1.76.2. RHBA-2011:1031: krb5 bug fix and enhancement update

Updated krb5 packages that fix multiple bugs and add one enhancement are now available for Red Hat Enterprise Linux 5.

Kerberos is a network authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, a KDC.

This update fixes the following bugs:

* Prior to this update,the lock of the realm database could, under certain circumstances, not be released. Due to this problem, the lock could not be acquired until the clearing process was stopped or restarted. With this update, the realm database is successfully locked. (BZ#586032)

* Prior to this update,the Kerberos-aware FTP server did not parse the "restrict" keyword correctly when it was used in /etc/ftpusers. This update modifies the code so that the server parses the "restrict" keyword correctly. (BZ#644215)

* Prior to this update,the Kerberos-aware FTP client did not correctly display the size of a transferred file on 32-bit systems if the size of the file exceeded 4GB. This update modifies the type of the variable used to track the number of bytes transferred. (BZ#648404)

* Prior to this update, the client libraries failed, under certain circumstances, to parse an error reply message from the server when trying to change passwords. With this update, the client library can parse the message and correctly returns the reported error to its caller. (BZ#658871)

* Prior to this update, Kerberos-aware servers leaked memory when replay caching was disabled. This update modifies the code so that no more memory leaks occur. (BZ#678205)

* Prior to this update, the SELinux label was not maintained for replay cache files when expired entries were expunged. This update maintains the reply cache files in such a case. (BZ#712453)

This update also adds the following enhancement:

* Prior to this update, the Kerberos-aware FTP client was not able to parse user commands if the length of the command exceeded the limit of 500 characters. This update allows for the Kerberos-aware FTP client to parse user commands without character limit. (BZ#665833)

All Kerberos users are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.