- Issued:
- 2011-02-16
- Updated:
- 2011-02-16
RHBA-2010:0870 - Bug Fix Advisory
Synopsis
pam_krb5 bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An updated pam_krb5 package that fixes various bugs is now available for Red Hat
Enterprise Linux 4.
Description
The pam_krb5 module allows Pluggable Authentication Modules (PAM) aware
applications to use Kerberos to verify user identities by obtaining user
credentials at log in time.
This update fixes the following bugs:
- When a user's Kerberos password was expired, an attempt to obtain credentials
in order to change the password may have failed due to the key distribution
center (KDC) being configured not to issue credentials with certain settings.
With this update, the underlying source code has been modified to improve the
interoperability with such servers. (BZ#490160)
- Due to an error in an application logic, pam_krb5 may have attempted to
enforce the "minimum_uid" option, even though the "no_user_check" option was in
use and thus the user identifier was not known. This error has been fixed, the
relevant conditional statements have been extended to take this configuration
into account, and this option now works as expected. (BZ#490403)
- When a user provided an expired password to log in, the module would attempt
to reset the password to the user's now expired password. This issue is now
resolved and the user is prompted to create a new password. (BZ#521740)
- Under certain circumstances, an error in a keytab handling may have caused a
Ticket Granting Ticket (TGT) verification to fail. With this update, this error
no longer occurs, and TGT is verified as expected. (BZ#531471)
Users are advised to upgrade to this updated pam_krb5 package, which resolves
these issues.
Solution
Before applying this update, make sure that all previously-released errata
relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
Affected Products
- Red Hat Enterprise Linux Server 4 x86_64
- Red Hat Enterprise Linux Server 4 ia64
- Red Hat Enterprise Linux Server 4 i386
- Red Hat Enterprise Linux Workstation 4 x86_64
- Red Hat Enterprise Linux Workstation 4 ia64
- Red Hat Enterprise Linux Workstation 4 i386
- Red Hat Enterprise Linux Desktop 4 x86_64
- Red Hat Enterprise Linux Desktop 4 i386
- Red Hat Enterprise Linux for IBM z Systems 4 s390x
- Red Hat Enterprise Linux for IBM z Systems 4 s390
- Red Hat Enterprise Linux for Power, big endian 4 ppc
Fixes
- BZ - 531471 - Failed to verify TGT cause of wrong keytab handling
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 4
SRPM | |
---|---|
pam_krb5-2.1.17-12.el4.src.rpm | SHA-256: 83ad48706df5287a418ff6c710e1dfe94dc9a55231f87ddac7c7b66f69b7838a |
x86_64 | |
pam_krb5-2.1.17-12.el4.i386.rpm | SHA-256: 66fcb8f44b509f3f76520d2c59852a1e995db86b7157722c0aea21e1eb457773 |
pam_krb5-2.1.17-12.el4.i386.rpm | SHA-256: 66fcb8f44b509f3f76520d2c59852a1e995db86b7157722c0aea21e1eb457773 |
pam_krb5-2.1.17-12.el4.x86_64.rpm | SHA-256: c2f0508701d46ca23d0dba3cb2ae0181a3978a9f0fadd841db8c550cc89d7b19 |
pam_krb5-2.1.17-12.el4.x86_64.rpm | SHA-256: c2f0508701d46ca23d0dba3cb2ae0181a3978a9f0fadd841db8c550cc89d7b19 |
ia64 | |
pam_krb5-2.1.17-12.el4.i386.rpm | SHA-256: 66fcb8f44b509f3f76520d2c59852a1e995db86b7157722c0aea21e1eb457773 |
pam_krb5-2.1.17-12.el4.i386.rpm | SHA-256: 66fcb8f44b509f3f76520d2c59852a1e995db86b7157722c0aea21e1eb457773 |
pam_krb5-2.1.17-12.el4.ia64.rpm | SHA-256: 13198861dc5f27eefc73fef0bb52cadce61e10efb62d85b7d26decddf0cd1815 |
pam_krb5-2.1.17-12.el4.ia64.rpm | SHA-256: 13198861dc5f27eefc73fef0bb52cadce61e10efb62d85b7d26decddf0cd1815 |
i386 | |
pam_krb5-2.1.17-12.el4.i386.rpm | SHA-256: 66fcb8f44b509f3f76520d2c59852a1e995db86b7157722c0aea21e1eb457773 |
pam_krb5-2.1.17-12.el4.i386.rpm | SHA-256: 66fcb8f44b509f3f76520d2c59852a1e995db86b7157722c0aea21e1eb457773 |
Red Hat Enterprise Linux Workstation 4
SRPM | |
---|---|
pam_krb5-2.1.17-12.el4.src.rpm | SHA-256: 83ad48706df5287a418ff6c710e1dfe94dc9a55231f87ddac7c7b66f69b7838a |
x86_64 | |
pam_krb5-2.1.17-12.el4.i386.rpm | SHA-256: 66fcb8f44b509f3f76520d2c59852a1e995db86b7157722c0aea21e1eb457773 |
pam_krb5-2.1.17-12.el4.x86_64.rpm | SHA-256: c2f0508701d46ca23d0dba3cb2ae0181a3978a9f0fadd841db8c550cc89d7b19 |
ia64 | |
pam_krb5-2.1.17-12.el4.i386.rpm | SHA-256: 66fcb8f44b509f3f76520d2c59852a1e995db86b7157722c0aea21e1eb457773 |
pam_krb5-2.1.17-12.el4.ia64.rpm | SHA-256: 13198861dc5f27eefc73fef0bb52cadce61e10efb62d85b7d26decddf0cd1815 |
i386 | |
pam_krb5-2.1.17-12.el4.i386.rpm | SHA-256: 66fcb8f44b509f3f76520d2c59852a1e995db86b7157722c0aea21e1eb457773 |
Red Hat Enterprise Linux Desktop 4
SRPM | |
---|---|
pam_krb5-2.1.17-12.el4.src.rpm | SHA-256: 83ad48706df5287a418ff6c710e1dfe94dc9a55231f87ddac7c7b66f69b7838a |
x86_64 | |
pam_krb5-2.1.17-12.el4.i386.rpm | SHA-256: 66fcb8f44b509f3f76520d2c59852a1e995db86b7157722c0aea21e1eb457773 |
pam_krb5-2.1.17-12.el4.x86_64.rpm | SHA-256: c2f0508701d46ca23d0dba3cb2ae0181a3978a9f0fadd841db8c550cc89d7b19 |
i386 | |
pam_krb5-2.1.17-12.el4.i386.rpm | SHA-256: 66fcb8f44b509f3f76520d2c59852a1e995db86b7157722c0aea21e1eb457773 |
Red Hat Enterprise Linux for IBM z Systems 4
SRPM | |
---|---|
pam_krb5-2.1.17-12.el4.src.rpm | SHA-256: 83ad48706df5287a418ff6c710e1dfe94dc9a55231f87ddac7c7b66f69b7838a |
s390x | |
pam_krb5-2.1.17-12.el4.s390.rpm | SHA-256: f8894ca69c75f99c59fc65984ef9f7d7c5d5dd55c20922d36f30fd63fc14ae54 |
pam_krb5-2.1.17-12.el4.s390x.rpm | SHA-256: d3cc777e630dcc1172553383e3435052afedb1050a96d31f5640437642b0c8c9 |
s390 | |
pam_krb5-2.1.17-12.el4.s390.rpm | SHA-256: f8894ca69c75f99c59fc65984ef9f7d7c5d5dd55c20922d36f30fd63fc14ae54 |
Red Hat Enterprise Linux for Power, big endian 4
SRPM | |
---|---|
pam_krb5-2.1.17-12.el4.src.rpm | SHA-256: 83ad48706df5287a418ff6c710e1dfe94dc9a55231f87ddac7c7b66f69b7838a |
ppc | |
pam_krb5-2.1.17-12.el4.ppc.rpm | SHA-256: 7999b8c8c8d4c5d31d324740ba9634600edbafb43b686cfdd3cbf33e912388aa |
pam_krb5-2.1.17-12.el4.ppc64.rpm | SHA-256: 860163b082d81a628391aa446b1ddad0288d7c45c5c0dfdf647c013a5a9a96c7 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.