4871e2a3be
- MIT KRB5 Security Advisory 2005-002: Buffer overflow, heap corruption in KDC - MIT KRB5 Security Advisory 2005-003: Double free in krb5_recvauth |
||
---|---|---|
.. | ||
patch-ac | ||
patch-ad | ||
patch-ae | ||
patch-af | ||
patch-ai | ||
patch-aj | ||
patch-appl::bsd::klogind.M | ||
patch-appl::bsd::Makefile.in | ||
patch-appl::gssftp::ftp::ftp_var.h | ||
patch-appl::telnet::telnetd::Makefile.in | ||
patch-appl::telnet::telnetd::telnetd.8 | ||
patch-appl::telnet::telnetd::utility.c | ||
patch-as | ||
patch-at | ||
patch-av | ||
patch-ax | ||
patch-ay | ||
patch-ba | ||
patch-bb | ||
patch-config::pre.in | ||
patch-config::shlib.conf | ||
patch-lib::krb5::krb::recvauth.c | ||
patch-lib::krb5::krb::unparse.c | ||
patch-lib::krb5::os::hst_realm.c | ||
patch-lib::krb5::os::locate_kdc.c | ||
README.FreeBSD |
The MIT KRB5 port provides its own login program at ${PREFIX}/sbin/login.krb5. However, login.krb5 does not make use of the FreeBSD login.conf and login.access files that provide a means of setting up and controlling sessions under FreeBSD. To overcome this, the MIT KRB5 port uses the FreeBSD /usr/bin/login program to provide interactive login password authentication instead of the login.krb5 program provided by MIT KRB5. The FreeBSD /usr/bin/login program does not have support for Kerberos V password authentication, e.g. authentication at the console. The pam_krb5 port must be used to provide Kerberos V password authentication. For more information about pam_krb5, please see pam(8) and pam_krb5(8). If you wish to use login.krb5 that is provided by the MIT KRB5 port, the arguments "-L ${PREFIX}/sbin/login.krb5" must be specified as arguments to klogind and KRB5 telnetd, e.g. klogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -L ${PREFIX}/sbin/login.krb5 eklogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -e -L ${PREFIX}/sbin/login.krb5 telnet stream tcp nowait root ${PREFIX}/sbin/telnetd telnetd -a none -L ${PREFIX}/sbin/login.krb5 Additionally, if you wish to use the MIT KRB5 provided login.krb5 instead of the FreeBSD provided /usr/bin/login for local tty logins, "lo=${PREFIX}/sbin/login.krb5" must be specified in /etc/gettytab, e.g., default:\ :cb:ce:ck:lc:fd#1000:im=\r\n%s/%m (%h) (%t)\r\n\r\n:sp#1200:\ :if=/etc/issue:\ :lo=${PREFIX}/sbin/login.krb5: It is recommended that the FreeBSD /usr/bin/login be used with the pam_krb5 port instead of the MIT KRB5 provided login.krb5.