Patch-ID# 115168-05
Keywords: security encryption international pam_krb5 krbv5 pam_krb5 kerberos
Synopsis: SunOS 5.9_x86: usr/lib/security/pam_krb5.so.1 Patch
Date: Aug/31/2004


******************************************************
   The items made available through this website
   are subject to United States export laws and
   may be subject to export and import laws
   of other countries. You agree to strictly comply
   with all such laws and obtain licenses to
   export, re-export, or import as may be required.
   Unless expressly authorized by the United States
   Government to do so you will not, directly or
   indirectly, export or re-export the items made
   available through this website, nor direct the
   items therefrom, to any  embargoed or restricted
   country identified in the United States export
   laws, including but not limited to the Export
   Administration Regulations (15 C.F.R. Parts
   730-774).
******************************************************

Install Requirements: Install in Single User Mode                      
                      Reboot immediately after patch is installed                      
                      
Solaris Release: 9_x86

SunOS Release: 5.9_x86

Unbundled Product: 

Unbundled Release: 

Xref: This patch available for SPARC as patch 112908

Topic: SunOS 5.9_x86: usr/lib/security/pam_krb5.so.1 Patch

Relevant Architectures: i386

BugId's fixed with this patch: 4430138 4516537 4526202 4630574 4711993 4727224 4743181 4744280 4794436 4807010 4830044 4836676 4837278 4841013 4846024 4847827 4865664 4881066 4882946 4995543 5004688 5055875 5063407

Changes incorporated in this version: 4807010 4837278 4865664 5055875 5063407

Patches accumulated and obsoleted by this patch: 113990-05

Patches which conflict with this patch: 

Patches required with this patch: 

Obsoleted by: 

Files included with this patch: 

/kernel/misc/kgss/do_kmech_krb5
/kernel/misc/kgss/gl_kmech_krb5
/usr/lib/gss/gl/abi/abi_mech_krb5.so.1
/usr/lib/gss/gl/mech_krb5.so.1
/usr/lib/security/pam_krb5.so.1
/usr/lib/security/pam_krb5_migrate.so
/usr/lib/security/pam_krb5_migrate.so.1

Problem Description:

4807010 Crash in the gssapi module
4837278 Kerberos utilities should include automigrate capability
5055875 buffer overflow in (undocumented) auth_to_local rules
4865664 gssapi/krb5 may hang with corrupted data
5063407 memory corruption between decode_krb5_ap_req() and krb5_gss_accept_sec_context()
 
(from 115168-04)
 
4995543 pam_krb5.so.1 from 112908-12 causes SEGV when using *su* or dtsession lock
5004688 Kerberos patch 112908-12 causes user passwords to be logged in clear text
 
(from 115168-03)
 
4794436 strict TGT verification in pam_krb5 should be configurable
4430138 pam_krb5 has wrong return codes for some service module function
4516537 pam_krb5 does not conform to the PAM standards set forth in pam(3PAM)
4711993 mech_krb5:  memory caching MUST be enabled in kerberos mech
4841013 krb5 memory cache code should use mktemp instead of mkstemp
4846024 krb5 err msg: login: /tmp/krb5cc_35224 owned by 35224 instead of 0
4881066 pam_krb5 setcred function causes BUS error due to incorrectly freed memory
 
(from 115168-02)
 
4836676 Bounds checks not in place for princs in krbv5
 
(from 115168-01)
 
4830044 pam_krb5 needs to be repository aware
 
(from 113990-05)
 
4882946 GSS_C_NO_BUFFER: gss_init_sec_context gives an Error code
 
(from 113990-04)
 
4836676 Bounds checks not in place for princs in krbv5
 
(from 113990-03)
 
4847827 Kerberos patch 112908-07 Error verifying TGT with host, Bad encryption type
 
(from 113990-02)
 
4630574 pam_krb5 should not reimplement utility functions and use libpam utilities
4743181 gss/kerberos frees a buffer returned to caller
 
(from 113990-01)
 
4526202 pam_krb5 auth can fail with multiple ftp sessions of same user
4727224 user application hangs at rpc_gss_seccreate()
4744280 gss_display_status() always returning error

Patch Installation Instructions:
--------------------------------
 
For Solaris 2.0-2.6 releases, refer to the Install.info file and/or
the README within the patch for instructions on using the generic
'installpatch' and 'backoutpatch' scripts provided with each patch.
 
For Solaris 7-9 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/104945-02
 
The following example removes a patch from a standalone system:
 
       example# patchrm 104945-02
 
For additional examples please see the appropriate man pages.

Special Install Instructions:
-----------------------------
 
Not all patches listed in this section as needed for the completion
of a fix or feature, may be available at the same time as this patch.
This allows the remaining fixes/features to be made available sooner.

NOTE 1: To get the complete fix of bug 4836676 "Bounds checks not
        in place for princs in krbv5" please install the following patches:
 
        116044-01 (or newer) kdb5_util
        116045-01 (or newer) krb5kdc
        116046-02 (or newer) libkadm5srv.so.1
        This patch now contains 113990-04 (or newer) mech_krb5.so.1 gl_kmech_krb5
        115168-03 (or newer) pam_krb5.so.1 (This patch)

NOTE 2: To get the complete fix for bugID 4837278, please also install
        the following patches (or newer):

        116044-02 kdb5_util
        116046-04 libkadm5srv.so.1

README -- Last modified date:  Friday, October 1, 2004