Hi. I was at a bug squashing party this week and Geoff and I spent some time
with this bug.
As best we can tell pam_authenticate is called by /usr/bin/kdm not
some slave as in gdm3.
kdm does support a reload target.
However we were not able to get kdm to work correctly when we logged
out of a
It should be fixed in unstable by actually supporting the new enctypes.
While ncice, that rather misses the point.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
> "Adam" == Adam D Barratt writes:
Adam> The krb5 package was uploaded and I've (somewhat belatedly)
Adam> marked it for acceptance at the next dinstall. What's the
Adam> status of the nfs-utils upload?
My guess is they were waiting for krb5.
Remember they have to increase buil
Hi. I'm sorry.
I've been busier than expected.
As mentioned, a 0-day NMU would be fine with me.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
If I get an ack from SRM i'll do the krb5 upload.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
>>>>> "Philipp" == Philipp Kern writes:
Philipp> On Mon, Aug 01, 2011 at 01:34:34AM -0700, Steve Langasek wrote:
>> On Tue, Jul 19, 2011 at 05:42:34PM -0400, Sam Hartman wrote:
> > I don't have checkouts handy, but my strong suspicion
I expect to get to the krb5 package in a day or so. I expect nfs-utils
will want to up its build-depends on krb5 to 1.8.3+dfsg-4squeeze2
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
I uploaded Geoff's patch to delayed/4
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
package: krb5
source-version: 1.9+dfsg-2
The multiarch patch causes krb5-config to omit -L/usr/lib/x86_64-linux-gnu etc.
That's wrong.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
force-merge 643027 642229
thanks
Steve, I noticed this the other day too.
Will fix.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
What's the ticket lifetime on krbtgt/REALM@REALM?
I think that may also limit things.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
If you or someone else wants to NMU a solution to this, be my guest.
I'd recommend uploading without delay.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
package: libespeak1
version: 1.43.03-2
tags: patch, upstream
severity: important
Hi. I noticed that espeak as an emacspeak speech server is basically
unusable if you're using pulse, which is kind of the default
configuration in wheezy.
This made my accessibility experience quite difficult.
You d
Here's what is going on here.
1) if pulseaudio is started as a given user then only that user will be
able to access the audio device.
2) by default if an application tries to use pulse and it's not running,
then pulse will start as that user.
3) If something starts speech-dispatcher at syste
package: speech-dispatcher
version: 0.7.1-6.2
severity: important
tags: upstream
The espeak module of speech-dispatcher leaves the audio open the entire
time the module is running.
This has amazingly bad consequences for accessibility situations
especially with gnome and gdm, although I suspect t
Hi.
I'm no longer convinced my patch helps things, nor that I understood the
root cause of the problem.
I'm quite convinced that under pulseaudio, speech is getting chopped.
But, I'm noticing that it's actually using alsa (presumably via
portaudio) and pulse via that, rather than the direct pulse
For myself I'm unconvinced that it makes sense to have static libraries
used for aid.
I was really hoping the security team would comment on this one way or
another.
I can certainly create libkrb5-static.
But I'd rather have a broader consensus of the project than just the aid
maintainer agreeing
control: tags -1 confirmed
control: reassign -1 libverto1
control: found -1 libverto1/0.2.2-1
Yeah, I can reproduce.
The way this issupposed to work is that libverto1 should work with any
of the plugins.
However, it appears the glib plugin is broken.
--
To UNSUBSCRIBE, email to debian-bugs-di
Hi.
Upgraded.
It's definitely using pulse now.
I expect to be closing this bug as fixed in the new version within a day
unless something unexpected comes up.
Now,' I'm seeing some kind of impressive latency starting a chunk of
speech; cursoring around is kind of painful.
Will also looking into th
Ah, I see you already included the patch:-)
sorry.
Well, it does look like the bug is fixed.
I'm likely to recommend you remove the patch as I don't think it does
anytihng but will get back to you.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscri
Hi.
The pulse trigger patch is bogus and doesn't seem to make any
difference.
I'm sorry about that. I thought it did make a difference when I
submitted it; apparently though the affects of the final bit of speech
trimming were not as pronounced as I had previously thought. I actually
managed to
package: wnpp
severity: wishlist
URL: https://fedorahosted.org/libverto/
Description: libverto provides a common interface on top of libev, libevent,
glib, tevent.
The goal is to allow development of asynchronous libraries that will work
with whatever event loop an application happens to be u
package: wnpp
severity: wishlist
URL: libradsec branch of http://www.project-moonshot.org/gitweb/radsecproxy.git
URL2: http://software.uninett.no/radsecproxy/
Description: libradsec is a library for RADIUS clients and servers
This library features support for RADSEC (RADIUS over TLS/DTLS) as wel
> "Faidon" == Faidon Liambotis writes:
Faidon> Hi Sam, Hope you're well.
Faidon> Are you planning on putting the packaging efforts for this
Faidon> on git somewhere (e.g. collab-maint?). If so, I'd be happy
Faidon> to contribute, if help is needed, either now or when the
OK, so I had not looked at what this does on win32. I think any
criticism you have of the libverto win32 interface is probably valid.
Fortunately I don't think that's being used.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Cont
Hi.
Your pointer wasn't very useful.
It was a pointer to examples of circular dependencies, not what breaks
on upgrades, so it was not useful for me in trying to balance problems
potentially created by the circular dependency against potential
solutions.
Do you have any suggestions on how to d
>>>>> "Bill" == Bill Allombert writes:
Bill> On Tue, Nov 29, 2011 at 10:42:13AM -0500, Sam Hartman wrote:
>>
> Do you have any suggestions on how to deal with it in this case?
>> libverto-glib1 and libverto-libev1 are basically plugins in
reassign 650541 libsmbclient
retitle 650541 libsmbclient uses internal symbol krb5_locate_kdc
found 650541 libsmbclient/2:3.6.1-2
thanks
Hi.
krb5_locate_kdc was not a public symbol.
It was not available in krb5.h without defining KRB5_PRIVATE.
I'm not sure whether it was available with KRB5_PRIVAT
Hi.
It looks like a simple rebuild of samba will fix this; see the ongoing
discussion on
http://bugs.debian.org/650541
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
It looks like there is already a configure test. So, if we up the
dependency on libkrb5-dev to make sure that we get a version that will
not contain the symbol and rebuild, it looks like it will all be fine.
Assuming that when I try that it works, shall I NMU? If so, do you want
it to delayed or d
Please install libkrb5-dbg and gdb.
Then, run something like
gdb --args ssh hostname
at the gdb prompt
type run
when it segfaults
run
bt full
and include all the output that produces in this bug.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubsc
Hi. I'll fix the bug. I'll be taking a different approach. The
debian/rules is intended to work with or without a new dpkg-buildflags.
Your patch removes that support (which is actually broken in the current
debian/rules)
-D_Reentrant is no longer needed.
But thanks for letting me know I broke th
package: krb5-kdc
severity: important
version: 1.9.1+dfsg-1
tags: security
--- Begin Message ---
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MITKRB5-SA-2011-007
MIT krb5 Security Advisory 2011-007
Original release: 2011-12-06
Last update: 2011-12-06
Topic: KDC null pointer dereference in TG
Add to the list xmltooling.
Strace looks like
access("/build/hartmans-xmltooling_1.5+dfsg~moonshot1-2-amd64-ZxBtbA/xmltooling-
1.5+dfsg~moonshot1/typeinfo", F_OK) = -1 ENOENT (No such file or directory)
access(".", F_OK) = 0
lstat(".", {st_mode=S_IFDIR|0755, st_size=4096,
Well, I've taken a bit of a look at python-event. Unfortunately, it
looks like it simply doesn't support libevent2. It seems to dig into
the bufferevent structs a lot in ways that have changed between libevent
1.x and 2.x. There was a release this year after a several year gap,
but as far as I c
1) As you guess sessions schroots don't work because you always try to begin a
session.
2) --add-depends is great if I want to add a dependency. In my case
though I'm building a set of related packages triggered by buildbot
and I want to make previous build results available to other sbuild
inv
package: curl
severity: grave
version: 7.23.1-2
curl: relocation error: curl: symbol curl_dostrdup, version CURL_OPENSSL_3 not d
efined in file libcurl.so.4 with link time reference
I have libcurl3 Version: 7.21.3-1
Upgrading libcurl3 fixes things, but the shlibs and/o
So far it sounds like this affects one user and is hard for others to reproduce.
I'm wondering if this is really RC? (I'd like to see the new krb5 get into
testing and samba has to migrate first. I'm not sure what besides this bug is
holding it back, possibly it's moot because of transition issu
Package: dpkg-dev
Version: 1.16.1.2
Severity: normal
based on the man page if I run dpkg-source --commit . patch_name foo.patch
I'd expect that the original tarball would not be needed.
As far as I can tell the program seems to actually ignore the third argument
and tries to build the diff it
tags 664775 confirmed upstream
retitle 664775 kadmin prints lifetime in seconds not something useful
thanks
I suspect it is seconds and I actually like the output in the
documentation more than the code. So, it might be a better fix to
update the code to be consistent with the docs.
I've confirme
Sure.
After looking at this more, it appears to be a doc bug.
1) I had assumed that the third argument to dpkg-source --comit was
relative to the current directory.
It seems not to be and unless I give an absolute path it doesn't work
2) If the patch is not found rather than giving an error dpk
Yes, sounds like a doc issue to me. Thanks for the tip!
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
So, things like -maxlife take input like "3 hours"; you specify the
units.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Sorry, I'm a bit swamped at the moment; will attempt to deal with this
next week.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
severity 670918 normal
thanks
> "Moritz" == Moritz Muehlenhoff writes:
Moritz> Package: krb5 Severity: grave Tags: security
Moritz> Please see
Moritz> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1012
Moritz> for details
I agree that Debian has the bug, but as Redha
This is in response to a bug where after an upgrade libpam-krb5 failed to
authenticate giving an unsupported encryption type.
Around march of 2011, MIT changed how they pick the principal to use
for krb5_verify_init_creds, a function used internally by libpam-krb5.
If that's the case, then thi
package: libdnet
severity: important
version: 2.59
justification: libraries should not impact global system state.
It's entirely reasonable for a random program that supports decnet to
link against the libdnet library.
To my shock, there are programs that support decnet, but apparently it's
not th
> "Moritz" == Moritz Mühlenhoff writes:
Moritz> On Thu, Dec 29, 2011 at 01:03:51AM +0100, Moritz Muehlenhoff wrote:
>> Package: barnowl Version: 1.6.2-1.1 Severity: important Tags:
>> patch
>>
>> Please enable hardened build flags for barnowl. dh does inject
>> them a
package: live-build
severity: normal
version: 3.0~a47-1
I'm building an image with --debian-installer=live
If my d-i distribution is daily and my main distribution is wheezy then
it fails to have a package list in
config/package-lists/*.lists{.binary}.
elHere's what seems to happen
lb_binary_pack
package: live-installer
severity: normal
If the live system includes the freeradius package, it fails to start
freeradius because /var/log/freeradius fails to exist. As best I can
tell something in the installer is clobbering /var/log because it's
missing a lot of directories and files present i
OK. This is a bit of a long-shot and I apologize if the descriptino is
insufficient.
There's a package krb5-gss-samples which includes a gss-client and
gss-server program.
you start gss-server like
KRB5_KTNAME=/etc/krb5.keytab gss-server service@hostname
where service is something like host and
package: libgssapi-krb5-2
severity: important
version: 1.8
There's no useful way to package up GSS-API mechanisms. The mechglue
reads a config file /usr/etc/gss/mech. This is bogus on the face because
it's not FHS-compatible. (This is non-RC because the file is not shipped
with the package)
Howev
> "Joao" == Joao Ricardo Sares Teles de Matos
> writes:
Joao> Package: krb5-user Version: 1.8.3+dfsg-4squeeze1 Severity:
Joao> normal Tags: upstream
Joao> kinit seems to completely ignore the appdefaults section in
Joao> krb5.conf None of the following configurations hav
> "Rob" == Rob Naccarato writes:
Rob> This doesn't appear to be fixed to me. I get the same
Rob> problems. I have even installed backported kernel
Rob> (2.6.39-bpo.2-amd64) and nfs-utils (1:1.2.4-1~bpo60+1) and I
Rob> still get these:
This requires fixes in krb5 and nfs-utils
>>>>> "Ian" == Ian Jackson writes:
Ian> j...@joshtriplett.org writes ("Bug#797533: New CTTE members"):
>> On Thu, Sep 10, 2015 at 11:57:59AM -0400, Sam Hartman wrote:
>> > At that point, I'd see it more like overrule maintaine
>>>>> "Ian" == Ian Jackson writes:
Ian> Sam Hartman writes ("Re: Bug#797533: New CTTE members"):
>> For what it's worth I don't support this sort of automated stuff.
Ian> Um, I'm confused. I did not suggest what I
Could not follow your message enough to read. I may get back to it
later when I have more spoons.
> "Didier" == Didier 'OdyX' Raboud writes:
Didier> Hi all, could we re-focus this discussion on what qualities
Didier> the current Technical Committee Members want to find in new
Didier> TC members, please?
My current thinking based on the input we got from TC members is we
might
A kdc = line is not enough for kadmin to find a server.
You need a admin_server (or I think master_kdc) line.
However, AD doesn't support kadmin, so even if you set up krb5.conf
you'll just get an error because it won't even listen on the right port.
--Sam
Hi. I've been debating how to respond to the shall vs must thing. The
short answer is that there are reasons why you might prefer shall, but I
find that I'd rather say "must is good enough," than try and come up
with an articulate presentation of the energy which would conclude by
saying that if
>>>>> "Charles" == Charles Plessy writes:
Charles> Le Mon, Sep 21, 2015 at 11:27:53AM -0400, Sam Hartman a
Charles> écrit :
>> Hi. I've been debating how to respond to the shall vs must
>> thing. The short answer is that there ar
control: tags -1 help
The help I would really need is a copyright audit from a debian
developer.
I don't have time for that myself in the near future.
Yes, to be useful it really does need to be from an uploading debian
developer.:-(
>>>>> "Mathieu" == Mathieu Simon writes:
Mathieu> On Wed, 23 Sep 2015 18:04:42 -0400 Sam Hartman
wrote:
>> control: tags -1 help
>>
>> The help I would really need is a copyright audit from a debian
>> developer.
>
I'm sorry.
I'm still not seeing a harm here.
I absolutely agree that setting a default realm to something unexpected
would be problematic.
However simply having a realm listed in krb5.conf doesn't have any
affect unless you try to use that realm. It's not like settind the
default URI for ldapsearc
> "Don" == Don Armstrong writes:
Don> On Sun, 16 Aug 2015, Didier 'OdyX' Raboud wrote:
>> What about "just" adding Keith's proposal to the ballot, and let
>> the Condorcet magic act?
Don> This has sort of been my plan; I just have not had enough spare
Don> cycles in the p
> "Didier" == Didier 'OdyX' Raboud writes:
Didier> Le lundi, 17 août 2015, 14.57:18 j'ai écrit :
>> Ian wrote a full GR proposal in
>> <20996.60469.968631.307...@chiark.greenend.org.uk> (
>> [636783_supermajority/propose-numberfix] in our git repository
>> and I've attache
> "Don" == Don Armstrong writes:
>> While we're not overturning anything in the sense of an override
>> here, I think we owe an explanation for our actions, and I feel
>> really strongly about that.
Don> Ideally the patch and its rationale should stand alone without
Don>
I think that calling for a vote and knowingly dropping options from a
ballot actually harms the TC process.
It is a strategic technique that I think can change the outcome of the
process.
I think that strategy does more harm than good and I'd like to forbid
it.
However, I think that I trust the mem
>>>>> "Bdale" == Bdale Garbee writes:
Bdale> Sam Hartman writes:
>> I'm just sying having seen it used once I'd rather decide never
>> to go there again.
Bdale> For what it's worth, I agree.
I'll note that for t
efaults
primary / 300- ext4 rw,barrier=0,noatime,errors=remount-ro
tuneopts="-c 0 -i 0"
>From 06a30575b8c473da89a031587debd8f6f350ba6b Mon Sep 17 00:00:00 2001
From: Sam Hartman
Date: Mon, 7 Nov 2016 16:41:12 -0500
Subject: [PATCH] Add support for ESP partitions
UEFI requires
package: fai
version: 5.2
Currently, the sample configuration namespace has a shell script to
restore the common capabilities found in base files; see
scripts/DEBIAN/20-capabilities.
This approach is brittle because as new packages in the base system gain
capabilities, everyone's configuration sp
>>>>> "Thomas" == Thomas Lange writes:
>>>>> On Mon, 07 Nov 2016 17:36:41 -0500, Sam Hartman
>> Currently, the sample configuration namespace has a shell script
>> to restore the common capabilities found in base files; see
&g
> "Thomas" == Thomas Lange writes:
Thomas> Just as a short note. There's the commands fai-deps(8) which
Thomas> can be used to define dependencies inside classes. It's
Thomas> available in FAI but not used (means called) by default.
So does the above mean that in addition to cre
Hi.
Looking at ftar in current fai,
it looks like it already is fairly aggressive about using tar --xattrs
for extraction.
If my reading of the code is correct, this bug should probably be closed
as never having been an issue.
--Sam
4961911fa93da Mon Sep 17 00:00:00 2001
From: Sam Hartman
Date: Tue, 8 Nov 2016 08:42:01 -0500
Subject: [PATCH] Add GRUB_EFI class
Add a class to install an EFI boot loader on a GPT-partitioned system
with an ESP.
Change the class misc logic not to assert GRUB_PC if GRUB_EFI is
defined. For now, t
control: tags -1 patch
control: severity -1 normal
Actually, the problem is somewhat simpler than that.
>From e4511f8ea11c047bf19f13c7b99d9c18f8736d89 Mon Sep 17 00:00:00 2001
From: Sam Hartman
Date: Tue, 8 Nov 2016 18:49:38 -0500
Subject: [PATCH] Fix handling of btrfs single volume devi
> "Thomas" == Thomas Lange writes:
Thomas> I found the thread on the linux-fai mailing list and also
Thomas> the code that added efi support into setup-storage. In the
Thomas> end we remove the code from FAI, since it was not needed any
Thomas> more.
Thomas> It's much eas
Hi.
I've done some more research.
It turns out that being able to create an ESP partition on a bios disk
label is a lot more useful than I thought it is. In the cloud space
(and when I'm creating an image to be burned onto real hardware)
I tend to resize the partition table and filesystems to f
control: -1 severity wishlist
> "Timo" == Timo Aaltonen writes:
Timo> Please add /etc/krb5.conf.d directory to the package and an
Timo> include directive in krb5.conf so that other packages can
Timo> provide snippets under the directory.
my initial reaction is that it seems like freeipa should stick freeipa
sockets in /run/freeipa not /run/krb5kdc.
However, it looks like the OTP plugin in the MIT code looks at this
patch although it doesn't create a socket there.
Note to myself for when I look at this bug after stretch release.
> ===BEGIN
>
> The Technical Committee recommends that David Bremner be
> appointed by the Debian Project Leader to the Technical Committee.
>
> A: Recommend to Appoint David Bremner
> B: Further Discussion
>
> ===END
I vote B > A
My vote is not a comment on any specific candidate.
As I've
So, your experience is that with _kerberos._tcp entries but no
_kerberos._udp entries it works.
However, with _kerberos._udp and _kerberos._tcp entries both, it fails?
If so, that's a bug.
With modern (say post Windows XP), I'd imagine that TCP only will be
fine.
However, if adding the UDP entries
Do you have _kerberos._tcp DNS entries along with the _kerberos._udp
entries?
Does that help if not?
> "Helmut" == Helmut Grohne writes:
Helmut> Package: libgssapi-krb5-2 Version: 1.15-1 Severity: serious
Helmut> libgssapi-krb5-2 is a shared library package and contains
Helmut> /etc/gss/mech.d/README. The latter filename does not depend
Helmut> on the soname of the library an
control: severity -1 normal
Will remove this file early in buster.
Package: aptly
Version: 0.9.6-1
Severity: normal
Hi. I noticed that even though I included --with-sources=true in my
mirror create when I published the snapshot, source indexes were not
being generated, even though .dsc files were being included in the
public pool.
The issue seems to be that I i
Russ, thoughts on what is the right way to manage the dependency between
krb5-kdc-ldap and slapd in systemd?
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
control: clone -1 -2
control: retitle -2 Systemd needs to respect /etc/innserv/overrides
control: reassign -2 systemd
control: severity -2 important
control: found -2 systemd/208-6
justification: Breaks unrelated packages at boot. That should be RC
except that I think innserv overrides are probab
> "Russ" == Russ Allbery writes:
Russ> Failing that, could krb5-kdc-ldap introduce a somewhat
Russ> artificial service that exists solely to be Before krb5-kdc
Russ> and After slapd, thus forcing the ordering constraint? I
Russ> think that would be the native systemd equivale
Well, I'll definitely be fixing the krb5-kdc-ldap issue by including
units.
I had no idea that innserv-overrides were quite that unused.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
> "Michael" == Michael Biebl writes:
Michael> b/ make krb5-kdc-ship a drop-in snippet as
Michael> /lib/systemd/system/krb5-kcd.service.d/foo.conf which
Michael> augments the krb5-kcd.service with the necessary
Michael> dependencies/orderings.
Hmm.
How will this work if an ad
package: wnpp
severity: wishlist
owner: hartm...@debian.org
URL: http://www.shibboleth.org/
Source: svn https://svn.shibboleth.net/extensions/cpp-sp-resolver/trunk
Description: Shibboleth library to access Attribute Resolver
The Shibboleth Service provider consumes information about an
authenti
package: wnpp
severity: wishlist
owner: hartm...@debian.org
URL: git://git.project-moonshot.org/trust_router.git
http://www.project-moonshot.org/
license: bsd-3-clause
Description: The trust router establishes a DH key between two RADIUS
servers to protect a RADIUS over TLS session. GSS-API au
package: wnpp
owner: hartm...@debian.org
severity: wishlist
URL: http://www.project-moonshot.org/
source: git://git.project-moonshot.org/moonshot-ui.git
License: BSD-three-clause
Description: Project Moonshot provides federated access to services
combining the best of EAP, RADIUS (over TLS), SAML
> "Benjamin" == Benjamin Kaduk writes:
Benjamin> We added a debian-local change to never unload GSS
Benjamin> mechanisms back in krb5-1.10.1+dfsg-3; I am curious if
Benjamin> this is issue is worked around by that patch.
I would be surprised because I don't think the issue was gs
> "David" == David Magda writes:
David> Why are all of these domains in the default install of
David> Debian? There are even bugs (621875, 587624) for updating
David> people's domains: why?!
It's generally useful to have the domain-realm entries and if the realm
doesn't have SR
> "David" == David Magda writes:
David> I own the domain "magda.ca": can I get it added so that every
David> Debian (and Ubuntu) install that uses Kerberos will have that
David> domain in its krb5.conf?
David> I have a couple of friends that also have domains, can they
Da
I'd expect this to be fixed with a newer krb5.
It's hard to get to pktinfo6 without defining _GNU_SOURCE.
So, I'd definitely expect this is fixed in experimental and probably
sid.
Unfortunately, there were concerns about turning on _GNU_SOURCE for the
version of krb5 in jessie.
Hi. I took a look at this in preparation for the 1.14.2 update.
Unfortunately, I can't really do what you ask and ship kadm5.acl as a
conffile.
to be a conffile, in the usual case, the file needs to not be modified
from what the package ships.
However, by default we currently ship a version with
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu
nmu krb5-sync_3.1-1 . ALL . -m "Rebuild for new krb5 admin libs"
NMU for krb5 transition.
-- System Information:
Debian Release: jessie/sid
APT prefers stable-updates
APT policy: (500, '
201 - 300 of 1338 matches
Mail list logo
