-
Committer:
Bazaar Package Importer
-
Author(s):
Russ Allbery
-
Date:
2006-03-08 16:58:13 UTC
-
Revision ID:
james.westby@ubuntu.com-20060308165813-otoh5xwd6wdl4mqf
Tags: 1.2.0-3
* Only call krb5_kuserok when the account to which we're authenticating
is a local account to allow use of pam_krb5 for application
authentication of users without local accounts. (Closes: #354133)
* Restructure the code to do user validation after obtaining their
initial tickets. This eliminates a lot of confusing special cases and
deferred checking and makes it easier to audit the code.
* Don't create the ticket cache until after successful authentication.
Otherwise, we leave files behind in /tmp.
* Document what principals libpam_krb5.so looks for in the system keytab
to do ticket validation. (Closes: #350556)