| Name: | krb5-workstation |
|---|---|
| Version: | 1.19.1 |
| Release: | 22.0.1.el9 |
| Architecture: | x86_64 |
| Group: | Unspecified |
| Size: | 3277618 |
| License: | MIT |
| RPM: | krb5-workstation-1.19.1-22.0.1.el9.x86_64.rpm |
| Source RPM: | krb5-1.19.1-22.0.1.el9.src.rpm |
| Build Date: | Tue Oct 04 2022 |
| Build Host: | build-ol9-x86_64.oracle.com |
| Vendor: | Oracle America |
| URL: | https://web.mit.edu/kerberos/www/ |
| Summary: | Kerberos 5 programs for use on workstations |
| Description: | Kerberos is a network authentication system. The krb5-workstation package contains the basic Kerberos programs (kinit, klist, kdestroy, kpasswd). If your network uses Kerberos, this package should be installed on every workstation. |
- Fixed race condition in krb5_set_password() [Orabug: 33609767]
- Restore "supportedCMSTypes" attribute in PKINIT preauth requests - Set SHA-512 or SHA-256 with RSA as preferred CMS signature algorithms - Resolves: rhbz#2068935
- Fix libkrad client cleanup - Allow use of larger RADIUS attributes in krad library - Resolves: rhbz#2100351
- Fix OpenSSL 3 MD5 encyption in FIPS mode - Allow libkrad UDP/TCP connection to localhost in FIPS mode - Resolves: rhbz#2068458
- Use p11-kit as default PKCS11 module - Resolves: rhbz#2030981
- Try harder to avoid password change replay errors - Resolves: rhbz#2075186
- Use SHA-256 instead of SHA-1 for PKINIT CMS digest
- Bypass FIPS restrictions to use KRB5KDF in case AES SHA-1 HMAC is enabled - Lazily load MD4/5 from OpenSSL if using RADIUS or RC4 enctype in FIPS mode
- Remove -specs= from krb5-config output - Resolves #1997021
- Fix KDC null deref on TGS inner body null server (CVE-2021-37750) - Resolves: #1997602