211 lines
7.2 KiB
RPMSpec
211 lines
7.2 KiB
RPMSpec
#
|
|
# spec file for package pam_krb5 (Version 2.2.11)
|
|
#
|
|
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
|
# This file and all modifications and additions to the pristine
|
|
# package are under the same license as the package itself.
|
|
#
|
|
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
|
#
|
|
|
|
# norootforbuild
|
|
|
|
Name: pam_krb5
|
|
BuildRequires: krb5-client krb5-devel krb5-server openssl-devel pam-devel
|
|
%define PAM_RELEASE 1
|
|
License: GNU General Public License (GPL)
|
|
Group: Productivity/Networking/Security
|
|
Provides: pam_krb
|
|
Autoreqprov: on
|
|
Version: 2.2.11
|
|
Release: 27
|
|
Summary: PAM Module for Kerberos Authentication
|
|
URL: http://sourceforge.net/projects/pam-krb5/
|
|
Source: pam_krb5-%{version}-%{PAM_RELEASE}.tar.bz2
|
|
Patch1: pam_krb5-2.2.0-0.5-configure_ac.dif
|
|
Patch2: pam_krb5-2.2.0-2-noafsonarm.patch
|
|
Patch3: pam_krb5-2.2.11-1-refresh-drop-restore-priv.dif
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
|
|
|
%description
|
|
This PAM module supports authentication against a Kerberos KDC. It also
|
|
supports updating your Kerberos password.
|
|
|
|
|
|
|
|
Authors:
|
|
--------
|
|
Balazs Gal <balsa@rit.bme.hu>
|
|
Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
%prep
|
|
%setup -q -n pam_krb5-%{version}-%{PAM_RELEASE}
|
|
%patch1
|
|
%patch2
|
|
%patch3
|
|
|
|
%build
|
|
%{suse_update_config -f}
|
|
autoreconf --verbose --force --install
|
|
CFLAGS="$RPM_OPT_FLAGS -fstack-protector " \
|
|
./configure --libdir=/%_lib/ \
|
|
--prefix=/usr \
|
|
--mandir=%{_mandir} \
|
|
--with-os-distribution="openSUSE"
|
|
make %{?jobs:-j%jobs}
|
|
make check
|
|
|
|
%install
|
|
rm -rf $RPM_BUILD_ROOT
|
|
make install DESTDIR=$RPM_BUILD_ROOT
|
|
ln -sf pam_krb5.so $RPM_BUILD_ROOT/%_lib/security/pam_krb5afs.so
|
|
rm -f $RPM_BUILD_ROOT/%_lib/security/*.la
|
|
|
|
%clean
|
|
rm -rf $RPM_BUILD_ROOT
|
|
|
|
%files
|
|
%defattr(444,root,root,755)
|
|
%doc TODO README* COPYING* ChangeLog INSTALL AUTHORS NEWS
|
|
%attr(555,root,root) /%{_lib}/security/pam_krb5.so
|
|
%attr(555,root,root) /%{_lib}/security/pam_krb5afs.so
|
|
%dir /%{_lib}/security/pam_krb5
|
|
%attr(755,root,root) /%{_lib}/security/pam_krb5/pam_krb5_storetmp
|
|
%attr(444,root,root) %_mandir/man*/*.*
|
|
%attr(755,root,root) /usr/bin/afs5log
|
|
|
|
%changelog
|
|
* Thu Mar 15 2007 - mc@suse.de
|
|
- drop privileges in _pam_krb5_sly_maybe_refresh when
|
|
running in set uid and restore them on exit of this
|
|
function. This enables us to refresh the ticket
|
|
after screen un-lock.
|
|
[#124611]
|
|
* Mon Sep 25 2006 - mc@suse.de
|
|
- version 2.2.11
|
|
- remove two patches with are upstream now
|
|
- pam_krb5-2.2.10-0-oldauthtok.dif
|
|
- pam_krb5-2.2.10-0-testfix.dif
|
|
- make use of --with-os-distribution
|
|
* Thu Sep 14 2006 - mc@suse.de
|
|
- fix pam_set_item call for AUTHTOK and OLDAUTHTOK
|
|
- fix testcase
|
|
- if the server returns an error message during password-changing,
|
|
let the user see it
|
|
- add the "debug_sensitive" option, which actually logs passwords
|
|
- add the "no_subsequent_prompt" option, to force the module to
|
|
always answer a libkrb5 prompt with the PAM_AUTHTOK value
|
|
* Tue Sep 12 2006 - mc@suse.de
|
|
- version 2.2.10
|
|
* log text for server-supplied error code along with the
|
|
failure information.
|
|
* rework the prompting bits so that it makes more correct use of
|
|
the initial_prompt/use_first_pass flags and correctly disables
|
|
use of the callback for arbitrary prompts
|
|
* give the caller a way to specify which prompter callback we
|
|
should use.
|
|
* track whether or not we want to let libkrb5 ask for information
|
|
via the callbacks.
|
|
* and more fixes
|
|
* Thu Jul 27 2006 - mc@suse.de
|
|
- version 2.2.9
|
|
* look for krb5/krb5.h in preference to krb5.h (new in
|
|
MIT Kerberos 1.5)
|
|
* if the default principal in the ccache doesn't match the
|
|
userinfo structure, update the userinfo structure.
|
|
* always use the name of the v5 principal when saving
|
|
credentials, especially for the "external" case where
|
|
it may not be the value we originally guessed
|
|
* be more careful about other ways which our prompting
|
|
callback can try to break us
|
|
* go back to overwriting the template, to avoid uncontrolled
|
|
growth in the filename.
|
|
* build the new ccache name by appending the mkstemp template
|
|
instead of assuming the previous file ended with one
|
|
* and more fixes.
|
|
- remove pam_krb5-2.2.3-1-prompter-segfault.dif it is upstream now
|
|
* Wed Jun 28 2006 - mc@suse.de
|
|
- update to version 2.2.8
|
|
* fix reporting of the reasons for password change failures
|
|
* add "krb4_use_as_req" to completely disallow any attempts to get
|
|
v4 credentials
|
|
* do 524 conversion for the "external" cases, too
|
|
- remove obsolete patches
|
|
* Fri Apr 21 2006 - mc@suse.de
|
|
- fix segfault in prompter [#165972]
|
|
* Wed Jan 25 2006 - mls@suse.de
|
|
- converted neededforbuild to BuildRequires
|
|
* Tue Jan 17 2006 - mc@suse.de
|
|
- add two patches from upstream
|
|
* pam_krb5-upstreamfix-password-handling.dif
|
|
* pam_krb5-upstreamfix-testcase.dif
|
|
- build with more then one job
|
|
* Fri Jan 13 2006 - mc@suse.de
|
|
- set /usr/bin/afs5log executable
|
|
* Wed Jan 11 2006 - mc@suse.de
|
|
- add -fstack-protector to CFLAGS
|
|
* Tue Dec 20 2005 - mc@suse.de
|
|
- update to version 2.2.3
|
|
- remove pam_krb5-2.2.0-0.5-NULL-fix.dif; patch is now upstream
|
|
* Fri Dec 02 2005 - mc@suse.de
|
|
- update to version 2.2.2
|
|
* don't leak the keytab file descriptor
|
|
* actually check for AFS support first, so that the
|
|
ioctl-only support case will work properly.
|
|
* Mon Nov 14 2005 - uli@suse.de
|
|
- no afs_syscall on ARM
|
|
* Mon Nov 14 2005 - mc@suse.de
|
|
- update to version 2.2.0-2
|
|
- remove obsolete patch (debug_false is upstream now)
|
|
* Mon Oct 10 2005 - mc@suse.de
|
|
- update to current CVS version
|
|
- drop some patches (they are upstream now)
|
|
- fix NULL problem
|
|
* Wed Aug 17 2005 - mc@suse.de
|
|
- got official fix for the authtok problem
|
|
[#104051]
|
|
* Mon Aug 15 2005 - mc@suse.de
|
|
- fix the behavior of password changing if use_authtok
|
|
is not present [#104051]
|
|
* Wed Jun 29 2005 - mc@suse.de
|
|
- fix change password
|
|
* Fri Jun 10 2005 - mc@suse.de
|
|
- set default for debug to false [#87005]
|
|
* Thu Apr 07 2005 - mc@suse.de
|
|
- switch to version 2.2.0-0.5
|
|
* Tue Feb 22 2005 - nadvornik@suse.cz
|
|
- fixed parsing of time values
|
|
* Mon Feb 21 2005 - mc@suse.de
|
|
- add pam_krb5-use-krb5_afslog.dif [#51047]
|
|
* Tue Jan 18 2005 - okir@suse.de
|
|
- updated to latest pam_krb5 snapshot from sourcforge CVS
|
|
* Tue Jan 11 2005 - ro@suse.de
|
|
- re-added afs module (added krbafs to neededforbuild)
|
|
* Mon Nov 22 2004 - ro@suse.de
|
|
- remove afs for the moment, mit-kerberos does not have support
|
|
* Wed Apr 28 2004 - ro@suse.de
|
|
- added -fno-strict-aliasing
|
|
* Fri Jan 16 2004 - kukuk@suse.de
|
|
- Add pam-devel to neededforbuild
|
|
* Sun Jan 11 2004 - adrian@suse.de
|
|
- build as user
|
|
* Wed Jul 16 2003 - nadvornik@suse.cz
|
|
- replaced by different implementation of pam_krb5
|
|
- afs support
|
|
* Fri Jun 20 2003 - okir@suse.de
|
|
- fix build problem with latest heimdal
|
|
- another fix for passwd updates (#20284)
|
|
* Wed Jun 18 2003 - ro@suse.de
|
|
- use kerberos-devel-packages in neededforbuild
|
|
* Tue Apr 15 2003 - ro@suse.de
|
|
- fixed neededforbuild
|
|
* Wed Aug 28 2002 - okir@suse.de
|
|
- Security fix (#18463): unbecome_user did not properly reassert
|
|
original privilege, and the caller didn't check the return value.
|
|
* Wed Jul 31 2002 - okir@suse.de
|
|
- suse_update_config now updates the right files
|
|
* Wed Jul 24 2002 - okir@suse.de
|
|
- fixed passwd(1) support; updated README
|
|
* Tue Jul 23 2002 - okir@suse.de
|
|
- initial packaging
|