[ol7_latest_archive] krb5-pkinit-1.11.3-49.el7.x86_64

Name:	krb5-pkinit
Version:	1.11.3
Release:	49.el7
Architecture:	x86_64
Group:	System Environment/Libraries
Size:	118864
License:	MIT
RPM:	krb5-pkinit-1.11.3-49.el7.x86_64.rpm
Source RPM:	krb5-1.11.3-49.el7.src.rpm
Build Date:	Wed May 07 2014
Build Host:	ca-buildj3.us.oracle.com
Vendor:	Oracle America
URL:	http://web.mit.edu/kerberos/www/
Summary:	The PKINIT module for Kerberos 5
Description:	Kerberos is a network authentication system. The krb5-pkinit package contains the PKINIT plugin, which allows clients to obtain initial credentials from a KDC using a private key and a certificate.

Changelog (Show File list) (Show related packages)

Tue Mar 11 2014 Nalin Dahyabhai <nalin@redhat.com> - 1.11.3-49

- mark the pkinit module "nodelete" so that applications which cause it
  to be loaded and unloaded repeatedly don't suffer from memory loss when
  libcrypto is initialized, allocating memory in the process, and then
  unloaded along with the module (most of #1063732)
- when copying creds from one ccache to another, if we single out one
  server for which creds shouldn't be copied, don't leak the memory
  that those creds use (a bit more of #1063732)
- fix an uninitialized variable warning that could, rarely, cause a
  service-unavailable error to be reported when a server was merely
  unreachable (spotted while chasing #1063732)
- don't leak the per-request context allocated by preauth modules (a
  bit more of #1063732)

Wed Mar 05 2014 Nathaniel McCallum <npmccallum@redhat.com> - 1.11.3-48

- add Nathaniel's backported fix for to make password changes work properly
  when performed while obtaining creds over FAST (RT#7868, #1072579)

Tue Feb 18 2014 Nalin Dahyabhai <nalin@redhat.com> - 1.11.3-47

- spnego: pull in patch from master to restore preserving the OID of the
  mechanism the initiator requested when we have multiple OIDs for the same
  mechanism, so that we reply using the same mechanism OID and the initiator
  doesn't get confused (#1066002, RT#7858)

Mon Feb 10 2014 Nalin Dahyabhai <nalin@redhat.com> - 1.11.3-46

- pull in patch from master to move the default directory which the KDC uses
  when computing the socket path for a local OTP daemon from the database
  directory (/var/kerberos/krb5kdc) to the newly-added run directory
  (/run/krb5kdc), in line with what we're expecting in 1.13 (RT#7859, more
  of #1040056 as #1063905)
- add a tmpfiles.d configuration file to have /run/krb5kdc created at
  boot-time
- own /var/run/krb5kdc

Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 1.11.3-45
```
- Mass rebuild 2014-01-24
```

Tue Jan 21 2014 Nalin Dahyabhai <nalin@redhat.com> - 1.11.3-44

- pull in and backport multiple changes to allow replay caches to be added to
  a GSS credential store as "rcache"-type credentials (RT#7818/#7819/#7836,

Fri Jan 17 2014 Nalin Dahyabhai <nalin@redhat.com> - 1.11.3-43
```
- switch to upstream's fix for #1030607
```

Wed Jan 15 2014 Nalin Dahyabhai <nalin@redhat.com> - 1.11.3-42

- add proposed patch to fix the GSSAPI library's checks for expired
  client creds in gss_init_sec_context() so that they work with keyring
  caches (RT#7820, #1030607)

Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 1.11.3-41
```
- Mass rebuild 2013-12-27
```

Thu Dec 19 2013 Nalin Dahyabhai <nalin@redhat.com> - 1.11.3-40

- pull in fix from master to make reporting of errors encountered by
  the SPNEGO mechanism work better (RT#7045, part of #1043962)