Updated krb5 packages that fix a bug are now available for Red Hat Enterprise Linux 5.
Kerberos is a network authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, a KDC (Key Distribution Center).
This update fixes the following bug:
* When expired entries are being expunged from cache, Kerberos creates a temporary file, copies valid entries into it and then renames it back to set it as a new cache file. Prior to this update, the SELinux label was not set correctly for the temporary file. Subsequently, user identities could not be properly verified. With this update, a newer version of the patch addressing this issue has been provided, the temporary file now gets the correct SELinux label and applications that modify the replay cache file continue to work properly in the described scenario. (BZ#714188
Users of krb5 are advised to upgrade to these updated packages, which fix this bug.