- Issued:
- 2008-08-04
- Updated:
- 2008-08-04
RHBA-2008:0813 - Bug Fix Advisory
Synopsis
pam_krb5 bug fix update
Type/Severity
Bug Fix Advisory
Topic
Updated pam-krb5 packages that resolve an issue are now available.
Description
The pam_krb5 package contains a pluggable authentication module which
allows PAM-aware applications to use Kerberos 5 to verify a user's password
and to obtain and manage Kerberos credentials associated with a user session.
These updated pam-krb5 packages fix a bug which caused user authentication
to fail under certain circumstances. When authenticating a user, if the
user's password was expired, the module would attempt to obtain
password-changing credentials in order to verify the user's password. When
the module was configured to validate credentials, it would incorrectly
attempt to validate the password-changing credentials, which cannot be
validated in the way that a ticket-granting ticket can. In these updated
packages, an exception is made in this case, thus resolving the issue.
All users of pam-krb5 are advised to upgrade to these updated packages,
which resolve this issue.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
Affected Products
- Red Hat Enterprise Linux Server 3 x86_64
- Red Hat Enterprise Linux Server 3 ia64
- Red Hat Enterprise Linux Server 3 i386
- Red Hat Enterprise Linux Workstation 3 x86_64
- Red Hat Enterprise Linux Workstation 3 ia64
- Red Hat Enterprise Linux Workstation 3 i386
- Red Hat Enterprise Linux Desktop 3 x86_64
- Red Hat Enterprise Linux Desktop 3 i386
- Red Hat Enterprise Linux for IBM z Systems 3 s390x
- Red Hat Enterprise Linux for IBM z Systems 3 s390
- Red Hat Enterprise Linux for Power, big endian 3 ppc
Fixes
- BZ - 435168 - User cannot authenticate if the password has been expired and option validate is used.
CVEs
(none)
References
(none)
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.