Lines Matching +full:debian +full:- +full:release
1 # Package metadata for pam-krb5.
6 # the release process. For more information, see DocKnot's documentation.
10 # Copyright 2017, 2020-2021 Russ Allbery <eagle@eyrie.org>
12 # SPDX-License-Identifier: BSD-3-clause or GPL-1+
16 name: pam-krb5
22 name: BSD-3-clause-or-GPL-1+
24 - holder: Russ Allbery <eagle@eyrie.org>
25 years: 2005-2010, 2014-2015, 2017, 2020-2021
26 - holder: The Board of Trustees of the Leland Stanford Junior University
27 years: 2009-2011
28 - holder: Andres Salomon <dilinger@debian.org>
30 - holder: Frank Cusack <fcusack@fcusack.com>
31 years: 1999-2000
41 expect to have to override this using `--libdir`. The correct
44 under the specified value of `--libdir`. On Red Hat Linux, for example,
45 `--libdir=/usr/lib64` is appropriate to install the module into the system
46 PAM directory. On Debian's amd64 architecture,
47 `--libdir=/usr/lib/x86_64-linux-gnu` would be correct.
53 debian:
54 package: libpam-krb5
56 Debian packages are available from Debian in Debian 4.0 (etch) and
57 later releases as libpam-krb5 and libpam-heimdal. The former packages
61 tarname: pam-krb5
62 version: pam-krb5
65 github: rra/pam-krb5
66 web: https://www.eyrie.org/~eagle/software/pam-krb5/
68 browse: https://git.eyrie.org/?p=kerberos/pam-krb5.git
69 github: rra/pam-krb5
74 url: https://git.eyrie.org/git/kerberos/pam-krb5.git
78 date: 2003-11-17
85 - date: 2020-03-30
88 - date: 2009-02-11
93 - name: pam-krb5
97 pam-krb5 is a Kerberos PAM module for either MIT Kerberos or Heimdal. It
99 handling, authentication of non-local accounts for network services,
108 pam-krb5 provides a Kerberos PAM module that supports authentication, user
113 PAM implementation flaws in commonly-used PAM-enabled applications such as
125 [pam-afs-session](https://www.eyrie.org/~eagle/software/pam-afs-session/).
148 on Linux recently. There is beta-quality support for the AIX NAS Kerberos
151 is present for FreeBSD, Mac OS X, and HP-UX. I personally can only test on
159 the PAM level from a screensaver, pam-krb5 when used with these old versions
171 pam-krb5 comes with a comprehensive test suite, but it requires some
172 configuration in order to test anything other than low-level utility
190 library-mediated password change of an expired password. This is fixed in
203 - title: Configuring
207 system authentication on Debian systems, put something like:
214 in `/etc/pam.d/common-auth`, something like:
221 in `/etc/pam.d/common-session`, and something like:
228 in `/etc/pam.d/common-account`. The `minimum_uid` setting tells the PAM
249 in `/etc/pam.d/common-password` will change users' passwords in Kerberos
251 can make this tighter by using the more complex new-style PAM
288 On Red Hat systems, modify `/etc/pam.d/system-auth` instead, which
291 You can also use pam-krb5 only for specific services. In that case,
333 The Kerberos library, via pam-krb5, will prompt the user to change their
343 for `_kerberos-master` as well as `_kerberos`.
344 - title: Debugging
353 `krb5.conf`. If pam-krb5 doesn't work, first check that `kinit` works
357 contains a key for `host/<system>` where <system> is the fully-qualified
358 hostname. pam-krb5 prevents KDC spoofing by checking the user's
361 with `klist -k` and `kinit -k`.
367 and pam-krb5 is linked against a different set of Kerberos libraries,
374 - title: Implementation Notes
397 When `pam_authenticate` is called, pam-krb5 creates a temporary ticket
420 pam-krb5 treats `pam_open_session` and `pam_setcred(PAM_ESTABLISH_CRED)`
455 Calling `pam_acct_mgmt` is optional; pam-krb5 doesn't do anything
465 pam-krb5 as the only PAM module would allow anyone to log in as root
512 - title: History and Acknowledgements
528 Joel Kociolek <joko@logidee.com> to be usable with Debian GNU/Linux.
530 It was packaged by Sam Hartman as the Kerberos v5 PAM module for Debian