Viewing all changes in revision 5.
- Committer: Bazaar Package Importer
- Date: 2006-03-08 16:58:13 UTC
- Revision ID: james.westby@ubuntu.com-20060308165813-otoh5xwd6wdl4mqf
* Only call krb5_kuserok when the account to which we're authenticating
is a local account to allow use of pam_krb5 for application
authentication of users without local accounts. (Closes: #354133)
* Restructure the code to do user validation after obtaining their
initial tickets. This eliminates a lot of confusing special cases and
deferred checking and makes it easier to audit the code.
* Don't create the ticket cache until after successful authentication.
Otherwise, we leave files behind in /tmp.
* Document what principals libpam_krb5.so looks for in the system keytab
to do ticket validation. (Closes: #350556)
is a local account to allow use of pam_krb5 for application
authentication of users without local accounts. (Closes: #354133)
* Restructure the code to do user validation after obtaining their
initial tickets. This eliminates a lot of confusing special cases and
deferred checking and makes it easier to audit the code.
* Don't create the ticket cache until after successful authentication.
Otherwise, we leave files behind in /tmp.
* Document what principals libpam_krb5.so looks for in the system keytab
to do ticket validation. (Closes: #350556)
- files added:
- debian/NEWS.Debian
- files modified:
- context.c
expand all
collapse all
added
removed
