- Issued:
- 2011-12-06
- Updated:
- 2011-12-06
RHBA-2011:1704 - Bug Fix Advisory
Synopsis
pam_krb5 bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An updated pam_krb5 package that fixes various bugs is now available for Red Hat
Enterprise Linux 6.
Description
The pam_krb5 package allows PAM-aware applications to check user passwords with
the help of a Kerberos KDC.
This updated pam_krb5 package includes fixes for the following bugs:
- When a client logged into a remote host using SSH with GSSAPI authentication,
configured to re-delegate credentials when the client obtains fresh credentials,
pam_krb5 created a new credential cache on the remote host in addition to the
cache created by SSH. Consequently, the credential cache that pam_krb5 had
created for the user's session would not be updated when they were renewed on
the client. This update prevents pam_krb5 from creating its own cache in the
scenario described, so the credential delegation mechanism is not interfered
with. (BZ#690832)
- Prior to this update, when a client attempted to perform a password change
after using a non-password-based pre-authentication mechanism (such as a Smart
Card), the pam_krb5 module would unnecessarily prompt for the user's PIN
(twice). This update corrects this bug. (BZ#700520)
- When a client, using SSH, logged into a remote host using the
PasswordAuthentication mechanism, two credential caches would be created for the
user on the remote host, but only one of them would be removed when the user
logged out. This update no longer creates the second, redundant cache.
(BZ#720609, BZ#722489, BZ#733803)
All users of pam_krb5 are advised to upgrade to this updated package, which
fixes these bugs.
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
Affected Products
- Red Hat Enterprise Linux Server 6 x86_64
- Red Hat Enterprise Linux Server 6 i386
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
- Red Hat Enterprise Linux Workstation 6 x86_64
- Red Hat Enterprise Linux Workstation 6 i386
- Red Hat Enterprise Linux Desktop 6 x86_64
- Red Hat Enterprise Linux Desktop 6 i386
- Red Hat Enterprise Linux for IBM z Systems 6 s390x
- Red Hat Enterprise Linux for Power, big endian 6 ppc64
- Red Hat Enterprise Linux for Scientific Computing 6 x86_64
- Red Hat Enterprise Linux Server from RHUI 6 x86_64
- Red Hat Enterprise Linux Server from RHUI 6 i386
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
- Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x
- Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 x86_64
- Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 i386
- Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) 6 s390x
Fixes
- BZ - 690832 - pam_krb5 breaks OpenSSH's recursive credential renewal
- BZ - 700520 - SSO: Smart card pin is requested twice for a 'passwd' command.
- BZ - 708507 - fails to build without downstream patches
- BZ - 733803 - pam_krb5 leaks ccache files when loging in through ssh
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 6
SRPM | |
---|---|
pam_krb5-2.3.11-9.el6.src.rpm | SHA-256: 02137b32929da9fb794bce2c51b7f7776e19796de16a171ec57787806ef73ff7 |
x86_64 | |
pam_krb5-2.3.11-9.el6.i686.rpm | SHA-256: c200af2f6341cbe9b0827323f515f8ffe821330448cff54be842b462696973ee |
pam_krb5-2.3.11-9.el6.i686.rpm | SHA-256: c200af2f6341cbe9b0827323f515f8ffe821330448cff54be842b462696973ee |
pam_krb5-2.3.11-9.el6.x86_64.rpm | SHA-256: fec593c29e68a7baba13187f95f03dcc013b5b19b5805eacd093faad99864076 |
pam_krb5-2.3.11-9.el6.x86_64.rpm | SHA-256: fec593c29e68a7baba13187f95f03dcc013b5b19b5805eacd093faad99864076 |
pam_krb5-debuginfo-2.3.11-9.el6.i686.rpm | SHA-256: beaf0315004b618d8c7b6d45d9412d794915709203f748eb391a26fdd0fd604b |
pam_krb5-debuginfo-2.3.11-9.el6.i686.rpm | SHA-256: beaf0315004b618d8c7b6d45d9412d794915709203f748eb391a26fdd0fd604b |
pam_krb5-debuginfo-2.3.11-9.el6.x86_64.rpm | SHA-256: 62eb6733c4eb0a0d11377a269e4392db19f4e8e9b00719ecfdf417b40399ddf9 |
pam_krb5-debuginfo-2.3.11-9.el6.x86_64.rpm | SHA-256: 62eb6733c4eb0a0d11377a269e4392db19f4e8e9b00719ecfdf417b40399ddf9 |
i386 | |
pam_krb5-2.3.11-9.el6.i686.rpm | SHA-256: c200af2f6341cbe9b0827323f515f8ffe821330448cff54be842b462696973ee |
pam_krb5-debuginfo-2.3.11-9.el6.i686.rpm | SHA-256: beaf0315004b618d8c7b6d45d9412d794915709203f748eb391a26fdd0fd604b |
Red Hat Enterprise Linux Server - Extended Life Cycle Support 6
SRPM | |
---|---|
pam_krb5-2.3.11-9.el6.src.rpm | SHA-256: 02137b32929da9fb794bce2c51b7f7776e19796de16a171ec57787806ef73ff7 |
x86_64 | |
pam_krb5-2.3.11-9.el6.i686.rpm | SHA-256: c200af2f6341cbe9b0827323f515f8ffe821330448cff54be842b462696973ee |
pam_krb5-2.3.11-9.el6.x86_64.rpm | SHA-256: fec593c29e68a7baba13187f95f03dcc013b5b19b5805eacd093faad99864076 |
pam_krb5-debuginfo-2.3.11-9.el6.i686.rpm | SHA-256: beaf0315004b618d8c7b6d45d9412d794915709203f748eb391a26fdd0fd604b |
pam_krb5-debuginfo-2.3.11-9.el6.x86_64.rpm | SHA-256: 62eb6733c4eb0a0d11377a269e4392db19f4e8e9b00719ecfdf417b40399ddf9 |
i386 | |
pam_krb5-2.3.11-9.el6.i686.rpm | SHA-256: c200af2f6341cbe9b0827323f515f8ffe821330448cff54be842b462696973ee |
pam_krb5-debuginfo-2.3.11-9.el6.i686.rpm | SHA-256: beaf0315004b618d8c7b6d45d9412d794915709203f748eb391a26fdd0fd604b |
Red Hat Enterprise Linux Workstation 6
SRPM | |
---|---|
pam_krb5-2.3.11-9.el6.src.rpm | SHA-256: 02137b32929da9fb794bce2c51b7f7776e19796de16a171ec57787806ef73ff7 |
x86_64 | |
pam_krb5-2.3.11-9.el6.i686.rpm | SHA-256: c200af2f6341cbe9b0827323f515f8ffe821330448cff54be842b462696973ee |
pam_krb5-2.3.11-9.el6.x86_64.rpm | SHA-256: fec593c29e68a7baba13187f95f03dcc013b5b19b5805eacd093faad99864076 |
pam_krb5-debuginfo-2.3.11-9.el6.i686.rpm | SHA-256: beaf0315004b618d8c7b6d45d9412d794915709203f748eb391a26fdd0fd604b |
pam_krb5-debuginfo-2.3.11-9.el6.x86_64.rpm | SHA-256: 62eb6733c4eb0a0d11377a269e4392db19f4e8e9b00719ecfdf417b40399ddf9 |
i386 | |
pam_krb5-2.3.11-9.el6.i686.rpm | SHA-256: c200af2f6341cbe9b0827323f515f8ffe821330448cff54be842b462696973ee |
pam_krb5-debuginfo-2.3.11-9.el6.i686.rpm | SHA-256: beaf0315004b618d8c7b6d45d9412d794915709203f748eb391a26fdd0fd604b |
Red Hat Enterprise Linux Desktop 6
SRPM | |
---|---|
pam_krb5-2.3.11-9.el6.src.rpm | SHA-256: 02137b32929da9fb794bce2c51b7f7776e19796de16a171ec57787806ef73ff7 |
x86_64 | |
pam_krb5-2.3.11-9.el6.i686.rpm | SHA-256: c200af2f6341cbe9b0827323f515f8ffe821330448cff54be842b462696973ee |
pam_krb5-2.3.11-9.el6.x86_64.rpm | SHA-256: fec593c29e68a7baba13187f95f03dcc013b5b19b5805eacd093faad99864076 |
pam_krb5-debuginfo-2.3.11-9.el6.i686.rpm | SHA-256: beaf0315004b618d8c7b6d45d9412d794915709203f748eb391a26fdd0fd604b |
pam_krb5-debuginfo-2.3.11-9.el6.x86_64.rpm | SHA-256: 62eb6733c4eb0a0d11377a269e4392db19f4e8e9b00719ecfdf417b40399ddf9 |
i386 | |
pam_krb5-2.3.11-9.el6.i686.rpm | SHA-256: c200af2f6341cbe9b0827323f515f8ffe821330448cff54be842b462696973ee |
pam_krb5-debuginfo-2.3.11-9.el6.i686.rpm | SHA-256: beaf0315004b618d8c7b6d45d9412d794915709203f748eb391a26fdd0fd604b |
Red Hat Enterprise Linux for IBM z Systems 6
SRPM | |
---|---|
pam_krb5-2.3.11-9.el6.src.rpm | SHA-256: 02137b32929da9fb794bce2c51b7f7776e19796de16a171ec57787806ef73ff7 |
s390x | |
pam_krb5-2.3.11-9.el6.s390.rpm | SHA-256: 3bf2f84f1e3d4e68500f83690e82ce1e70b3e3ccaf162ec16f0eceb30cf3c6b4 |
pam_krb5-2.3.11-9.el6.s390x.rpm | SHA-256: 8607f4738063b7b112346e33bae916474f57e96881e3b2521996815b154b8d51 |
pam_krb5-debuginfo-2.3.11-9.el6.s390.rpm | SHA-256: f81f1aa8fb62d398edaef72606d61e97be5c84eb30b28347a6d96620d3ae3dd3 |
pam_krb5-debuginfo-2.3.11-9.el6.s390x.rpm | SHA-256: 8a0071171265b20e9dfee491a8109ac741a63036e15da6aa28b54772898d51f2 |
Red Hat Enterprise Linux for Power, big endian 6
SRPM | |
---|---|
pam_krb5-2.3.11-9.el6.src.rpm | SHA-256: 02137b32929da9fb794bce2c51b7f7776e19796de16a171ec57787806ef73ff7 |
ppc64 | |
pam_krb5-2.3.11-9.el6.ppc.rpm | SHA-256: fcb98b12cb76874cea018619910f1770f009f862c2f689a9914afad3d644111c |
pam_krb5-2.3.11-9.el6.ppc64.rpm | SHA-256: 39b0228474e941b9666554661063c1104b4bfc65ef8e8522f88eaf70c447d32b |
pam_krb5-debuginfo-2.3.11-9.el6.ppc.rpm | SHA-256: 810d7a44549ce4360c8c652318e2f8db494de0b8427adac0c518872d61a0ccb4 |
pam_krb5-debuginfo-2.3.11-9.el6.ppc64.rpm | SHA-256: f3e4e82e157afcfb114fe3b36cf8cc32aa925a31b45a21a9fa0ecc7f395b06b2 |
Red Hat Enterprise Linux for Scientific Computing 6
SRPM | |
---|---|
pam_krb5-2.3.11-9.el6.src.rpm | SHA-256: 02137b32929da9fb794bce2c51b7f7776e19796de16a171ec57787806ef73ff7 |
x86_64 | |
pam_krb5-2.3.11-9.el6.i686.rpm | SHA-256: c200af2f6341cbe9b0827323f515f8ffe821330448cff54be842b462696973ee |
pam_krb5-2.3.11-9.el6.x86_64.rpm | SHA-256: fec593c29e68a7baba13187f95f03dcc013b5b19b5805eacd093faad99864076 |
pam_krb5-debuginfo-2.3.11-9.el6.i686.rpm | SHA-256: beaf0315004b618d8c7b6d45d9412d794915709203f748eb391a26fdd0fd604b |
pam_krb5-debuginfo-2.3.11-9.el6.x86_64.rpm | SHA-256: 62eb6733c4eb0a0d11377a269e4392db19f4e8e9b00719ecfdf417b40399ddf9 |
Red Hat Enterprise Linux Server from RHUI 6
SRPM | |
---|---|
pam_krb5-2.3.11-9.el6.src.rpm | SHA-256: 02137b32929da9fb794bce2c51b7f7776e19796de16a171ec57787806ef73ff7 |
x86_64 | |
pam_krb5-2.3.11-9.el6.i686.rpm | SHA-256: c200af2f6341cbe9b0827323f515f8ffe821330448cff54be842b462696973ee |
pam_krb5-2.3.11-9.el6.x86_64.rpm | SHA-256: fec593c29e68a7baba13187f95f03dcc013b5b19b5805eacd093faad99864076 |
pam_krb5-debuginfo-2.3.11-9.el6.i686.rpm | SHA-256: beaf0315004b618d8c7b6d45d9412d794915709203f748eb391a26fdd0fd604b |
pam_krb5-debuginfo-2.3.11-9.el6.x86_64.rpm | SHA-256: 62eb6733c4eb0a0d11377a269e4392db19f4e8e9b00719ecfdf417b40399ddf9 |
i386 | |
pam_krb5-2.3.11-9.el6.i686.rpm | SHA-256: c200af2f6341cbe9b0827323f515f8ffe821330448cff54be842b462696973ee |
pam_krb5-debuginfo-2.3.11-9.el6.i686.rpm | SHA-256: beaf0315004b618d8c7b6d45d9412d794915709203f748eb391a26fdd0fd604b |
Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6
SRPM | |
---|---|
pam_krb5-2.3.11-9.el6.src.rpm | SHA-256: 02137b32929da9fb794bce2c51b7f7776e19796de16a171ec57787806ef73ff7 |
s390x | |
pam_krb5-2.3.11-9.el6.s390.rpm | SHA-256: 3bf2f84f1e3d4e68500f83690e82ce1e70b3e3ccaf162ec16f0eceb30cf3c6b4 |
pam_krb5-2.3.11-9.el6.s390x.rpm | SHA-256: 8607f4738063b7b112346e33bae916474f57e96881e3b2521996815b154b8d51 |
pam_krb5-debuginfo-2.3.11-9.el6.s390.rpm | SHA-256: f81f1aa8fb62d398edaef72606d61e97be5c84eb30b28347a6d96620d3ae3dd3 |
pam_krb5-debuginfo-2.3.11-9.el6.s390x.rpm | SHA-256: 8a0071171265b20e9dfee491a8109ac741a63036e15da6aa28b54772898d51f2 |
Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6
SRPM | |
---|---|
pam_krb5-2.3.11-9.el6.src.rpm | SHA-256: 02137b32929da9fb794bce2c51b7f7776e19796de16a171ec57787806ef73ff7 |
x86_64 | |
pam_krb5-2.3.11-9.el6.i686.rpm | SHA-256: c200af2f6341cbe9b0827323f515f8ffe821330448cff54be842b462696973ee |
pam_krb5-2.3.11-9.el6.x86_64.rpm | SHA-256: fec593c29e68a7baba13187f95f03dcc013b5b19b5805eacd093faad99864076 |
pam_krb5-debuginfo-2.3.11-9.el6.i686.rpm | SHA-256: beaf0315004b618d8c7b6d45d9412d794915709203f748eb391a26fdd0fd604b |
pam_krb5-debuginfo-2.3.11-9.el6.x86_64.rpm | SHA-256: 62eb6733c4eb0a0d11377a269e4392db19f4e8e9b00719ecfdf417b40399ddf9 |
i386 | |
pam_krb5-2.3.11-9.el6.i686.rpm | SHA-256: c200af2f6341cbe9b0827323f515f8ffe821330448cff54be842b462696973ee |
pam_krb5-debuginfo-2.3.11-9.el6.i686.rpm | SHA-256: beaf0315004b618d8c7b6d45d9412d794915709203f748eb391a26fdd0fd604b |
Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) 6
SRPM | |
---|---|
pam_krb5-2.3.11-9.el6.src.rpm | SHA-256: 02137b32929da9fb794bce2c51b7f7776e19796de16a171ec57787806ef73ff7 |
s390x | |
pam_krb5-2.3.11-9.el6.s390.rpm | SHA-256: 3bf2f84f1e3d4e68500f83690e82ce1e70b3e3ccaf162ec16f0eceb30cf3c6b4 |
pam_krb5-2.3.11-9.el6.s390x.rpm | SHA-256: 8607f4738063b7b112346e33bae916474f57e96881e3b2521996815b154b8d51 |
pam_krb5-debuginfo-2.3.11-9.el6.s390.rpm | SHA-256: f81f1aa8fb62d398edaef72606d61e97be5c84eb30b28347a6d96620d3ae3dd3 |
pam_krb5-debuginfo-2.3.11-9.el6.s390x.rpm | SHA-256: 8a0071171265b20e9dfee491a8109ac741a63036e15da6aa28b54772898d51f2 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.