mirror of
https://git.FreeBSD.org/ports.git
synced 2024-12-04 01:48:54 +00:00
af7a454fd3
- MITKRB5-SA-2003-005:
Buffer overrun and underrun in principal name handling
- MITKRB5-SA-2003-004:
Cryptographic weaknesses in Kerberos v4 protocol; KDC and realm
compromise possible.
- MITKRB5-SA-2003-003:
Faulty length checks in xdrmem_getbytes may allow kadmind DoS.
- Additional patches from RedHat.
Approved by: kris (wearing his portmgr hat)
Obtained from: MIT Website and Nalin Dahyabhai <nalin@redhat.com>
|
||
|---|---|---|
| .. | ||
| patch-ac | ||
| patch-ad | ||
| patch-ae | ||
| patch-af | ||
| patch-ai | ||
| patch-aj | ||
| patch-appl::bsd::klogind.M | ||
| patch-appl::bsd::Makefile.in | ||
| patch-appl::telnet::libtelnet::kerberos5.c | ||
| patch-appl::telnet::telnetd::Makefile.in | ||
| patch-appl::telnet::telnetd::telnetd.8 | ||
| patch-appl::telnet::telnetd::utility.c | ||
| patch-as | ||
| patch-at | ||
| patch-av | ||
| patch-ax | ||
| patch-ay | ||
| patch-ba | ||
| patch-bb | ||
| patch-clients::ksu::heuristic.c | ||
| patch-clients::ksu::krb_auth_su.c | ||
| patch-include::krb5.hin | ||
| patch-kdc::do_tgs_req.c | ||
| patch-kdc::kdc_util.c | ||
| patch-kdc::kdc_util.h | ||
| patch-kdc::kerberos_v4.c | ||
| patch-kdc::main.c | ||
| patch-krb524::cnv_tkt_skey.c | ||
| patch-krb524::krb524d.c | ||
| patch-lib::kdb::keytab.c | ||
| patch-lib::krb5::keytab::file:ktf_util.c | ||
| patch-lib::krb5::krb::gc_frm_kdc.c | ||
| patch-lib::krb5::krb::parse.c | ||
| patch-lib::krb5::krb::srv_rcache.c | ||
| patch-lib::krb5::krb::unparse.c | ||
| patch-lib::rpc::xdr_mem.c | ||
| README.FreeBSD | ||
The MIT KRB5 port provides its own login program at
${PREFIX}/sbin/login.krb5. However, login.krb5 does not make use of
the FreeBSD login.conf and login.access files that provide a means of
setting up and controlling sessions under FreeBSD. To overcome this,
the MIT KRB5 port uses the FreeBSD /usr/bin/login program to provide
interactive login password authentication instead of the login.krb5
program provided by MIT KRB5. The FreeBSD /usr/bin/login program does
not have support for Kerberos V password authentication,
e.g. authentication at the console. The pam_krb5 port must be used to
provide Kerberos V password authentication.
For more information about pam_krb5, please see pam(8) and pam_krb5(8).
If you wish to use login.krb5 that is provided by the MIT KRB5 port,
the arguments "-L ${PREFIX}/sbin/login.krb5" must be
specified as arguments to klogind and KRB5 telnetd, e.g.
klogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -L ${PREFIX}/sbin/login.krb5
eklogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -e -L ${PREFIX}/sbin/login.krb5
telnet stream tcp nowait root ${PREFIX}/sbin/telnetd telnetd -a none -L ${PREFIX}/sbin/login.krb5
Additionally, if you wish to use the MIT KRB5 provided login.krb5 instead
of the FreeBSD provided /usr/bin/login for local tty logins,
"lo=${PREFIX}/sbin/login.krb5" must be specified in /etc/gettytab, e.g.,
default:\
:cb:ce:ck:lc:fd#1000:im=\r\n%s/%m (%h) (%t)\r\n\r\n:sp#1200:\
:if=/etc/issue:\
:lo=${PREFIX}/sbin/login.krb5:
It is recommended that the FreeBSD /usr/bin/login be used with the
pam_krb5 port instead of the MIT KRB5 provided login.krb5.