authconfig 보안 업데이트
업데이트 : 2017.08.20
이름 : authconfig-1:6.2.8-30.an3
벤더 : AnNyung Packaging Team
설명 :
Authconfig is a command line utility which can configure a workstation
to use shadow (more secure) passwords. Authconfig can also configure a
system to be a client for certain networked user information and
authentication schemes.
변경사항
- change minclass to 2 from 3 on Password complexity
- applied 7.4 update
. do not use /usr and LIBDIR together (#1455233)
. update translations (#1449625)
. ignore PAM_IGNORE for pam_succeed_if so application do not fail in pam_setcred() (#1450425)
. faillock: change preauth phase to required and fix arguments handling (#1334449)
. faillock: add preauth phase so the account is actually blocked (#1334449)
. sssd: do not write SSSD PAM if there is no sssd.conf present (#1443949)
. sssd: do not ask for password with smartcards (#1441374)
. sssd: catch NoServiceError exception (#1441549)
. Add pam_faillock support (#1334449)
. Add SSSD Smartcard support (#1378943)
. Enable SSSD authentication also for local users (#1329598)
. Note that SSSD configuration may change with --updateall (#1339434)
. change pam module location from /lib[64] to /usr/lib[64] (#1414494)
. overwrite nsswitch.conf if inconsistent configuration of initgroups
is present in it
. do not overwrite kerberos settings from sssd.conf with empty data
from krb5.conf
. updated translations from Zanata
. add trigger to change pam configuration to use pam_oddjob_mkhomedir
instead of pam_mkhomedir if oddjob-mkhomedir is installed
. remove unusable --winbindtemplateprimarygroup option (#1242878)
. handle inconsistency when missing realm in krb5.conf
. sort the /etc/sysconfig/authconfig on write (#1320943)
. avoid unnecessary update of nsswitch.conf
. add support for myhostname nsswitch module (#1329943)
- security issues
. fix typo in the patch for CVE-2017-7488 (#1441604)
. CVE-2017-7488 authconfig: Information leak when SSSD is used for authentication against remote server (#1441604)
업데이트 패키지
SRPMS:
. authconfig-6.2.8-30.an3.src.rpm
x86_64:
. authconfig-6.2.8-30.an3.x86_64.rpm
. authconfig-gtk-6.2.8-30.an3.x86_64.rpm
|