Hello community,
here is the log from the commit of package pam_krb5 for openSUSE:Factory
checked in at Mon Jun 8 11:02:06 CEST 2009.
--------
--- pam_krb5/pam_krb5.changes 2009-05-20 11:50:58.000000000 +0200
+++ /mounts/work_src_done/STABLE/pam_krb5/pam_krb5.changes 2009-06-08 09:59:39.000000000 +0200
@@ -1,0 +2,8 @@
+Mon Jun 8 09:52:00 CEST 2009 - mc@suse.de
+
+- update to version 2.333.5
+ * make prompting behavior for non-existent accounts and users who
+ just press enter match up with those who aren't/don't (#502602,
+ CVE-2009-1384)
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
Old:
----
pam_krb5-2.3.4-1.tar.bz2
New:
----
pam_krb5-2.3.5-1.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ pam_krb5.spec ++++++
--- /var/tmp/diff_new_pack.JFC553/_old 2009-06-08 11:01:38.000000000 +0200
+++ /var/tmp/diff_new_pack.JFC553/_new 2009-06-08 11:01:38.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package pam_krb5 (Version 2.3.4)
+# spec file for package pam_krb5 (Version 2.3.5)
#
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -30,7 +30,7 @@
Obsoletes: pam_krb5-64bit
%endif
#
-Version: 2.3.4
+Version: 2.3.5
Release: 1
Summary: PAM Module for Kerberos Authentication
Url: http://sourceforge.net/projects/pam-krb5/
@@ -96,6 +96,11 @@
%attr(755,root,root) /usr/bin/afs5log
%changelog
+* Mon Jun 08 2009 mc@suse.de
+- update to version 2.333.5
+ * make prompting behavior for non-existent accounts and users who
+ just press enter match up with those who aren't/don't (#502602,
+ CVE-2009-1384)
* Wed May 20 2009 mc@suse.de
- update to version 2.3.4
* don't request password-changing credentials using the same options
++++++ pam_krb5-2.3.4-1.tar.bz2 -> pam_krb5-2.3.5-1.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_krb5-2.3.4-1/ChangeLog new/pam_krb5-2.3.5-1/ChangeLog
--- old/pam_krb5-2.3.4-1/ChangeLog 2009-03-05 09:45:54.000000000 +0100
+++ new/pam_krb5-2.3.5-1/ChangeLog 2009-06-08 09:47:33.000000000 +0200
@@ -1,3 +1,16 @@
+2009-06-04
+ * src/prompter.c(_pam_krb5_generic_prompter): if the prompt looks
+ like a password prompt, use "Password: " instead
+
+2009-05-27
+ * src/auth.c(pam_sm_authenticate): if we need to be the module that
+ asks for a password, do so before sanity checking things like whether
+ or not the user name is valid (#502602)
+ * src/auth.c(pam_sm_authenticate),
+ src/prompter.c(_pam_krb5_generic_prompter): only allow libkrb5 to
+ ask for a password if we weren't supplied with one and didn't ask for
+ one ourselves
+
2009-03-04
* src/initopts.c(_pam_krb5_set_init_opts_for_pwchange): add, for
setting options which are appropriate for obtaining password-changing
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_krb5-2.3.4-1/NEWS new/pam_krb5-2.3.5-1/NEWS
--- old/pam_krb5-2.3.4-1/NEWS 2009-03-05 09:45:54.000000000 +0100
+++ new/pam_krb5-2.3.5-1/NEWS 2009-06-08 09:47:33.000000000 +0200
@@ -1,3 +1,6 @@
+- 2.3.5: * make prompting behavior for non-existent accounts and users who
+ just press enter match up with those who aren't/don't (#502602,
+ CVE-2009-1384)
- 2.3.4: * don't request password-changing credentials using the same options
we use for ticket-granting tickets
- 2.3.3: * close a couple of open pipes to defunct processes, fix a couple
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_krb5-2.3.4-1/pam_krb5.spec new/pam_krb5-2.3.5-1/pam_krb5.spec
--- old/pam_krb5-2.3.4-1/pam_krb5.spec 2009-03-11 11:31:13.000000000 +0100
+++ new/pam_krb5-2.3.5-1/pam_krb5.spec 2009-06-08 09:47:33.000000000 +0200
@@ -1,6 +1,6 @@
Summary: A Pluggable Authentication Module for Kerberos 5.
Name: pam_krb5
-Version: 2.3.4
+Version: 2.3.5
Release: 1%{?dist}
Source0: pam_krb5-%{version}-1.tar.gz
License: BSD or LGPLv2+
@@ -50,6 +50,17 @@
%doc README* COPYING* ChangeLog NEWS
%changelog
+* Fri Jun 5 2009 Nalin Dahyabhai - 2.3.5-1
+- when we get asked for the user's long-term key, use a plain Password:
+ prompt value rather than the library-supplied one
+
+* Tue May 26 2009 Nalin Dahyabhai
+- catch the case where we pass a NULL initial password into libkrb5 and
+ it uses our callback to ask us for the password for the user using a
+ principal name, and reject that (#502602)
+- always prompt for a password unless we were told not to (#502602,
+ CVE-2009-1384)
+
* Wed Mar 4 2009 Nalin Dahyabhai - 2.3.4-1
- don't request password-changing credentials with the same options that we
use when requesting ticket granting tickets, which might run afoul of KDC
Files old/pam_krb5-2.3.4-1/po/ca.gmo and new/pam_krb5-2.3.5-1/po/ca.gmo differ
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_krb5-2.3.4-1/po/ca.po new/pam_krb5-2.3.5-1/po/ca.po
--- old/pam_krb5-2.3.4-1/po/ca.po 2009-05-20 11:22:24.000000000 +0200
+++ new/pam_krb5-2.3.5-1/po/ca.po 2009-06-08 09:47:33.000000000 +0200
@@ -20,7 +20,7 @@
"Project-Id-Version: pam_krb5\n"
"Report-Msgid-Bugs-To: http://git.fedorahosted.org/git/?p=pam_krb5.git;a=blob;"
"f=AUTHORS;hb=HEAD\n"
-"POT-Creation-Date: 2009-05-20 11:22+0200\n"
+"POT-Creation-Date: 2009-05-27 18:48-0400\n"
"PO-Revision-Date: 2008-10-18 12:12+0200\n"
"Last-Translator: Xavier Conde Rueda \n"
"Language-Team: Catalan \n"
@@ -28,7 +28,7 @@
"Content-Type: text/plain; charset=utf-8\n"
"Content-Transfer-Encoding: 8bit\n"
-#: src/auth.c:284
+#: src/auth.c:132 src/auth.c:328
msgid "Password: "
msgstr "Contrasenya: "
Files old/pam_krb5-2.3.4-1/po/cs.gmo and new/pam_krb5-2.3.5-1/po/cs.gmo differ
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_krb5-2.3.4-1/po/cs.po new/pam_krb5-2.3.5-1/po/cs.po
--- old/pam_krb5-2.3.4-1/po/cs.po 2009-05-20 11:22:24.000000000 +0200
+++ new/pam_krb5-2.3.5-1/po/cs.po 2009-06-08 09:47:33.000000000 +0200
@@ -9,7 +9,7 @@
"Project-Id-Version: system-config-firewall.master\n"
"Report-Msgid-Bugs-To: http://git.fedorahosted.org/git/?p=pam_krb5.git;a=blob;"
"f=AUTHORS;hb=HEAD\n"
-"POT-Creation-Date: 2009-05-20 11:22+0200\n"
+"POT-Creation-Date: 2009-05-27 18:48-0400\n"
"PO-Revision-Date: 2008-06-08 20:58+0200\n"
"Last-Translator: Miloslav Trmač \n"
"Language-Team: Czech \n"
@@ -20,7 +20,7 @@
"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%"
"10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
-#: src/auth.c:284
+#: src/auth.c:132 src/auth.c:328
msgid "Password: "
msgstr ""
Files old/pam_krb5-2.3.4-1/po/de.gmo and new/pam_krb5-2.3.5-1/po/de.gmo differ
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_krb5-2.3.4-1/po/de.po new/pam_krb5-2.3.5-1/po/de.po
--- old/pam_krb5-2.3.4-1/po/de.po 2009-05-20 11:22:24.000000000 +0200
+++ new/pam_krb5-2.3.5-1/po/de.po 2009-06-08 09:47:33.000000000 +0200
@@ -9,7 +9,7 @@
"Project-Id-Version: pam_krb5\n"
"Report-Msgid-Bugs-To: http://git.fedorahosted.org/git/?p=pam_krb5.git;a=blob;"
"f=AUTHORS;hb=HEAD\n"
-"POT-Creation-Date: 2009-05-20 11:22+0200\n"
+"POT-Creation-Date: 2009-05-27 18:48-0400\n"
"PO-Revision-Date: 2008-03-13 16:08+0000\n"
"Last-Translator: Michael Calmer \n"
"Language-Team: Novell Language \n"
@@ -17,7 +17,7 @@
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-#: src/auth.c:284
+#: src/auth.c:132 src/auth.c:328
msgid "Password: "
msgstr "Passwort: "
Files old/pam_krb5-2.3.4-1/po/el.gmo and new/pam_krb5-2.3.5-1/po/el.gmo differ
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_krb5-2.3.4-1/po/el.po new/pam_krb5-2.3.5-1/po/el.po
--- old/pam_krb5-2.3.4-1/po/el.po 2009-05-20 11:22:24.000000000 +0200
+++ new/pam_krb5-2.3.5-1/po/el.po 2009-06-08 09:47:33.000000000 +0200
@@ -9,7 +9,7 @@
"Project-Id-Version: el\n"
"Report-Msgid-Bugs-To: http://git.fedorahosted.org/git/?p=pam_krb5.git;a=blob;"
"f=AUTHORS;hb=HEAD\n"
-"POT-Creation-Date: 2009-05-20 11:22+0200\n"
+"POT-Creation-Date: 2009-05-27 18:48-0400\n"
"PO-Revision-Date: 2008-04-10 22:03+0300\n"
"Last-Translator: Dimitris Glezos \n"
"Language-Team: Greek Fedora team \n"
@@ -19,7 +19,7 @@
"X-Generator: KBabel 1.11.4\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-#: src/auth.c:284
+#: src/auth.c:132 src/auth.c:328
msgid "Password: "
msgstr "Συνθηματικό: "
Files old/pam_krb5-2.3.4-1/po/es.gmo and new/pam_krb5-2.3.5-1/po/es.gmo differ
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_krb5-2.3.4-1/po/es.po new/pam_krb5-2.3.5-1/po/es.po
--- old/pam_krb5-2.3.4-1/po/es.po 2009-05-20 11:22:24.000000000 +0200
+++ new/pam_krb5-2.3.5-1/po/es.po 2009-06-08 09:47:33.000000000 +0200
@@ -8,7 +8,7 @@
"Project-Id-Version: pam_krb5\n"
"Report-Msgid-Bugs-To: http://git.fedorahosted.org/git/?p=pam_krb5.git;a=blob;"
"f=AUTHORS;hb=HEAD\n"
-"POT-Creation-Date: 2009-05-20 11:22+0200\n"
+"POT-Creation-Date: 2009-05-27 18:48-0400\n"
"PO-Revision-Date: 2008-12-14 11:26-0200\n"
"Last-Translator: H. Daniel Cabrera \n"
"Language-Team: Spanish \n"
@@ -17,7 +17,7 @@
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\\\n"
-#: src/auth.c:284
+#: src/auth.c:132 src/auth.c:328
msgid "Password: "
msgstr "Contraseña:"
Files old/pam_krb5-2.3.4-1/po/fa.gmo and new/pam_krb5-2.3.5-1/po/fa.gmo differ
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_krb5-2.3.4-1/po/fa.po new/pam_krb5-2.3.5-1/po/fa.po
--- old/pam_krb5-2.3.4-1/po/fa.po 2009-05-20 11:22:24.000000000 +0200
+++ new/pam_krb5-2.3.5-1/po/fa.po 2009-06-08 09:47:33.000000000 +0200
@@ -8,7 +8,7 @@
"Project-Id-Version: 0.1\n"
"Report-Msgid-Bugs-To: http://git.fedorahosted.org/git/?p=pam_krb5.git;a=blob;"
"f=AUTHORS;hb=HEAD\n"
-"POT-Creation-Date: 2009-05-20 11:22+0200\n"
+"POT-Creation-Date: 2009-05-27 18:48-0400\n"
"PO-Revision-Date: 2009-03-15 22:59+0330\n"
"Last-Translator: Mohsen Saeedi \n"
"Language-Team: Persian \n"
@@ -16,7 +16,7 @@
"Content-Type: text/plain; charset=utf-8\n"
"Content-Transfer-Encoding: 8bit\n"
-#: src/auth.c:284
+#: src/auth.c:132 src/auth.c:328
msgid "Password: "
msgstr "گذر واژه:"
Files old/pam_krb5-2.3.4-1/po/fr.gmo and new/pam_krb5-2.3.5-1/po/fr.gmo differ
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_krb5-2.3.4-1/po/fr.po new/pam_krb5-2.3.5-1/po/fr.po
--- old/pam_krb5-2.3.4-1/po/fr.po 1970-01-01 01:00:00.000000000 +0100
+++ new/pam_krb5-2.3.5-1/po/fr.po 2009-06-08 09:47:33.000000000 +0200
@@ -0,0 +1,37 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR Red Hat, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR , YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: pam_krb5 2.3.2\n"
+"Report-Msgid-Bugs-To: http://git.fedorahosted.org/git/?p=pam_krb5.git;a=blob;"
+"f=AUTHORS;hb=HEAD\n"
+"POT-Creation-Date: 2009-05-27 18:48-0400\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME \n"
+"Language-Team: LANGUAGE \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=CHARSET\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: src/auth.c:132 src/auth.c:328
+msgid "Password: "
+msgstr ""
+
+#: src/password.c:260
+#, c-format
+msgid "%s%sPassword: "
+msgstr ""
+
+#: src/password.c:365
+#, c-format
+msgid "New %s%sPassword: "
+msgstr ""
+
+#: src/password.c:368
+#, c-format
+msgid "Repeat New %s%sPassword: "
+msgstr ""
Files old/pam_krb5-2.3.4-1/po/hu.gmo and new/pam_krb5-2.3.5-1/po/hu.gmo differ
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_krb5-2.3.4-1/po/hu.po new/pam_krb5-2.3.5-1/po/hu.po
--- old/pam_krb5-2.3.4-1/po/hu.po 2009-05-20 11:22:24.000000000 +0200
+++ new/pam_krb5-2.3.5-1/po/hu.po 2009-06-08 09:47:33.000000000 +0200
@@ -3,7 +3,7 @@
"Project-Id-Version: pam_krb5\n"
"Report-Msgid-Bugs-To: http://git.fedorahosted.org/git/?p=pam_krb5.git;a=blob;"
"f=AUTHORS;hb=HEAD\n"
-"POT-Creation-Date: 2009-05-20 11:22+0200\n"
+"POT-Creation-Date: 2009-05-27 18:48-0400\n"
"PO-Revision-Date: 2008-04-30 07:23+0100\n"
"Last-Translator: Sulyok Péter \n"
"Language-Team: Hungarian \n"
@@ -15,7 +15,7 @@
"X-Poedit-Country: HUNGARY\n"
"X-Poedit-SourceCharset: utf-8\n"
-#: src/auth.c:284
+#: src/auth.c:132 src/auth.c:328
msgid "Password: "
msgstr "Jelszó: "
Files old/pam_krb5-2.3.4-1/po/it.gmo and new/pam_krb5-2.3.5-1/po/it.gmo differ
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_krb5-2.3.4-1/po/it.po new/pam_krb5-2.3.5-1/po/it.po
--- old/pam_krb5-2.3.4-1/po/it.po 2009-05-20 11:22:24.000000000 +0200
+++ new/pam_krb5-2.3.5-1/po/it.po 2009-06-08 09:47:33.000000000 +0200
@@ -8,7 +8,7 @@
"Project-Id-Version: it\n"
"Report-Msgid-Bugs-To: http://git.fedorahosted.org/git/?p=pam_krb5.git;a=blob;"
"f=AUTHORS;hb=HEAD\n"
-"POT-Creation-Date: 2009-05-20 11:22+0200\n"
+"POT-Creation-Date: 2009-05-27 18:48-0400\n"
"PO-Revision-Date: 2008-04-16 20:38+0200\n"
"Last-Translator: Francesco Tombolini \n"
"Language-Team: Italiano \n"
@@ -18,7 +18,7 @@
"X-Generator: KBabel 1.11.4\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-#: src/auth.c:284
+#: src/auth.c:132 src/auth.c:328
msgid "Password: "
msgstr "Password: "
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_krb5-2.3.4-1/po/LINGUAS new/pam_krb5-2.3.5-1/po/LINGUAS
--- old/pam_krb5-2.3.4-1/po/LINGUAS 2009-03-16 09:57:24.000000000 +0100
+++ new/pam_krb5-2.3.5-1/po/LINGUAS 2009-06-08 09:47:33.000000000 +0200
@@ -4,6 +4,7 @@
el
es
fa
+fr
hu
it
ms
Files old/pam_krb5-2.3.4-1/po/ms.gmo and new/pam_krb5-2.3.5-1/po/ms.gmo differ
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_krb5-2.3.4-1/po/ms.po new/pam_krb5-2.3.5-1/po/ms.po
--- old/pam_krb5-2.3.4-1/po/ms.po 2009-05-20 11:22:24.000000000 +0200
+++ new/pam_krb5-2.3.5-1/po/ms.po 2009-06-08 09:47:33.000000000 +0200
@@ -8,7 +8,7 @@
"Project-Id-Version: pam_krb5\n"
"Report-Msgid-Bugs-To: http://git.fedorahosted.org/git/?p=pam_krb5.git;a=blob;"
"f=AUTHORS;hb=HEAD\n"
-"POT-Creation-Date: 2009-05-20 11:22+0200\n"
+"POT-Creation-Date: 2009-05-27 18:48-0400\n"
"PO-Revision-Date: 2008-10-29 22:02+0800\n"
"Last-Translator: Sharuzzaman Ahmat Raslan \n"
"Language-Team: Malay \n"
@@ -16,7 +16,7 @@
"Content-Type: text/plain; charset=utf-8\n"
"Content-Transfer-Encoding: 8bit\n"
-#: src/auth.c:284
+#: src/auth.c:132 src/auth.c:328
msgid "Password: "
msgstr "Katalaluan:"
Files old/pam_krb5-2.3.4-1/po/nl.gmo and new/pam_krb5-2.3.5-1/po/nl.gmo differ
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_krb5-2.3.4-1/po/nl.po new/pam_krb5-2.3.5-1/po/nl.po
--- old/pam_krb5-2.3.4-1/po/nl.po 2009-05-20 11:22:24.000000000 +0200
+++ new/pam_krb5-2.3.5-1/po/nl.po 2009-06-08 09:47:33.000000000 +0200
@@ -9,7 +9,7 @@
"Project-Id-Version: pam_krb5\n"
"Report-Msgid-Bugs-To: http://git.fedorahosted.org/git/?p=pam_krb5.git;a=blob;"
"f=AUTHORS;hb=HEAD\n"
-"POT-Creation-Date: 2009-05-20 11:22+0200\n"
+"POT-Creation-Date: 2009-05-27 18:48-0400\n"
"PO-Revision-Date: 2008-09-04 23:14+0200\n"
"Last-Translator: Peter van Egdom \n"
"Language-Team: Dutch \n"
@@ -17,7 +17,7 @@
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-#: src/auth.c:284
+#: src/auth.c:132 src/auth.c:328
msgid "Password: "
msgstr "Wachtwoord: "
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_krb5-2.3.4-1/po/pam_krb5.pot new/pam_krb5-2.3.5-1/po/pam_krb5.pot
--- old/pam_krb5-2.3.4-1/po/pam_krb5.pot 2009-05-20 11:22:24.000000000 +0200
+++ new/pam_krb5-2.3.5-1/po/pam_krb5.pot 2009-06-08 09:47:33.000000000 +0200
@@ -6,10 +6,10 @@
#, fuzzy
msgid ""
msgstr ""
-"Project-Id-Version: pam_krb5 2.3.4\n"
+"Project-Id-Version: pam_krb5 2.3.5\n"
"Report-Msgid-Bugs-To: http://git.fedorahosted.org/git/?p=pam_krb5.git;a=blob;"
"f=AUTHORS;hb=HEAD\n"
-"POT-Creation-Date: 2009-05-20 11:22+0200\n"
+"POT-Creation-Date: 2009-05-27 18:48-0400\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME \n"
"Language-Team: LANGUAGE \n"
@@ -17,7 +17,7 @@
"Content-Type: text/plain; charset=CHARSET\n"
"Content-Transfer-Encoding: 8bit\n"
-#: src/auth.c:284
+#: src/auth.c:132 src/auth.c:328
msgid "Password: "
msgstr ""
Files old/pam_krb5-2.3.4-1/po/pl.gmo and new/pam_krb5-2.3.5-1/po/pl.gmo differ
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_krb5-2.3.4-1/po/pl.po new/pam_krb5-2.3.5-1/po/pl.po
--- old/pam_krb5-2.3.4-1/po/pl.po 2009-05-20 11:22:24.000000000 +0200
+++ new/pam_krb5-2.3.5-1/po/pl.po 2009-06-08 09:47:33.000000000 +0200
@@ -6,7 +6,7 @@
"Project-Id-Version: pl\n"
"Report-Msgid-Bugs-To: http://git.fedorahosted.org/git/?p=pam_krb5.git;a=blob;"
"f=AUTHORS;hb=HEAD\n"
-"POT-Creation-Date: 2009-05-20 11:22+0200\n"
+"POT-Creation-Date: 2009-05-27 18:48-0400\n"
"PO-Revision-Date: 2008-04-10 21:56+0200\n"
"Last-Translator: Piotr Drąg \n"
"Language-Team: Polish \n"
@@ -14,7 +14,7 @@
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-#: src/auth.c:284
+#: src/auth.c:132 src/auth.c:328
msgid "Password: "
msgstr "Hasło: "
Files old/pam_krb5-2.3.4-1/po/pt_BR.gmo and new/pam_krb5-2.3.5-1/po/pt_BR.gmo differ
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_krb5-2.3.4-1/po/pt_BR.po new/pam_krb5-2.3.5-1/po/pt_BR.po
--- old/pam_krb5-2.3.4-1/po/pt_BR.po 2009-05-20 11:22:24.000000000 +0200
+++ new/pam_krb5-2.3.5-1/po/pt_BR.po 2009-06-08 09:47:33.000000000 +0200
@@ -8,7 +8,7 @@
"Project-Id-Version: pam_krb5\n"
"Report-Msgid-Bugs-To: http://git.fedorahosted.org/git/?p=pam_krb5.git;a=blob;"
"f=AUTHORS;hb=HEAD\n"
-"POT-Creation-Date: 2009-05-20 11:22+0200\n"
+"POT-Creation-Date: 2009-05-27 18:48-0400\n"
"PO-Revision-Date: 2008-07-17 22:52-0300\n"
"Last-Translator: Taylon Silmer \n"
"Language-Team: Brazilian Portuguese \n"
@@ -18,7 +18,7 @@
"X-Poedit-Language: Portuguese\n"
"X-Poedit-Country: BRAZIL\n"
-#: src/auth.c:284
+#: src/auth.c:132 src/auth.c:328
msgid "Password: "
msgstr "Senha: "
Files old/pam_krb5-2.3.4-1/po/ro.gmo and new/pam_krb5-2.3.5-1/po/ro.gmo differ
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_krb5-2.3.4-1/po/ro.po new/pam_krb5-2.3.5-1/po/ro.po
--- old/pam_krb5-2.3.4-1/po/ro.po 2009-05-20 11:22:24.000000000 +0200
+++ new/pam_krb5-2.3.5-1/po/ro.po 2009-06-08 09:47:33.000000000 +0200
@@ -9,7 +9,7 @@
"Project-Id-Version: Pam_krbr5 VERSION\n"
"Report-Msgid-Bugs-To: http://git.fedorahosted.org/git/?p=pam_krb5.git;a=blob;"
"f=AUTHORS;hb=HEAD\n"
-"POT-Creation-Date: 2009-05-20 11:22+0200\n"
+"POT-Creation-Date: 2009-05-27 18:48-0400\n"
"PO-Revision-Date: 2009-02-22 22:41+0200\n"
"Last-Translator: Florin Dăscălache \n"
"Language-Team: Romanian \n"
@@ -17,7 +17,7 @@
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-#: src/auth.c:284
+#: src/auth.c:132 src/auth.c:328
msgid "Password: "
msgstr "Parola: "
Files old/pam_krb5-2.3.4-1/po/sr.gmo and new/pam_krb5-2.3.5-1/po/sr.gmo differ
Files old/pam_krb5-2.3.4-1/po/sr@latin.gmo and new/pam_krb5-2.3.5-1/po/sr@latin.gmo differ
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_krb5-2.3.4-1/po/sr@latin.po new/pam_krb5-2.3.5-1/po/sr@latin.po
--- old/pam_krb5-2.3.4-1/po/sr@latin.po 2009-05-20 11:22:25.000000000 +0200
+++ new/pam_krb5-2.3.5-1/po/sr@latin.po 2009-06-08 09:47:33.000000000 +0200
@@ -8,7 +8,7 @@
"Project-Id-Version: pam_krb5\n"
"Report-Msgid-Bugs-To: http://git.fedorahosted.org/git/?p=pam_krb5.git;a=blob;"
"f=AUTHORS;hb=HEAD\n"
-"POT-Creation-Date: 2009-05-20 11:22+0200\n"
+"POT-Creation-Date: 2009-05-27 18:48-0400\n"
"PO-Revision-Date: 2008-04-12 19:23+0100\n"
"Last-Translator: Miloš Komarčević \n"
"Language-Team: Serbian (sr) \n"
@@ -18,7 +18,7 @@
"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%"
"10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
-#: src/auth.c:284
+#: src/auth.c:132 src/auth.c:328
msgid "Password: "
msgstr "Lozinka: "
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_krb5-2.3.4-1/po/sr.po new/pam_krb5-2.3.5-1/po/sr.po
--- old/pam_krb5-2.3.4-1/po/sr.po 2009-05-20 11:22:25.000000000 +0200
+++ new/pam_krb5-2.3.5-1/po/sr.po 2009-06-08 09:47:33.000000000 +0200
@@ -8,7 +8,7 @@
"Project-Id-Version: pam_krb5\n"
"Report-Msgid-Bugs-To: http://git.fedorahosted.org/git/?p=pam_krb5.git;a=blob;"
"f=AUTHORS;hb=HEAD\n"
-"POT-Creation-Date: 2009-05-20 11:22+0200\n"
+"POT-Creation-Date: 2009-05-27 18:48-0400\n"
"PO-Revision-Date: 2008-04-12 19:23+0100\n"
"Last-Translator: Miloš Komarčević \n"
"Language-Team: Serbian (sr) \n"
@@ -18,7 +18,7 @@
"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%"
"10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
-#: src/auth.c:284
+#: src/auth.c:132 src/auth.c:328
msgid "Password: "
msgstr "Лозинка: "
Files old/pam_krb5-2.3.4-1/po/sv.gmo and new/pam_krb5-2.3.5-1/po/sv.gmo differ
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_krb5-2.3.4-1/po/sv.po new/pam_krb5-2.3.5-1/po/sv.po
--- old/pam_krb5-2.3.4-1/po/sv.po 2009-05-20 11:22:25.000000000 +0200
+++ new/pam_krb5-2.3.5-1/po/sv.po 2009-06-08 09:47:33.000000000 +0200
@@ -8,7 +8,7 @@
"Project-Id-Version: pam_krb5\n"
"Report-Msgid-Bugs-To: http://git.fedorahosted.org/git/?p=pam_krb5.git;a=blob;"
"f=AUTHORS;hb=HEAD\n"
-"POT-Creation-Date: 2009-05-20 11:22+0200\n"
+"POT-Creation-Date: 2009-05-27 18:48-0400\n"
"PO-Revision-Date: 2008-10-22 18:04+0100\n"
"Last-Translator: Daniel Nylander \n"
"Language-Team: Swedish \n"
@@ -16,7 +16,7 @@
"Content-Type: text/plain; charset=utf-8\n"
"Content-Transfer-Encoding: 8bit\n"
-#: src/auth.c:284
+#: src/auth.c:132 src/auth.c:328
msgid "Password: "
msgstr "Lösenord: "
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_krb5-2.3.4-1/src/auth.c new/pam_krb5-2.3.5-1/src/auth.c
--- old/pam_krb5-2.3.4-1/src/auth.c 2008-10-17 10:33:33.000000000 +0200
+++ new/pam_krb5-2.3.5-1/src/auth.c 2009-06-08 09:47:33.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2003,2004,2005,2006,2007,2008 Red Hat, Inc.
+ * Copyright 2003,2004,2005,2006,2007,2008,2009 Red Hat, Inc.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -82,7 +82,7 @@
struct _pam_krb5_user_info *userinfo;
struct _pam_krb5_stash *stash;
krb5_get_init_creds_opt *gic_options;
- int i, retval, use_third_pass;
+ int i, retval, use_third_pass, prompted, prompt_result;
char *first_pass, *second_pass;
/* Initialize Kerberos. */
@@ -119,6 +119,22 @@
}
_pam_krb5_set_init_opts(ctx, gic_options, options);
+ /* Prompt for the password, as we might need to. */
+ prompted = 0;
+ prompt_result = PAM_ABORT;
+ second_pass = NULL;
+ if (options->use_second_pass) {
+ first_pass = NULL;
+ i = _pam_krb5_get_item_text(pamh, PAM_AUTHTOK, &first_pass);
+ if ((i != PAM_SUCCESS) || (first_pass == NULL)) {
+ /* Nobody's asked for a password yet. */
+ prompt_result = _pam_krb5_prompt_for(pamh,
+ Y_("Password: "),
+ &second_pass);
+ prompted = 1;
+ }
+ }
+
/* Get information about the user and the user's principal name. */
userinfo = _pam_krb5_user_info_init(ctx, user, options->realm,
options->user_check,
@@ -131,6 +147,15 @@
warn("error getting information about '%s'", user);
retval = PAM_USER_UNKNOWN;
}
+ if (prompted && (prompt_result == 0) && (second_pass != NULL)) {
+ if (options->debug) {
+ debug("saving newly-entered "
+ "password for use by "
+ "other modules");
+ }
+ pam_set_item(pamh, PAM_AUTHTOK, second_pass);
+ }
+ /* Clean up and return. */
_pam_krb5_options_free(pamh, ctx, options);
v5_free_get_init_creds_opt(ctx, gic_options);
krb5_free_context(ctx);
@@ -149,6 +174,14 @@
(unsigned long) options->minimum_uid);
}
_pam_krb5_user_info_free(ctx, userinfo);
+ if (prompted && (prompt_result == 0) && (second_pass != NULL)) {
+ if (options->debug) {
+ debug("saving newly-entered "
+ "password for use by "
+ "other modules");
+ }
+ pam_set_item(pamh, PAM_AUTHTOK, second_pass);
+ }
_pam_krb5_options_free(pamh, ctx, options);
v5_free_get_init_creds_opt(ctx, gic_options);
krb5_free_context(ctx);
@@ -161,6 +194,14 @@
warn("error retrieving stash for '%s' (shouldn't happen)",
user);
_pam_krb5_user_info_free(ctx, userinfo);
+ if (prompted && (prompt_result == 0) && (second_pass != NULL)) {
+ if (options->debug) {
+ debug("saving newly-entered "
+ "password for use by "
+ "other modules");
+ }
+ pam_set_item(pamh, PAM_AUTHTOK, second_pass);
+ }
_pam_krb5_options_free(pamh, ctx, options);
v5_free_get_init_creds_opt(ctx, gic_options);
krb5_free_context(ctx);
@@ -277,12 +318,18 @@
/* If that didn't work, and we're allowed to ask for a new password, do
* so in preparation for another attempt. */
- second_pass = NULL;
if ((retval != PAM_SUCCESS) &&
(retval != PAM_USER_UNKNOWN) &&
options->use_second_pass) {
- i = _pam_krb5_prompt_for(pamh, Y_("Password: "),
- &second_pass);
+ /* The "second_pass" variable already contains a value if we
+ * asked for one. */
+ if (!prompted) {
+ prompt_result = _pam_krb5_prompt_for(pamh,
+ Y_("Password: "),
+ &second_pass);
+ prompted = 1;
+ }
+ i = prompt_result;
if ((i == PAM_SUCCESS) &&
(flags & PAM_DISALLOW_NULL_AUTHTOK) &&
(second_pass != NULL) &&
@@ -379,6 +426,8 @@
KRB5_TGS_NAME,
NULL,
gic_options,
+ options->permit_password_callback ?
+ _pam_krb5_always_prompter :
_pam_krb5_normal_prompter,
&stash->v5result);
stash->v5attempted = 1;
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_krb5-2.3.4-1/src/options.c new/pam_krb5-2.3.5-1/src/options.c
--- old/pam_krb5-2.3.4-1/src/options.c 2009-02-12 10:31:23.000000000 +0100
+++ new/pam_krb5-2.3.5-1/src/options.c 2009-06-08 09:47:33.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2003,2004,2005,2006,2007,2008 Red Hat, Inc.
+ * Copyright 2003,2004,2005,2006,2007,2008,2009 Red Hat, Inc.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -572,6 +572,7 @@
options->use_first_pass = 1;
options->use_second_pass = 1;
options->use_third_pass = 1;
+ options->permit_password_callback = 0;
use_first_pass = option_b(argc, argv,
ctx, options->realm,
service, NULL, NULL, "use_first_pass", -1);
@@ -587,6 +588,7 @@
"subsequent_prompt", -1);
if (initial_prompt != -1) {
options->use_second_pass = initial_prompt;
+ options->permit_password_callback = !initial_prompt;
}
if (subsequent_prompt != -1) {
options->use_third_pass = subsequent_prompt;
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_krb5-2.3.4-1/src/options.h new/pam_krb5-2.3.5-1/src/options.h
--- old/pam_krb5-2.3.4-1/src/options.h 2008-04-17 14:04:00.000000000 +0200
+++ new/pam_krb5-2.3.5-1/src/options.h 2009-06-08 09:47:33.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2003,2005,2006,2008 Red Hat, Inc.
+ * Copyright 2003,2005,2006,2008,2009 Red Hat, Inc.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -44,6 +44,7 @@
int ignore_afs;
int ignore_unknown_principals;
int null_afs_first;
+ int permit_password_callback;
int proxiable;
int renewable;
int tokens;
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_krb5-2.3.4-1/src/prompter.c new/pam_krb5-2.3.5-1/src/prompter.c
--- old/pam_krb5-2.3.4-1/src/prompter.c 2008-10-06 16:16:40.000000000 +0200
+++ new/pam_krb5-2.3.5-1/src/prompter.c 2009-06-08 09:47:33.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2003,2004,2005,2006 Red Hat, Inc.
+ * Copyright 2003,2004,2005,2006,2009 Red Hat, Inc.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -49,6 +49,7 @@
#include "log.h"
#include "options.h"
#include "prompter.h"
+#include "userinfo.h"
#include "xstr.h"
void
@@ -69,8 +70,8 @@
}
static int
-_pam_krb5_prompt_is_password(krb5_prompt *prompt,
- struct _pam_krb5_prompter_data *pdata)
+_pam_krb5_prompt_default_is_password(krb5_prompt *prompt,
+ struct _pam_krb5_prompter_data *pdata)
{
size_t length;
if (pdata == NULL) {
@@ -89,6 +90,60 @@
return 0;
}
+static int
+_pam_krb5_prompt_is_for_password(krb5_prompt *prompt,
+ struct _pam_krb5_prompter_data *pdata)
+{
+ char *expected;
+ const char *p;
+ expected = malloc(strlen(pdata->userinfo->unparsed_name) + 32);
+ if (expected != NULL) {
+ /* Simple */
+ sprintf(expected, "Password");
+ if (strcmp(prompt->prompt, expected) == 0) {
+ free(expected);
+ return 1;
+ }
+ if (strncmp(prompt->prompt, expected, strlen(expected)) == 0) {
+ p = prompt->prompt + strlen(expected);
+ if (strspn(p, ": \t\r\n") == strlen(p)) {
+ free(expected);
+ return 1;
+ }
+ }
+ /* MIT */
+ sprintf(expected, "Password for %s",
+ pdata->userinfo->unparsed_name);
+ if (strcmp(prompt->prompt, expected) == 0) {
+ free(expected);
+ return 1;
+ }
+ if (strncmp(prompt->prompt, expected, strlen(expected)) == 0) {
+ p = prompt->prompt + strlen(expected);
+ if (strspn(p, ": \t\r\n") == strlen(p)) {
+ free(expected);
+ return 1;
+ }
+ }
+ /* Heimdal */
+ sprintf(expected, "%s's Password",
+ pdata->userinfo->unparsed_name);
+ if (strcmp(prompt->prompt, expected) == 0) {
+ free(expected);
+ return 1;
+ }
+ if (strncmp(prompt->prompt, expected, strlen(expected)) == 0) {
+ p = prompt->prompt + strlen(expected);
+ if (strspn(p, ": \t\r\n") == strlen(p)) {
+ free(expected);
+ return 1;
+ }
+ }
+ free(expected);
+ }
+ return 0;
+}
+
krb5_error_code
_pam_krb5_always_fail_prompter(krb5_context context, void *data,
const char *name, const char *banner,
@@ -103,7 +158,7 @@
_pam_krb5_normal_prompter(context, data, name, banner, 0, NULL);
}
for (i = 0; i < num_prompts; i++) {
- if (_pam_krb5_prompt_is_password(&prompts[i], pdata)) {
+ if (_pam_krb5_prompt_default_is_password(&prompts[i], pdata)) {
if (pdata->options->debug &&
pdata->options->debug_sensitive) {
debug("libkrb5 asked for \"%s\", "
@@ -151,7 +206,7 @@
}
/* Provide it as the answer to every question. */
for (i = 0; i < num_prompts; i++) {
- if (_pam_krb5_prompt_is_password(&prompts[i], pdata)) {
+ if (_pam_krb5_prompt_default_is_password(&prompts[i], pdata)) {
if (pdata->options->debug &&
pdata->options->debug_sensitive) {
debug("libkrb5 asked for \"%s\", "
@@ -186,10 +241,11 @@
return 0;
}
-krb5_error_code
-_pam_krb5_normal_prompter(krb5_context context, void *data,
- const char *name, const char *banner,
- int num_prompts, krb5_prompt prompts[])
+static krb5_error_code
+_pam_krb5_generic_prompter(krb5_context context, void *data,
+ const char *name, const char *banner,
+ int num_prompts, krb5_prompt prompts[],
+ int suppress_password_prompts)
{
struct pam_message *messages;
struct pam_response *responses;
@@ -236,7 +292,7 @@
/* Skip any prompt for which the supplied default answer is the
* previously-entered password -- it's just a waste of the
* user's time. */
- if (_pam_krb5_prompt_is_password(&prompts[i], pdata)) {
+ if (_pam_krb5_prompt_default_is_password(&prompts[i], pdata)) {
if (pdata->options->debug &&
pdata->options->debug_sensitive) {
debug("libkrb5 asked for \"%s\", "
@@ -251,9 +307,24 @@
}
continue;
}
- tmp = malloc(strlen(prompts[i].prompt) + 3);
- if (tmp != NULL) {
- sprintf(tmp, "%s: ", prompts[i].prompt);
+ /* If we're just asking for the password again, also skip it,
+ * if we were told to. */
+ if (_pam_krb5_prompt_is_for_password(&prompts[i], pdata)) {
+ if (suppress_password_prompts) {
+ continue;
+ } else {
+ if (pdata->options->debug) {
+ debug("libkrb5 asked for long-term "
+ "password, replacing prompt text "
+ "with generic prompt");
+ }
+ tmp = strdup("Password: ");
+ }
+ } else {
+ tmp = malloc(strlen(prompts[i].prompt) + 3);
+ if (tmp != NULL) {
+ sprintf(tmp, "%s: ", prompts[i].prompt);
+ }
}
messages[j + headers].msg = tmp;
messages[j + headers].msg_style = prompts[i].hidden ?
@@ -269,7 +340,7 @@
/* We can discard the messages now. */
for (i = j = 0; i < num_prompts; i++) {
- if (_pam_krb5_prompt_is_password(&prompts[i], pdata)) {
+ if (_pam_krb5_prompt_default_is_password(&prompts[i], pdata)) {
continue;
}
free((char*) messages[j + headers].msg);
@@ -287,7 +358,7 @@
/* Check for successfully-read responses. */
for (i = j = 0; i < num_prompts; i++) {
- if (_pam_krb5_prompt_is_password(&prompts[i], pdata)) {
+ if (_pam_krb5_prompt_default_is_password(&prompts[i], pdata)) {
continue;
}
/* If the conversation function failed to read anything. */
@@ -310,7 +381,7 @@
/* Gather up the results. */
for (i = j = 0; i < num_prompts; i++) {
- if (_pam_krb5_prompt_is_password(&prompts[i], pdata)) {
+ if (_pam_krb5_prompt_default_is_password(&prompts[i], pdata)) {
continue;
}
/* Double-check for NULL here. We should have caught it above
@@ -339,6 +410,26 @@
return 0; /* success! */
}
+krb5_error_code
+_pam_krb5_normal_prompter(krb5_context context, void *data,
+ const char *name, const char *banner,
+ int num_prompts, krb5_prompt prompts[])
+{
+ return _pam_krb5_generic_prompter(context, data,
+ name, banner,
+ num_prompts, prompts, 1);
+}
+
+krb5_error_code
+_pam_krb5_always_prompter(krb5_context context, void *data,
+ const char *name, const char *banner,
+ int num_prompts, krb5_prompt prompts[])
+{
+ return _pam_krb5_generic_prompter(context, data,
+ name, banner,
+ num_prompts, prompts, 0);
+}
+
int
_pam_krb5_prompt_for(pam_handle_t *pamh, const char *prompt, char **response)
{
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_krb5-2.3.4-1/src/prompter.h new/pam_krb5-2.3.5-1/src/prompter.h
--- old/pam_krb5-2.3.4-1/src/prompter.h 2008-04-17 14:04:00.000000000 +0200
+++ new/pam_krb5-2.3.5-1/src/prompter.h 2009-06-08 09:47:33.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2003,2006 Red Hat, Inc.
+ * Copyright 2003,2006,2009 Red Hat, Inc.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -42,6 +42,12 @@
/* Ask the user. */
krb5_error_code
+_pam_krb5_always_prompter(krb5_context context, void *data,
+ const char *name, const char *banner,
+ int num_prompts, krb5_prompt prompts[]);
+
+/* Ask the user, except for the password. */
+krb5_error_code
_pam_krb5_normal_prompter(krb5_context context, void *data,
const char *name, const char *banner,
int num_prompts, krb5_prompt prompts[]);
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_krb5-2.3.4-1/src/v5.c new/pam_krb5-2.3.5-1/src/v5.c
--- old/pam_krb5-2.3.4-1/src/v5.c 2009-03-05 09:45:54.000000000 +0100
+++ new/pam_krb5-2.3.5-1/src/v5.c 2009-05-28 12:12:23.000000000 +0200
@@ -802,8 +802,8 @@
v5_free_unparsed_name(ctx, principal);
return PAM_SUCCESS;
} else {
- crit("TGT failed verification using key for '%s'",
- principal);
+ crit("TGT failed verification using key for '%s': %s",
+ principal, v5_error_message(i));
v5_free_unparsed_name(ctx, principal);
return PAM_AUTH_ERR;
}
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org