Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

krb5-1.17.1-1.1 RPM for x86_64

From OpenSuSE Tumbleweed for x86_64

Name: krb5 Distribution: openSUSE Tumbleweed
Version: 1.17.1 Vendor: openSUSE
Release: 1.1 Build date: Mon Dec 16 18:32:02 2019
Group: Productivity/Networking/Security Build host: build70
Size: 2030514 Source RPM: krb5-1.17.1-1.1.src.rpm
Summary: MIT Kerberos5 implementation
Kerberos V5 is a trusted-third-party network authentication system,
which can improve network security by eliminating the insecure
practice of clear text passwords.






* Thu Dec 12 2019 Samuel Cabrero <>
  - Upgrade to 1.17.1
    * Fix a bug preventing "addprinc -randkey -kvno" from working in kadmin.
    * Fix a bug preventing time skew correction from working when a KCM
      credential cache is used.
* Mon Aug 05 2019 Samuel Cabrero <>
  - Integrate pam_keyinit pam module, ksu-pam.d; (bsc#1081947);
* Wed Jul 24 2019
  - removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by
    firewalld, see [1].
* Tue May 07 2019 Samuel Cabrero <>
  - Move LDAP schema files from /usr/share/doc/packages/krb5 to
    /usr/share/kerberos/ldap; (bsc#1134217);
* Wed Feb 13 2019 Jan Engelhardt <>
  - Replace old $RPM_* shell vars
* Mon Jan 14 2019 Samuel Cabrero <>
  - Upgrade to 1.17. Major changes:
    Administrator experience:
    * A new Kerberos database module using the Lightning Memory-Mapped
      Database library (LMDB) has been added.  The LMDB KDB module should
      be more performant and more robust than the DB2 module, and may
      become the default module for new databases in a future release.
    * "kdb5_util dump" will no longer dump policy entries when specific
      principal names are requested.
    Developer experience:
    * The new krb5_get_etype_info() API can be used to retrieve enctype,
      salt, and string-to-key parameters from the KDC for a client
    * The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise
      principal names to be used with GSS-API functions.
    * KDC and kadmind modules which call com_err() will now write to the
      log file in a format more consistent with other log messages.
    * Programs which use large numbers of memory credential caches should
      perform better.
    Protocol evolution:
    * The SPAKE pre-authentication mechanism is now supported.  This
      mechanism protects against password dictionary attacks without
      requiring any additional infrastructure such as certificates.  SPAKE
      is enabled by default on clients, but must be manually enabled on
      the KDC for this release.
    * PKINIT freshness tokens are now supported.  Freshness tokens can
      protect against scenarios where an attacker uses temporary access to
      a smart card to generate authentication requests for the future.
    * Password change operations now prefer TCP over UDP, to avoid
      spurious error messages about replays when a response packet is
    * The KDC now supports cross-realm S4U2Self requests when used with a
      third-party KDB module such as Samba's.  The client code for
      cross-realm S4U2Self requests is also now more robust.
    User experience:
    * The new ktutil addent -f flag can be used to fetch salt information
      from the KDC for password-based keys.
    * The new kdestroy -p option can be used to destroy a credential cache
      within a collection by client principal name.
    * The Kerberos man page has been restored, and documents the
      environment variables that affect programs using the Kerberos
    Code quality:
    * Python test scripts now use Python 3.
    * Python test scripts now display markers in verbose output, making it
      easier to find where a failure occurred within the scripts.
    * The Windows build system has been simplified and updated to work
      with more recent versions of Visual Studio.  A large volume of
      unused Windows-specific code has been removed.  Visual Studio 2013
      or later is now required.
  - Use systemd-tmpfiles to create files under /var/lib/kerberos, required
    by transactional updates; (bsc#1100126);
  - Rename patches:
    * krb5-1.12-pam.patch => 0001-krb5-1.12-pam.patch
    * krb5-1.9-manpaths.dif => 0002-krb5-1.9-manpaths.patch
    * krb5-1.12-buildconf.patch => 0003-krb5-1.12-buildconf.patch
    * krb5-1.6.3-gssapi_improve_errormessages.dif to
    * krb5-1.6.3-ktutil-manpage.dif => 0005-krb5-1.6.3-ktutil-manpage.patch
    * krb5-1.12-api.patch => 0006-krb5-1.12-api.patch
    * krb5-1.12-ksu-path.patch => 0007-krb5-1.12-ksu-path.patch
    * krb5-1.12-selinux-label.patch =>  0008-krb5-1.12-selinux-label.patch
    * krb5-1.9-debuginfo.patch => 0009-krb5-1.9-debuginfo.patch
* Tue Oct 09 2018 James McDonough <>
  - Upgrade to 1.16.1
    * kdc client cert matching on client principal entry
    * Allow ktutil addent command to ignore key version and use
      non-default salt string.
    * add kpropd pidfile support
    * enable "encrypted_challenge_indicator" realm option on tickets
      obtained using FAST encrypted challenge pre-authentication.
    * dates through 2106 accepted
    * KDC support for trivially renewable tickets
    * stop caching referral and alternate cross-realm TGTs to prevent
      duplicate credential cache entries
* Mon Jun 18 2018
  - BSC#1021402 move %{_libdir}/krb5/plugins/tls/ to krb5 package
    so it is avaiable for krb5-client as well.
* Fri May 04 2018
  - Upgrade to 1.15.3
    * Fix flaws in LDAP DN checking, including a null dereference KDC
      crash which could be triggered by kadmin clients with administrative
      privileges [CVE-2018-5729, CVE-2018-5730].
    * Fix a KDC PKINIT memory leak.
    * Fix a small KDC memory leak on transited or authdata errors when
      processing TGS requests.
    * Fix a null dereference when the KDC sends a large TGS reply.
    * Fix "kdestroy -A" with the KCM credential cache type.
    * Fix the handling of capaths "." values.
    * Fix handling of repeated subsection specifications in profile files
      (such as when multiple included files specify relations in the same
* Wed Apr 25 2018
  - Added support for /etc/krb5.conf.d/ for configuration snippets



Generated by rpm2html 1.8.1

Fabrice Bellet, Fri Feb 7 23:33:13 2020