- Issued:
- 2007-11-07
- Updated:
- 2007-11-07
RHEA-2007:0893 - Product Enhancement Advisory
Synopsis
krb5 bug fix enhancement update
Type/Severity
Product Enhancement Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated krb5 packages that fix various bugs and add enhancements are now
available.
Description
Kerberos is a trusted-third-party authentication system which allows
clients and servers to authenticate to each other using symmetric-key
encryption.
These updated packages fix the following bugs:
- tools that created files applied an incorrect SELinux label to those
files. In certain situations the ktadd command failed with a "kadmin:
Insufficient access to lock database while changing" error, and the kadmin
service could not be started using the "service kadmin start" command. In
these updated packages the correct SELinux labels are applied.
- the path to the dictionary file in the default KDC configuration was
incorrect. In a default configuration, the dictionary will not be found.
In these updated packages the path to the dictionary file is correctly set.
- a library function returned "NULL" instead of "OID". Microsoft Windows
clients running Internet Explorer or Mozilla Firefox failed to authenticate
against Apache mod_auth_kerb. The following error occurred:
gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may
provide more information (Cannot allocate memory)
This issue is resolved in these updated packages.
- users with home directories on NFS servers using root squashing would
receive a false error report, indicating that the user has no home
directory. The user could still access their home directory when this error
occurred. The false error message is no longer issued.
- the behavior of the "srvtab" keytab type was not consistent with the
"file" keytab type. Scanning keytabs and srvtabs that did not exist using
the "klist -k -t FILE:/tmp/does-not-exist" and "klist -k -t
SRVTAB:/tmp/does-not-exist" commands reported inconsistent errors. The
behavior of the "srvtab" keytab type is more consistent with the "file"
keytab type in these updated packages.
These updated packages also add the following enhancements:
- the Kerberos-aware rsh, rlogin, ftp, and telnet servers now use PAM to
perform session management. This allows process limits to be set using the
pam_limits.so module.
- services can now use keys with a version number of "0". This improves
compatibility with Microsoft Windows Server 2003 Domain Controllers.
- in these updated packages the KDC listens for TCP connections by default.
All krb5 users are advised to upgrade to these updated packages, which
resolve these issues and add these enhancements.
Solution
Before applying this update, make sure that all previously-released errata
relevant to your system have been applied. Use Red Hat Network to download
and update your packages. To do so, run the following command (as root):
pup
Alternatively, for a command-line interface, run the following command:
yum update
To register your system to RHN, use the following command:
rhn_register
For information on how to manually install or remove packages, refer to the
following link:
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Server 5 ia64
- Red Hat Enterprise Linux Server 5 i386
- Red Hat Enterprise Linux Workstation 5 x86_64
- Red Hat Enterprise Linux Workstation 5 i386
- Red Hat Enterprise Linux Desktop 5 x86_64
- Red Hat Enterprise Linux Desktop 5 i386
- Red Hat Enterprise Linux for IBM z Systems 5 s390x
- Red Hat Enterprise Linux for Power, big endian 5 ppc
- Red Hat Enterprise Linux Server from RHUI 5 x86_64
- Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
- BZ - 236417 - kdc.conf has default items in crazy locations
- BZ - 238847 - kerberos release contains bug fixed upstream
- BZ - 241805 - incorporate fixup for "any" keytab type
- BZ - 248050 - login.krb5 incorrectly warns about missing home directories on NFS if root-squashing is enabled
- BZ - 253558 - start of kadmin is impossible
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 5
SRPM | |
---|---|
krb5-1.6.1-17.el5.src.rpm | SHA-256: 6893e3847e325e48ac82d62e4fb229d2702a9f316d5e995fe8a40624876fa4f8 |
x86_64 | |
krb5-devel-1.6.1-17.el5.i386.rpm | SHA-256: 3789d8fd9ac895bfc590fa7b563470f0c44b4f1b23ccb9396dd070fc7b8edd1e |
krb5-devel-1.6.1-17.el5.x86_64.rpm | SHA-256: f271c66b4b895efedb5c010ede30d250b62fcd3eb4309ae669d22a61a2216c5e |
krb5-libs-1.6.1-17.el5.i386.rpm | SHA-256: ff31faa06e487ced4d89cc156b0f061fb6c1ed9df68b4ce1752c7823be7d520e |
krb5-libs-1.6.1-17.el5.x86_64.rpm | SHA-256: 9c80f627ad989b5a2f3b7723488bf0458da37f9d11a4973e44967a5c8b939b61 |
krb5-server-1.6.1-17.el5.x86_64.rpm | SHA-256: f0e63b6b102a11461121c47b07a806c47825f829a9fa078a0ae71d3285e96903 |
krb5-workstation-1.6.1-17.el5.x86_64.rpm | SHA-256: 75b768a5df8f71ac30baffc86e2231384ebbae57d446515e35a46e33009ec486 |
ia64 | |
krb5-devel-1.6.1-17.el5.ia64.rpm | SHA-256: 51402a2f22dd7fafd88ed3bccf7ef14ee6ef2c06311030ac8ee2cd863a7da2ca |
krb5-libs-1.6.1-17.el5.i386.rpm | SHA-256: ff31faa06e487ced4d89cc156b0f061fb6c1ed9df68b4ce1752c7823be7d520e |
krb5-libs-1.6.1-17.el5.ia64.rpm | SHA-256: c69f6c68f7ce888256eaca13a6d6e0cdef7ca8ed795aa1cdb1f488cc2efa4cdd |
krb5-server-1.6.1-17.el5.ia64.rpm | SHA-256: ce356c4b4b0639fd3aa8a1aceddd3c101118808a405d4d70f9282ab3f64b6912 |
krb5-workstation-1.6.1-17.el5.ia64.rpm | SHA-256: 97c650947487033bf4b0bf8de1a51eb288d6f9fefc58929bdb3ece386500959c |
i386 | |
krb5-devel-1.6.1-17.el5.i386.rpm | SHA-256: 3789d8fd9ac895bfc590fa7b563470f0c44b4f1b23ccb9396dd070fc7b8edd1e |
krb5-libs-1.6.1-17.el5.i386.rpm | SHA-256: ff31faa06e487ced4d89cc156b0f061fb6c1ed9df68b4ce1752c7823be7d520e |
krb5-server-1.6.1-17.el5.i386.rpm | SHA-256: 78bf9a99d36cd162b0085213e5b13959a3ccba268738ae572e12634ccb3373c5 |
krb5-workstation-1.6.1-17.el5.i386.rpm | SHA-256: a88ba0958db3bdd12c02ac718ff232d4c298e31606c3894a79b1045202f89ca2 |
Red Hat Enterprise Linux Workstation 5
SRPM | |
---|---|
krb5-1.6.1-17.el5.src.rpm | SHA-256: 6893e3847e325e48ac82d62e4fb229d2702a9f316d5e995fe8a40624876fa4f8 |
x86_64 | |
krb5-devel-1.6.1-17.el5.i386.rpm | SHA-256: 3789d8fd9ac895bfc590fa7b563470f0c44b4f1b23ccb9396dd070fc7b8edd1e |
krb5-devel-1.6.1-17.el5.x86_64.rpm | SHA-256: f271c66b4b895efedb5c010ede30d250b62fcd3eb4309ae669d22a61a2216c5e |
krb5-libs-1.6.1-17.el5.i386.rpm | SHA-256: ff31faa06e487ced4d89cc156b0f061fb6c1ed9df68b4ce1752c7823be7d520e |
krb5-libs-1.6.1-17.el5.x86_64.rpm | SHA-256: 9c80f627ad989b5a2f3b7723488bf0458da37f9d11a4973e44967a5c8b939b61 |
krb5-server-1.6.1-17.el5.x86_64.rpm | SHA-256: f0e63b6b102a11461121c47b07a806c47825f829a9fa078a0ae71d3285e96903 |
krb5-workstation-1.6.1-17.el5.x86_64.rpm | SHA-256: 75b768a5df8f71ac30baffc86e2231384ebbae57d446515e35a46e33009ec486 |
i386 | |
krb5-devel-1.6.1-17.el5.i386.rpm | SHA-256: 3789d8fd9ac895bfc590fa7b563470f0c44b4f1b23ccb9396dd070fc7b8edd1e |
krb5-libs-1.6.1-17.el5.i386.rpm | SHA-256: ff31faa06e487ced4d89cc156b0f061fb6c1ed9df68b4ce1752c7823be7d520e |
krb5-server-1.6.1-17.el5.i386.rpm | SHA-256: 78bf9a99d36cd162b0085213e5b13959a3ccba268738ae572e12634ccb3373c5 |
krb5-workstation-1.6.1-17.el5.i386.rpm | SHA-256: a88ba0958db3bdd12c02ac718ff232d4c298e31606c3894a79b1045202f89ca2 |
Red Hat Enterprise Linux Desktop 5
SRPM | |
---|---|
krb5-1.6.1-17.el5.src.rpm | SHA-256: 6893e3847e325e48ac82d62e4fb229d2702a9f316d5e995fe8a40624876fa4f8 |
x86_64 | |
krb5-libs-1.6.1-17.el5.i386.rpm | SHA-256: ff31faa06e487ced4d89cc156b0f061fb6c1ed9df68b4ce1752c7823be7d520e |
krb5-libs-1.6.1-17.el5.x86_64.rpm | SHA-256: 9c80f627ad989b5a2f3b7723488bf0458da37f9d11a4973e44967a5c8b939b61 |
krb5-workstation-1.6.1-17.el5.x86_64.rpm | SHA-256: 75b768a5df8f71ac30baffc86e2231384ebbae57d446515e35a46e33009ec486 |
i386 | |
krb5-libs-1.6.1-17.el5.i386.rpm | SHA-256: ff31faa06e487ced4d89cc156b0f061fb6c1ed9df68b4ce1752c7823be7d520e |
krb5-workstation-1.6.1-17.el5.i386.rpm | SHA-256: a88ba0958db3bdd12c02ac718ff232d4c298e31606c3894a79b1045202f89ca2 |
Red Hat Enterprise Linux for IBM z Systems 5
SRPM | |
---|---|
krb5-1.6.1-17.el5.src.rpm | SHA-256: 6893e3847e325e48ac82d62e4fb229d2702a9f316d5e995fe8a40624876fa4f8 |
s390x | |
krb5-devel-1.6.1-17.el5.s390.rpm | SHA-256: 494738a032025945de841329bdfbf8f35d058b794a000ffb8e156584d698b92a |
krb5-devel-1.6.1-17.el5.s390x.rpm | SHA-256: 5ed683ecf798f0e00efa9d670b83b7841647b6aa432063e59c1f8c0d688fa8ba |
krb5-libs-1.6.1-17.el5.s390.rpm | SHA-256: f603f03ba02ca631d20a900f59d663aa7a7e7146eba2b210f57797d26434b585 |
krb5-libs-1.6.1-17.el5.s390x.rpm | SHA-256: 62356be002761beccac898d0e6fcca600f9f7b3a17205c7af60cf3142324175b |
krb5-server-1.6.1-17.el5.s390x.rpm | SHA-256: 2c80d89a48d26840c93e111511b35d55c273f8e7ffb3acdffef581cbc49132d4 |
krb5-workstation-1.6.1-17.el5.s390x.rpm | SHA-256: 1fa4fb587b9472fe6aa2c5fc7b197600a533b2cc6c0a1b10228a59b5e214cff4 |
Red Hat Enterprise Linux for Power, big endian 5
SRPM | |
---|---|
krb5-1.6.1-17.el5.src.rpm | SHA-256: 6893e3847e325e48ac82d62e4fb229d2702a9f316d5e995fe8a40624876fa4f8 |
ppc | |
krb5-devel-1.6.1-17.el5.ppc.rpm | SHA-256: 01b20ae4854280f2c37a9cc6b6735ebd2f3e375b587e86766d4e0b7e612fc67a |
krb5-devel-1.6.1-17.el5.ppc64.rpm | SHA-256: ad9c777df5d1947645ba4d7fed375f1634ca62cf4fd0add4d57767bd24a1f476 |
krb5-libs-1.6.1-17.el5.ppc.rpm | SHA-256: bf0db509395ee963ea28912c90b39ea6923ed4bbc53f74e8e18304b0f7939ba5 |
krb5-libs-1.6.1-17.el5.ppc64.rpm | SHA-256: dc6f5485fa898de3b928c50964ccc491b9df93d5a6d9dd915d5e510534bbe6d4 |
krb5-server-1.6.1-17.el5.ppc.rpm | SHA-256: 9a7e1a1f0521229057766eaa24f1a6eb82a9878e02ea2260c1ae64abafb7c7b7 |
krb5-workstation-1.6.1-17.el5.ppc.rpm | SHA-256: 89e0605e58299b6dedebab1d0ceecc321ebee38167440723902d389e96d516a9 |
Red Hat Enterprise Linux Server from RHUI 5
SRPM | |
---|---|
krb5-1.6.1-17.el5.src.rpm | SHA-256: 6893e3847e325e48ac82d62e4fb229d2702a9f316d5e995fe8a40624876fa4f8 |
x86_64 | |
krb5-devel-1.6.1-17.el5.i386.rpm | SHA-256: 3789d8fd9ac895bfc590fa7b563470f0c44b4f1b23ccb9396dd070fc7b8edd1e |
krb5-devel-1.6.1-17.el5.x86_64.rpm | SHA-256: f271c66b4b895efedb5c010ede30d250b62fcd3eb4309ae669d22a61a2216c5e |
krb5-libs-1.6.1-17.el5.i386.rpm | SHA-256: ff31faa06e487ced4d89cc156b0f061fb6c1ed9df68b4ce1752c7823be7d520e |
krb5-libs-1.6.1-17.el5.x86_64.rpm | SHA-256: 9c80f627ad989b5a2f3b7723488bf0458da37f9d11a4973e44967a5c8b939b61 |
krb5-server-1.6.1-17.el5.x86_64.rpm | SHA-256: f0e63b6b102a11461121c47b07a806c47825f829a9fa078a0ae71d3285e96903 |
krb5-workstation-1.6.1-17.el5.x86_64.rpm | SHA-256: 75b768a5df8f71ac30baffc86e2231384ebbae57d446515e35a46e33009ec486 |
i386 | |
krb5-devel-1.6.1-17.el5.i386.rpm | SHA-256: 3789d8fd9ac895bfc590fa7b563470f0c44b4f1b23ccb9396dd070fc7b8edd1e |
krb5-libs-1.6.1-17.el5.i386.rpm | SHA-256: ff31faa06e487ced4d89cc156b0f061fb6c1ed9df68b4ce1752c7823be7d520e |
krb5-server-1.6.1-17.el5.i386.rpm | SHA-256: 78bf9a99d36cd162b0085213e5b13959a3ccba268738ae572e12634ccb3373c5 |
krb5-workstation-1.6.1-17.el5.i386.rpm | SHA-256: a88ba0958db3bdd12c02ac718ff232d4c298e31606c3894a79b1045202f89ca2 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.