Updated krb5 packages that fix two bugs and add one enhancement are now available for Red Hat Enterprise Linux 6.
Kerberos is a networked authentication system that allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center.
- Prior to this update, if the Kerberos principal keys were expired, the password change request did not take into account the FAST framework settings for password change requests. Consequently, the pre-auth methods, which require FAST, could not be used for user authentication. This update modifies krb5 to correctly use FAST armor in the password change messages, and the pre-auth methods can be used for user authentication.
- Previously, after the user set up incremental propagation between a KDC master and slave, an attempt to perform a full synchronization failed with an error message. A patch has been applied to fix this problem, and full synchronization no longer fails after the user sets up incremental propagation between a KDC master and slave.
- This update adds the LocalAuth plug-in API to krb5. SSSD can leverage LocalAuth to allow seamless authentication of Active Directory (AD) users to Red Hat Enterprise Linux Identity Management (IdM) clients.
Users of krb5 are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.