MIT Kerberos5 Implementation--Libraries
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of clear text passwords.
- Developed at network
- Sources inherited from project openSUSE:Factory
-
6
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:Leap:16.0:FactoryCandidates/krb5 && cd $_ - Create Badge
Refresh
Refresh
Source Files
| Filename | Size | Changed |
|---|---|---|
| 0001-ksu-pam-integration.patch | 0000022537 22 KB | |
| 0002-krb5-1.9-manpaths.patch | 0000000976 976 Bytes | |
| 0003-Adjust-build-configuration.patch | 0000003503 3.42 KB | |
| 0004-krb5-1.6.3-gssapi_improve_errormessages.patch | 0000001058 1.03 KB | |
| 0005-krb5-1.6.3-ktutil-manpage.patch | 0000001043 1.02 KB | |
| 0006-krb5-1.12-api.patch | 0000001455 1.42 KB | |
| 0007-SELinux-integration.patch | 0000032806 32 KB | |
| 0008-krb5-1.9-debuginfo.patch | 0000001537 1.5 KB | |
| _multibuild | 0000000059 59 Bytes | |
| baselibs.conf | 0000000094 94 Bytes | |
| krb5-1.21.1.tar.gz | 0008623049 8.22 MB | |
| krb5-1.21.1.tar.gz.asc | 0000000833 833 Bytes | |
| krb5-mini.changes | 0000085879 83.9 KB | |
| krb5-mini.spec | 0000012221 11.9 KB | |
| krb5-rpmlintrc | 0000000434 434 Bytes | |
| krb5.changes | 0000090861 88.7 KB | |
| krb5.keyring | 0000003900 3.81 KB | |
| krb5.spec | 0000017536 17.1 KB | |
| krb5.tmpfiles | 0000000452 452 Bytes | |
| ksu-pam.d | 0000000329 329 Bytes | |
| vendor-files.tar.bz2 | 0000182614 178 KB |
Revision 167 (latest revision is 174)
Ana Guerrero (anag+factory)
accepted
request 1098841
from
Dirk Mueller (dirkmueller)
(revision 167)
- update to 1.121.1 (CVE-2023-36054):
* Fix potential uninitialized pointer free in kadm5 XDR parsing
[CVE-2023-36054].
* Added a credential cache type providing compatibility with
the macOS 11 native credential cache.
* libkadm5 will use the provided krb5_context object to read
configuration values, instead of creating its own.
* Added an interface to retrieve the ticket session key
from a GSS context.
* The KDC will no longer issue tickets with RC4 or triple-DES
session keys unless explicitly configured with the new
allow_rc4 or allow_des3 variables respectively.
* The KDC will assume that all services can handle aes256-sha1
session keys unless the service principal has a
session_enctypes string attribute.
* Support for PAC full KDC checksums has been added to
mitigate an S4U2Proxy privilege escalation attack.
* The PKINIT client will advertise a more modern set
of supported CMS algorithms.
* Removed unused code in libkrb5, libkrb5support,
and the PKINIT module.
* Modernized the KDC code for processing TGS requests,
the code for encrypting and decrypting key data,
the PAC handling code, and the GSS library packet
parsing and composition code.
* Improved the test framework's detection of memory
errors in daemon processes when used with asan.
Comments 2
Hi,
You may want to update krb5-server.logrotate file inside vendor-files.tar.bz2 to reload using systemd instead of /etc/init.d/ scripts. At least on my setup I have no legacy init.d scripts available.
For what it’s worth, this also applies to Leap 15.1 and probably 15.2.
Hi,
it is pending for approval https://build.opensuse.org/request/show/812027
The updates for Leap will follow soon.
Thanks