4.215. pam_krb5


An updated pam_krb5 package that fixes various bugs is now available for Red Hat Enterprise Linux 6.
The pam_krb5 package allows PAM-aware applications to check user passwords with the help of a Kerberos KDC.

Bug Fixes

BZ#690832
When a client logged into a remote host using SSH with GSSAPI authentication, configured to re-delegate credentials when the client obtains fresh credentials, pam_krb5 created a new credential cache on the remote host in addition to the cache created by SSH. Consequently, the credential cache that pam_krb5 had created for the user's session would not be updated when they were renewed on the client. This update prevents pam_krb5 from creating its own cache in the scenario described, so the credential delegation mechanism is not interfered with.
BZ#700520
Prior to this update, when a client attempted to perform a password change after using a non-password-based pre-authentication mechanism (such as a Smart Card), the pam_krb5 module would unnecessarily prompt for the user's PIN (twice). This update corrects this bug.
BZ#720609, BZ#722489, BZ#733803
When a client, using SSH, logged into a remote host using the PasswordAuthentication mechanism, two credential caches would be created for the user on the remote host, but only one of them would be removed when the user logged out. This update no longer creates the second, redundant cache.
All users of pam_krb5 are advised to upgrade to this updated package, which fixes these bugs.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.