%package pam_krb5
Update: Mon Oct 06 10:55:22 2008
Importance: security
ID: MDVSA-2008:209-1
URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:209-1

%pre
Stéphane Bertin discovered a flaw in the pam_krb5 existing_ticket
configuration option where, if enabled and using an existing credential
cache, it was possible for a local user to gain elevated privileges
by using a different, local user's credential cache (CVE-2008-3825).

The updated packages have been patched to prevent this issue.

Update:

An updated package for Mandriva Linux 2009.0 is now available.

%description
This is pam_krb5, a pluggable authentication module that can be used with
Linux-PAM and Kerberos 5. This module supports password checking, ticket
creation, and optional TGT verification and conversion to Kerberos IV tickets.
The included pam_krb5afs module also gets AFS tokens if so configured.