[OpenAFS-announce] pam-afs-session 1.7 released

Russ Allbery openafs-info@openafs.org
Thu, 10 Jul 2008 23:19:59 -0700


I'm pleased to announce release 1.7 of pam-afs-session.

pam-afs-session is a PAM module intended for use with a Kerberos v5 PAM
module to obtain an AFS PAG and AFS tokens on login.  It puts every new
session in a PAG regardless of whether it was authenticated with Kerberos
and either uses Heimdal's libkafs or runs a configurable external program
to obtain tokens.  It supports using Heimdal's libkafs for the AFS
interface and falls back to an internal implementation if libkafs isn't
available.

Changes from previous release:

    Return PAM_IGNORE instead of PAM_SUCCESS from all functions when AFS
    isn't available, and when functions are skipped due to the
    configuration.  We would like to do this in pam_authenticate as well
    (it would be much safer), but there is a bug in (at least) Linux PAM
    0.99.7.1 (and probably earlier) that treats this as authentication
    failure if the module is configured with [default=done].

    Fix Autoconf syntax error when probing for libkrb5support.  Thanks,
    Mike Garrison.

    If KRB5_CONFIG was explicitly set in the environment, don't use a
    different krb5-config based on --with-krb5.  If krb5-config isn't
    executable, don't use it.  This allows one to force library probing by
    setting KRB5_CONFIG to point to a nonexistent file.

    Sanity-check the results of krb5-config before proceeding and error
    out in configure if they don't work.

    Set an explicit visibility of hidden for all internal functions at
    compile time if gcc is used to permit better optimization.  Hide all
    functions except the official interfaces using a version script on
    Linux.  This protects against leaking symbols into the application
    namespace and provides some mild optimization benefit.

    Fix the probing of PAM headers for const on Mac OS X.  This will
    suppress some harmless compiler warnings there.  Thanks, Markus
    Moeller.

You can download it from:

    <http://www.eyrie.org/~eagle/software/pam-afs-session/>

Debian packages have been uploaded to Debian unstable.

Please let me know of any problems or feature requests not already listed
in the TODO file.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>