krb5 bug fix and enhancement update

Updated krb5 packages that fix various bugs and add enhancements are now
available.

Kerberos is a trusted-third-party authentication system that allows
clients and servers to authenticate to each other using symmetric-key
encryption.

These updated packages fix the following bugs:

* the Kerberos FTP client leaked file descriptors when it failed to
download a file, causing sockets to be left open. Multiple failed attempts
increased the number of open sockets. In these updated packages the
Kerberos FTP client no longer leaks file descriptors.

* when the "runique" option is enabled in the Kerberos FTP client,
downloading multiple files using mget and a wildcard (ie "mget *") failed.
In these updated packages mget works correctly with "runique" enabled.

* the behavior of the "srvtab" keytab type was not consistent with the
"file" keytab type. Scanning keytabs and srvtabs that did not exist using
the "klist -k -t FILE:/tmp/does-not-exist" and "klist -k -t
SRVTAB:/tmp/does-not-exist" commands reported inconsistent errors. The
behavior of the "srvtab" keytab type is more consistent with the "file"
keytab type in these updated packages.

* a memory leak in credential caching has been resolved.

* missing white spaces caused words to run together in the kinit man page.
Words are correctly spaced in these updated packages.

* when kpasswd is run by a user who does not have a valid credential
cache, kpasswd fails with a "kpasswd: Bad format in credentials cache
getting principal from ccache" error. In these updated packages if a user
does not have a valid credential cache, kpasswd will convert the users UID
to a username and append the default realm name.

This update also adds the following enhancements:

* the Kerberos-aware rsh, rlogin, ftp, and telnet servers now use PAM to
perform session management. This allows process limits to be set using the
pam_limits.so module.

* time periods specified without any units are now treated as a number of
seconds rather than an invalid value. For example, the "kinit -l 3600"
command requests a ticket with a lifetime of 3600 seconds.

* services can now use keys with a version number of "0". This improves
compatibility with Microsoft Windows Server 2003 Domain Controllers.

All krb5 users are advised to upgrade to these updated packages, which
resolve these issues and add these enhancements.

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

190104 - ftp leaks socket fds when it fails to open a file
190106 - ftp client: runique on stops mget from working
195923 - Backport from RHEL5: krb5-workstation's klogind needsto be pamified
197062 - kinit man page is missing some white spaces
197522 - Kerberos maximum ticket lifetime is 1 day
216649 - Memory leak in credential caching.
236896 - kpasswd insists on a valid credentials cache and doesn't use the UID
241806 - incorporate fixup for "any" keytab type