Issued:

2015-07-22

Updated:

2015-07-22

RHBA-2015:1410 - krb5 bug fix and enhancement update

Synopsis

krb5 bug fix and enhancement update

Type/Severity

Bug Fix Advisory

Topic

Updated krb5 packages that fix two bugs and add one enhancement are now available for Red Hat Enterprise Linux 6.

Description

Kerberos is a networked authentication system that allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center.

This update fixes the following bugs:

• Prior to this update, if the Kerberos principal keys were expired, the password change request did not take into account the FAST framework settings for password change requests. Consequently, the pre-auth methods, which require FAST, could not be used for user authentication. This update modifies krb5 to correctly use FAST armor in the password change messages, and the pre-auth methods can be used for user authentication. (BZ#1075656)

• Previously, after the user set up incremental propagation between a KDC master and slave, an attempt to perform a full synchronization failed with an error message. A patch has been applied to fix this problem, and full synchronization no longer fails after the user sets up incremental propagation between a KDC master and slave. (BZ#1154130)

In addition, this update adds the following enhancement:

• This update adds the LocalAuth plug-in API to krb5. SSSD can leverage LocalAuth to allow seamless authentication of Active Directory (AD) users to Red Hat Enterprise Linux Identity Management (IdM) clients. (BZ#1170272)

Users of krb5 are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Updated Packages

• krb5-debuginfo-1.10.3-42.el6.s390x.rpm
• krb5-devel-1.10.3-42.el6.s390.rpm
• krb5-server-ldap-1.10.3-42.el6.ppc.rpm
• krb5-devel-1.10.3-42.el6.ppc.rpm
• krb5-debuginfo-1.10.3-42.el6.ppc.rpm
• krb5-devel-1.10.3-42.el6.i686.rpm
• krb5-debuginfo-1.10.3-42.el6.s390.rpm
• krb5-server-ldap-1.10.3-42.el6.s390.rpm
• krb5-pkinit-openssl-1.10.3-42.el6.x86_64.rpm
• krb5-server-ldap-1.10.3-42.el6.x86_64.rpm
• krb5-workstation-1.10.3-42.el6.x86_64.rpm
• krb5-devel-1.10.3-42.el6.ppc64.rpm
• krb5-server-1.10.3-42.el6.x86_64.rpm
• krb5-workstation-1.10.3-42.el6.ppc64.rpm
• krb5-workstation-1.10.3-42.el6.s390x.rpm
• krb5-server-ldap-1.10.3-42.el6.i686.rpm
• krb5-server-1.10.3-42.el6.i686.rpm
• krb5-debuginfo-1.10.3-42.el6.x86_64.rpm
• krb5-libs-1.10.3-42.el6.i686.rpm
• krb5-libs-1.10.3-42.el6.ppc.rpm
• krb5-debuginfo-1.10.3-42.el6.ppc64.rpm
• krb5-server-ldap-1.10.3-42.el6.s390x.rpm
• krb5-server-1.10.3-42.el6.ppc64.rpm
• krb5-pkinit-openssl-1.10.3-42.el6.i686.rpm
• krb5-server-1.10.3-42.el6.s390x.rpm
• krb5-libs-1.10.3-42.el6.x86_64.rpm
• krb5-pkinit-openssl-1.10.3-42.el6.ppc64.rpm
• krb5-libs-1.10.3-42.el6.s390.rpm
• krb5-devel-1.10.3-42.el6.s390x.rpm
• krb5-libs-1.10.3-42.el6.s390x.rpm
• krb5-workstation-1.10.3-42.el6.i686.rpm
• krb5-pkinit-openssl-1.10.3-42.el6.s390x.rpm
• krb5-devel-1.10.3-42.el6.x86_64.rpm
• krb5-1.10.3-42.el6.src.rpm
• krb5-server-ldap-1.10.3-42.el6.ppc64.rpm
• krb5-debuginfo-1.10.3-42.el6.i686.rpm
• krb5-libs-1.10.3-42.el6.ppc64.rpm

Fixes

• This content is not included.BZ - 1075656
• This content is not included.BZ - 1170272
• This content is not included.BZ - 1210704

CVEs

(none)

References

(none)

Additional information

• The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
• Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.