Package: libkrb5-3 Version: 1.10+dfsg~beta1-2 Severity: important MIT Kerberos 1.10 (including pre-releases and betas) exposed a bug in the tracking of preauth mechanisms such that, if an authentication fails after preauth was requested, all subsequent preauth-required authentications in the same Kerberos context will also fail.
This breaks password change when credentials have expired, and also breaks try_first_pass functionality in Kerberos PAM modules. Upstream has fixed this problem in their mainline with commit 25822. -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 3.1.0-1-686-pae (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libkrb5-3 depends on: ii libc6 2.13-27 ii libcomerr2 1.42.1-2 ii libk5crypto3 1.10+dfsg~beta1-2 ii libkeyutils1 1.5.2-2 ii libkrb5support0 1.10+dfsg~beta1-2 ii multiarch-support 2.13-27 Versions of packages libkrb5-3 recommends: pn krb5-locales <none> Versions of packages libkrb5-3 suggests: pn krb5-doc <none> pn krb5-user <none> -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
