The NetBSD Project

CVS log for pkgsrc/security/pam-krb5/Makefile

[BACK] Up to [] / pkgsrc / security / pam-krb5

Request diff between arbitrary revisions

Default branch: MAIN

Revision 1.13 / (download) - annotate - [select for diffs], Thu Oct 21 07:46:38 2021 UTC (19 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2023Q1-base, pkgsrc-2023Q1, pkgsrc-2022Q4-base, pkgsrc-2022Q4, pkgsrc-2022Q3-base, pkgsrc-2022Q3, pkgsrc-2022Q2-base, pkgsrc-2022Q2, pkgsrc-2022Q1-base, pkgsrc-2022Q1, pkgsrc-2021Q4-base, pkgsrc-2021Q4, HEAD
Changes since 1.12: +2 -2 lines
Diff to previous 1.12 (colored)

*: recursive bump for heimdal 7.7.0

its now includes openssl's

Revision 1.12 / (download) - annotate - [select for diffs], Fri Oct 23 09:20:59 2020 UTC (2 years, 7 months ago) by tnn
Branch: MAIN
CVS Tags: pkgsrc-2021Q3-base, pkgsrc-2021Q3, pkgsrc-2021Q2-base, pkgsrc-2021Q2, pkgsrc-2021Q1-base, pkgsrc-2021Q1, pkgsrc-2020Q4-base, pkgsrc-2020Q4
Changes since 1.11: +1 -3 lines
Diff to previous 1.11 (colored)

pam-*: g/c NO_STATIC_MODULES hacks. Handled in openpam/

Revision 1.11 / (download) - annotate - [select for diffs], Mon Nov 4 21:12:57 2019 UTC (3 years, 6 months ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2020Q3-base, pkgsrc-2020Q3, pkgsrc-2020Q2-base, pkgsrc-2020Q2, pkgsrc-2020Q1-base, pkgsrc-2020Q1, pkgsrc-2019Q4-base, pkgsrc-2019Q4
Changes since 1.10: +2 -2 lines
Diff to previous 1.10 (colored)

security: align variable assignments

pkglint -Wall -F --only aligned --only indent -r

No manual corrections.

Revision 1.10 / (download) - annotate - [select for diffs], Sun Sep 3 08:53:14 2017 UTC (5 years, 8 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2019Q3-base, pkgsrc-2019Q3, pkgsrc-2019Q2-base, pkgsrc-2019Q2, pkgsrc-2019Q1-base, pkgsrc-2019Q1, pkgsrc-2018Q4-base, pkgsrc-2018Q4, pkgsrc-2018Q3-base, pkgsrc-2018Q3, pkgsrc-2018Q2-base, pkgsrc-2018Q2, pkgsrc-2018Q1-base, pkgsrc-2018Q1, pkgsrc-2017Q4-base, pkgsrc-2017Q4, pkgsrc-2017Q3-base, pkgsrc-2017Q3
Changes since 1.9: +2 -2 lines
Diff to previous 1.9 (colored)

Follow some redirects.

Revision 1.9 / (download) - annotate - [select for diffs], Mon Dec 12 14:22:04 2016 UTC (6 years, 5 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2017Q2-base, pkgsrc-2017Q2, pkgsrc-2017Q1-base, pkgsrc-2017Q1, pkgsrc-2016Q4-base, pkgsrc-2016Q4
Changes since 1.8: +0 -1 lines
Diff to previous 1.8 (colored)

Revert "Specify readline requirement on 30 packages"

Many of these definitely do not depend on readline.
So there must be a different underlying problem, and that
should be tracked down instead of papering over it.

Revision 1.8 / (download) - annotate - [select for diffs], Sun Dec 4 03:51:16 2016 UTC (6 years, 5 months ago) by marino
Branch: MAIN
Changes since 1.7: +2 -1 lines
Diff to previous 1.7 (colored)

Specify readline requirement on 30 packages

/usr/libexec/binutils225/elf/ error: cannot find -lreadline

The missing specification is obvious on DragonFly because there's
no publically accessible version of readline in base.

Revision 1.7 / (download) - annotate - [select for diffs], Tue Oct 23 18:16:48 2012 UTC (10 years, 7 months ago) by asau
Branch: MAIN
CVS Tags: pkgsrc-2016Q3-base, pkgsrc-2016Q3, pkgsrc-2016Q2-base, pkgsrc-2016Q2, pkgsrc-2016Q1-base, pkgsrc-2016Q1, pkgsrc-2015Q4-base, pkgsrc-2015Q4, pkgsrc-2015Q3-base, pkgsrc-2015Q3, pkgsrc-2015Q2-base, pkgsrc-2015Q2, pkgsrc-2015Q1-base, pkgsrc-2015Q1, pkgsrc-2014Q4-base, pkgsrc-2014Q4, pkgsrc-2014Q3-base, pkgsrc-2014Q3, pkgsrc-2014Q2-base, pkgsrc-2014Q2, pkgsrc-2014Q1-base, pkgsrc-2014Q1, pkgsrc-2013Q4-base, pkgsrc-2013Q4, pkgsrc-2013Q3-base, pkgsrc-2013Q3, pkgsrc-2013Q2-base, pkgsrc-2013Q2, pkgsrc-2013Q1-base, pkgsrc-2013Q1, pkgsrc-2012Q4-base, pkgsrc-2012Q4
Changes since 1.6: +1 -3 lines
Diff to previous 1.6 (colored)

Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.

Revision 1.6 / (download) - annotate - [select for diffs], Sat Jun 16 22:15:23 2012 UTC (10 years, 11 months ago) by pettai
Branch: MAIN
CVS Tags: pkgsrc-2012Q3-base, pkgsrc-2012Q3, pkgsrc-2012Q2-base, pkgsrc-2012Q2
Changes since 1.5: +2 -2 lines
Diff to previous 1.5 (colored)

pam-krb5 4.6

  * Add an anon_fast option that attempts anonymous authentication
    (generally implemented via anonymous PKINIT inside the Kerberos
    library) and then, if successful, uses those credentials for FAST
    armor.  If fast_ccache and anon_fast are both specified, anonymous
    authentication will be used as a fallback if the specified FAST ticket
    cache doesn't exist.  Based on patches from Yair Yarom.
  * Add a user_realm option to only set the realm for unqualified user
    principals.  This differs from the existing realm option in that realm
    also changes the default realm for authorization decisions and for
    verification of credentials.  Update the realm option documentation to
    clarify the differences and remove incorrect information.  Patch from
    Roland C. Dowdeswell.
  * Add a no_prompt option to suppress the PAM module's prompt for the
    user's password and defer all prompting to the Kerberos library.  This
    allows the Kerberos library to have complete control of the prompting
    process, which may be desireable if authentication mechanisms other
    than password are in use.  Be aware that, with this option set, the
    PAM module has no control over the contents of the prompt and cannot
    store the user's password in the PAM data.  Based on a patch by Yair
  * Add a silent option to force the module to behave as if the
    application had passed in PAM_SILENT and suppress text messages and
    errors from the Kerberos library.  Patch from Yair Yarom.
  * Add preliminary support for Kerberos trace logging via a trace option
    that enables trace logging if supported by the underlying Kerberos
    library.  The option takes as an argument the file name to which to
    log trace output.  This option does not yet work with any released
    version of Kerberos, but may work with the next release of MIT
  * MIT Kerberos does not add a colon and space to its password prompts,
    but Heimdal does.  pam-krb5 previously unconditionally added a colon
    and space, resulting in doubled colons with Heimdal.  Work around this
    inconsistency by not adding the colon and space if already present.
  * Fix alt_auth_map support to preserve the realm of the authentication
    identity when forming the alternate authentication principal, matching
    the documentation.
  * Document that the alt_auth_map format may contain a realm to force all
    mapped principals to be in that realm.  In that case, don't add the
    realm of the authentication identity.  Note that this can be used as a
    simple way to attempt authentication in an alternate realm first and
    then fall back to the local realm, although any complex attempt at
    authentication in multiple realms should instead run the module
    multiple times with different realm settings.
  * Avoid a NULL pointer dereference if krb5_init_context fails.
  * Fix initialization of time values in the module configuration on
    platforms (like S/390X) where krb5_deltat is not equivalent to long.
  * Close a memory leak when search_k5login is set but the user has no
    .k5login file.
  * Close several memory leaks in alt_auth_map support.
  * Suppress bogus error messages about unknown option for the realm
    option.  The option was being parsed and honored despite the error.
  * Retry authentication under try_first_pass on several other errors in
    addition to decrypt integrity check errors to handle a wider array of
    possible "password incorrect" error messages from the KDC.
  * Update to rra-c-util 4.4:
  * Update to C TAP Harness 1.12:

Revision 1.5 / (download) - annotate - [select for diffs], Tue Mar 20 16:27:40 2012 UTC (11 years, 2 months ago) by dholland
Branch: MAIN
CVS Tags: pkgsrc-2012Q1-base, pkgsrc-2012Q1
Changes since 1.4: +2 -1 lines
Diff to previous 1.4 (colored)

Add missing PAM buildlink

Revision 1.4 / (download) - annotate - [select for diffs], Mon Mar 19 19:31:24 2012 UTC (11 years, 2 months ago) by pettai
Branch: MAIN
Changes since 1.3: +2 -3 lines
Diff to previous 1.3 (colored)

pam-krb5 4.5

  * Suppress the notice that the password is being changed because it's
    expired if force_first_pass or use_first_pass is set in the password
    stack, indicating that it's stacked with another module that's also
    doing password changes.  This is arguable, but without this change the
    notification message of why the password is being changed shows up
    confusingly in the middle of the password change interaction.
  * Some old versions of Heimdal (0.7.2 in OpenBSD 4.9, specifically)
    reportedly return KRB5KDC_ERR_KEY_EXP for accounts with expired
    keys even if the supplied password is wrong.  Work around this by
    confirming that the PAM module can obtain tickets for kadmin/changepw
    before returning a password expiration error instead of an invalid
    password error.
  * The location of the temporary root-owned ticket cache created during
    the authentication process is now also controlled by the ccache_dir
    option (but not the ccache option) rather than forced to be in /tmp.
    This will allow system administrators to configure an alternative
    cache directory so that pam-krb5 can continue working when /tmp is
  * Report more specific errors in syslog if authorization checks (such as
    .k5login checks) fail.
  * Pass a NULL principal to krb5_set_password with MIT client libraries
    to prefer the older change password protocol for compatibility with
    older KDCs.  This is not necessary on Heimdal since Heimdal's
    krb5_set_password tries both protocols.
  * Improve logging and authorization checks when defer_pwchange is set
    and a user authenticates with an expired password.
  * When probing for Kerberos libraries, always add any supplemental
    libraries found to that point to the link command.  This will fix
    configure failures on platforms without working transitive shared
    library dependencies.
  * Close some memory leaks where unparsed Kerberos principal names were
    never freed.
  * Restructure the code to work with OpenPAM's default PAM build
    machinery, which exports a struct containing module entry points
    rather than public pam_sm_* functions.
  * In debug logging, report symbolic names for PAM flags on PAM function
    entry rather than the numeric PAM flags.  This helps with automated
    testing and with debugging PAM problems on different operating
  * Include <krb5/krb5.h> if <krb5.h> is missing, which permits finding
    the header file on NetBSD systems.
  * Replace the Kerberos compatibility layer with equivalent but
    better-structured code from rra-c-util 4.0.
  * Avoid krb5-config and use manual library probing if --with-krb5-lib or
    --with-krb5-include were given to configure.  This avoids having to
    point configure at a nonexistent krb5-config to override its results.
  * Use PATH_KRB5_CONFIG instead of KRB5_CONFIG to locate krb5-config in
    configure, to avoid a conflict with the variable used by the Kerberos
    libraries to find krb5.conf.
  * Change references to Kerberos v5 to just Kerberos in the documentation.
  * Update to rra-c-util 4.0
  * Update to C TAP Harness 1.9

Revision 1.3 / (download) - annotate - [select for diffs], Thu Dec 1 16:05:18 2011 UTC (11 years, 5 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2011Q4-base, pkgsrc-2011Q4
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (colored)

Fix typo.

Revision 1.2 / (download) - annotate - [select for diffs], Thu Dec 1 16:04:01 2011 UTC (11 years, 5 months ago) by pettai
Branch: MAIN
Changes since 1.1: +3 -3 lines
Diff to previous 1.1 (colored)


Revision / (download) - annotate - [select for diffs] (vendor branch), Wed Nov 30 23:20:19 2011 UTC (11 years, 5 months ago) by pettai
Branch: TNF
CVS Tags: pkgsrc-base
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)

pam-krb5 is a Kerberos v5 PAM module for either MIT Kerberos or Heimdal.
It supports ticket refreshing by screen savers, configurable
authorization handling, authentication of non-local accounts for network
services, password changing, and password expiration, as well as all the
standard expected PAM features.

Revision 1.1 / (download) - annotate - [select for diffs], Wed Nov 30 23:20:19 2011 UTC (11 years, 5 months ago) by pettai
Branch: MAIN

Initial revision

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

CVSweb <>