI 5 x86_64
- Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
- BZ - 450122 - kprop fails after upgrade from 5.1 to 5.2
- BZ - 462658 - Kerberos server log does not get rotated
- BZ - 514741 - Stash file architecture dependent, when creating slave KDC according to the bug #442879
- BZ - 538075 - Kerberos ticket authentication for ftp and ssh fails over interfaces that don't match the hostname of the server
- BZ - 539423 - pam_krb5 requires self principal to be listed in .k5login
- BZ - 555875 - SLAPD SEGFAULT IN KRB5_GET_INIT_CREDS_PASSWORD
- BZ - 569472 - gssftpd without option "-a" segfaults when using non-existant login
- BZ - 596887 - ksu with pam occasionally fails
- BZ - 605367 - Stop breaking GSS sealed connections at orioginal credentials expiration time
- BZ - 611713 - kshd: locuser too long for usernames >= 16 chars
- BZ - 627038 - Incorrect handling of password expiration
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 5
SRPM | |
---|---|
krb5-1.6.1-55.el5.src.rpm | SHA-256: 020d260d04f23ee3bb732d8bf426f8daca3b7f0399a51c17ea53d9d803fba8ab |
x86_64 | |
krb5-devel-1.6.1-55.el5.i386.rpm | SHA-256: 3e17f3a10d0c1399a541854189b2b9084e68c9254c5ca1eef2f28b367674c1e1 |
krb5-devel-1.6.1-55.el5.x86_64.rpm | SHA-256: 735a34830787d9d12a3a17f2696401bea37054bb7440cf57b1884f3d88af565b |
krb5-libs-1.6.1-55.el5.i386.rpm | SHA-256: c92380b601230932f5b67e746601bfc2fdf44c2b4347ff4ad51467f793bbffa7 |
krb5-libs-1.6.1-55.el5.x86_64.rpm | SHA-256: 56bfc9989777c4906875c07408a29428f91fd4a4cfb98afd76a34e49a5cedb46 |
krb5-server-1.6.1-55.el5.x86_64.rpm | SHA-256: c81b929e2233ab55bfdcaf97c1047d19457291019431f05de68fafe65c829539 |
krb5-server-ldap-1.6.1-55.el5.x86_64.rpm | SHA-256: e6d6531cbf1f15e6fc1dd98040eb2c737d5f414a56fdd2734f7c985779eafcbf |
krb5-workstation-1.6.1-55.el5.x86_64.rpm | SHA-256: 17743aa31c40c92793d5098b41ba9a6024b38ac7de24dd7f1a883218a3c8a2c6 |
ia64 | |
krb5-devel-1.6.1-55.el5.ia64.rpm | SHA-256: b65d4027063c4c0068368018d91bfc896499b206f02a3fab0103f1fab176b09d |
krb5-libs-1.6.1-55.el5.i386.rpm | SHA-256: c92380b601230932f5b67e746601bfc2fdf44c2b4347ff4ad51467f793bbffa7 |
krb5-libs-1.6.1-55.el5.ia64.rpm | SHA-256: b675ff91341a667bf85a48f8cb2716bb076a710355e54e9b9fdc8e9b302aa481 |
krb5-server-1.6.1-55.el5.ia64.rpm | SHA-256: e28c2370b9eae193934d20c6b0a9fede95f272690ee8580e4c3e980d7c277b77 |
krb5-server-ldap-1.6.1-55.el5.ia64.rpm | SHA-256: cb65e65f942ad6e47adf47d7c005f2283b0d176895224f3bf29341f6ebf90a01 |
krb5-workstation-1.6.1-55.el5.ia64.rpm | SHA-256: 534685613aa7deae74437fd343e4970db5ebd34b45c0e5896f0004bef96561d3 |
i386 | |
krb5-devel-1.6.1-55.el5.i386.rpm | SHA-256: 3e17f3a10d0c1399a541854189b2b9084e68c9254c5ca1eef2f28b367674c1e1 |
krb5-libs-1.6.1-55.el5.i386.rpm | SHA-256: c92380b601230932f5b67e746601bfc2fdf44c2b4347ff4ad51467f793bbffa7 |
krb5-server-1.6.1-55.el5.i386.rpm | SHA-256: 96d3c79cafd4279736833f3e958635aafcbca0afc6bbe97b239e99a581364d91 |
krb5-server-ldap-1.6.1-55.el5.i386.rpm | SHA-256: 67a7d1ca9168be4229bf9176638902a8d1f5e6ae55c7abc742222b9439e8b253 |
krb5-workstation-1.6.1-55.el5.i386.rpm | SHA-256: 48987632e4f00bc81456d6e863cc10eff31abdf3111f3b8f0652a706f3c59bf4 |
Red Hat Enterprise Linux Workstation 5
SRPM | |
---|---|
krb5-1.6.1-55.el5.src.rpm | SHA-256: 020d260d04f23ee3bb732d8bf426f8daca3b7f0399a51c17ea53d9d803fba8ab |
x86_64 | |
krb5-devel-1.6.1-55.el5.i386.rpm | SHA-256: 3e17f3a10d0c1399a541854189b2b9084e68c9254c5ca1eef2f28b367674c1e1 |
krb5-devel-1.6.1-55.el5.x86_64.rpm | SHA-256: 735a34830787d9d12a3a17f2696401bea37054bb7440cf57b1884f3d88af565b |
krb5-libs-1.6.1-55.el5.i386.rpm | SHA-256: c92380b601230932f5b67e746601bfc2fdf44c2b4347ff4ad51467f793bbffa7 |
krb5-libs-1.6.1-55.el5.x86_64.rpm | SHA-256: 56bfc9989777c4906875c07408a29428f91fd4a4cfb98afd76a34e49a5cedb46 |
krb5-server-1.6.1-55.el5.x86_64.rpm | SHA-256: c81b929e2233ab55bfdcaf97c1047d19457291019431f05de68fafe65c829539 |
krb5-server-ldap-1.6.1-55.el5.x86_64.rpm | SHA-256: e6d6531cbf1f15e6fc1dd98040eb2c737d5f414a56fdd2734f7c985779eafcbf |
krb5-workstation-1.6.1-55.el5.x86_64.rpm | SHA-256: 17743aa31c40c92793d5098b41ba9a6024b38ac7de24dd7f1a883218a3c8a2c6 |
i386 | |
krb5-devel-1.6.1-55.el5.i386.rpm | SHA-256: 3e17f3a10d0c1399a541854189b2b9084e68c9254c5ca1eef2f28b367674c1e1 |
krb5-libs-1.6.1-55.el5.i386.rpm | SHA-256: c92380b601230932f5b67e746601bfc2fdf44c2b4347ff4ad51467f793bbffa7 |
krb5-server-1.6.1-55.el5.i386.rpm | SHA-256: 96d3c79cafd4279736833f3e958635aafcbca0afc6bbe97b239e99a581364d91 |
krb5-server-ldap-1.6.1-55.el5.i386.rpm | SHA-256: 67a7d1ca9168be4229bf9176638902a8d1f5e6ae55c7abc742222b9439e8b253 |
krb5-workstation-1.6.1-55.el5.i386.rpm | SHA-256: 48987632e4f00bc81456d6e863cc10eff31abdf3111f3b8f0652a706f3c59bf4 |
Red Hat Enterprise Linux Desktop 5
SRPM | |
---|---|
krb5-1.6.1-55.el5.src.rpm | SHA-256: 020d260d04f23ee3bb732d8bf426f8daca3b7f0399a51c17ea53d9d803fba8ab |
x86_64 | |
krb5-libs-1.6.1-55.el5.i386.rpm | SHA-256: c92380b601230932f5b67e746601bfc2fdf44c2b4347ff4ad51467f793bbffa7 |
krb5-libs-1.6.1-55.el5.x86_64.rpm | SHA-256: 56bfc9989777c4906875c07408a29428f91fd4a4cfb98afd76a34e49a5cedb46 |
krb5-workstation-1.6.1-55.el5.x86_64.rpm | SHA-256: 17743aa31c40c92793d5098b41ba9a6024b38ac7de24dd7f1a883218a3c8a2c6 |
i386 | |
krb5-libs-1.6.1-55.el5.i386.rpm | SHA-256: c92380b601230932f5b67e746601bfc2fdf44c2b4347ff4ad51467f793bbffa7 |
krb5-workstation-1.6.1-55.el5.i386.rpm | SHA-256: 48987632e4f00bc81456d6e863cc10eff31abdf3111f3b8f0652a706f3c59bf4 |
Red Hat Enterprise Linux for IBM z Systems 5
SRPM | |
---|---|
krb5-1.6.1-55.el5.src.rpm | SHA-256: 020d260d04f23ee3bb732d8bf426f8daca3b7f0399a51c17ea53d9d803fba8ab |
s390x | |
krb5-devel-1.6.1-55.el5.s390.rpm | SHA-256: c08b5acc5d07d1dc3629780f0a3e98b6eee41e84bc4f25895c4786a26de9d097 |
krb5-devel-1.6.1-55.el5.s390x.rpm | SHA-256: abd5fa47ece3420b7538eab81fdcd0c6f69fac638d08f05478b2970186d2ac05 |
krb5-libs-1.6.1-55.el5.s390.rpm | SHA-256: 489eb97437b64267dc560c32a7b6454585127743d319feb473bcdf651b70c05e |
krb5-libs-1.6.1-55.el5.s390x.rpm | SHA-256: 98a2e9ca23314e25ca51a188c027ef5cb6df7ad62cc316ce8b3da6f900174007 |
krb5-server-1.6.1-55.el5.s390x.rpm | SHA-256: 80215c2ad57750136b53aa9253b666d851fc67f33167c9ade217427a56b68c32 |
krb5-server-ldap-1.6.1-55.el5.s390x.rpm | SHA-256: 05baf6cfd048d4b76009b37e6d3fdcb22cf337278618a188de5c56cde950b320 |
krb5-workstation-1.6.1-55.el5.s390x.rpm | SHA-256: db595522b993971f7c1fae922bd23c8080a7fc8ba1c8c430719cb09e5f685324 |
Red Hat Enterprise Linux for Power, big endian 5
SRPM | |
---|---|
krb5-1.6.1-55.el5.src.rpm | SHA-256: 020d260d04f23ee3bb732d8bf426f8daca3b7f0399a51c17ea53d9d803fba8ab |
ppc | |
krb5-devel-1.6.1-55.el5.ppc.rpm | SHA-256: 64521463d0801227574cf29c908c70497f2ae9a1150cce30890981ec29f1f89a |
krb5-devel-1.6.1-55.el5.ppc64.rpm | SHA-256: 9ad2108b08f53a46d110d22413f084ceb9ee5844e4a71c5cc82baf17a819bc92 |
krb5-libs-1.6.1-55.el5.ppc.rpm | SHA-256: fd3bfa3185fcc3938c4fcfac1f53fac6888313c8757ac37860f3844fa66d1adc |
krb5-libs-1.6.1-55.el5.ppc64.rpm | SHA-256: 25979a9242b1c66930a28d75613ea282d9ad74634fdf890d2ced8ba6d74483f8 |
krb5-server-1.6.1-55.el5.ppc.rpm | SHA-256: 6d1357b58af02d89d26f111636ca53759ec40a875811803974d1dfe6b41e51b7 |
krb5-server-ldap-1.6.1-55.el5.ppc.rpm | SHA-256: b932338b76579a3b4ed47ff46d50e3703990b6793bfce976226a99e9fd31b452 |
krb5-workstation-1.6.1-55.el5.ppc.rpm | SHA-256: 8678344eeaeedca7e09d0e555fc7c5c089a39ab6f26ee733fd74088c735b56ed |
Red Hat Enterprise Linux Server from RHUI 5
SRPM | |
---|---|
krb5-1.6.1-55.el5.src.rpm | SHA-256: 020d260d04f23ee3bb732d8bf426f8daca3b7f0399a51c17ea53d9d803fba8ab |
x86_64 | |
krb5-devel-1.6.1-55.el5.i386.rpm | SHA-256: 3e17f3a10d0c1399a541854189b2b9084e68c9254c5ca1eef2f28b367674c1e1 |
krb5-devel-1.6.1-55.el5.x86_64.rpm | SHA-256: 735a34830787d9d12a3a17f2696401bea37054bb7440cf57b1884f3d88af565b |
krb5-libs-1.6.1-55.el5.i386.rpm | SHA-256: c92380b601230932f5b67e746601bfc2fdf44c2b4347ff4ad51467f793bbffa7 |
krb5-libs-1.6.1-55.el5.x86_64.rpm | SHA-256: 56bfc9989777c4906875c07408a29428f91fd4a4cfb98afd76a34e49a5cedb46 |
krb5-server-1.6.1-55.el5.x86_64.rpm | SHA-256: c81b929e2233ab55bfdcaf97c1047d19457291019431f05de68fafe65c829539 |
krb5-server-ldap-1.6.1-55.el5.x86_64.rpm | SHA-256: e6d6531cbf1f15e6fc1dd98040eb2c737d5f414a56fdd2734f7c985779eafcbf |
krb5-workstation-1.6.1-55.el5.x86_64.rpm | SHA-256: 17743aa31c40c92793d5098b41ba9a6024b38ac7de24dd7f1a883218a3c8a2c6 |
i386 | |
krb5-devel-1.6.1-55.el5.i386.rpm | SHA-256: 3e17f3a10d0c1399a541854189b2b9084e68c9254c5ca1eef2f28b367674c1e1 |
krb5-libs-1.6.1-55.el5.i386.rpm | SHA-256: c92380b601230932f5b67e746601bfc2fdf44c2b4347ff4ad51467f793bbffa7 |
krb5-server-1.6.1-55.el5.i386.rpm | SHA-256: 96d3c79cafd4279736833f3e958635aafcbca0afc6bbe97b239e99a581364d91 |
krb5-server-ldap-1.6.1-55.el5.i386.rpm | SHA-256: 67a7d1ca9168be4229bf9176638902a8d1f5e6ae55c7abc742222b9439e8b253 |
krb5-workstation-1.6.1-55.el5.i386.rpm | SHA-256: 48987632e4f00bc81456d6e863cc10eff31abdf3111f3b8f0652a706f3c59bf4 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.