This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing a security update.
These updated pam-krb5 packages fix a bug which caused user
authentication to fail under certain circumstances. When
authenticating a user, if the user's password was expired, the module
would attempt to obtain password-changing credentials in order to
verify the user's password. When the module was configured to validate
credentials, it would incorrectly attempt to validate the
password-changing credentials, which cannot be validated in the way
that a ticket-granting ticket can. In these updated packages, an
exception is made in this case, thus resolving the issue.
See also :
Update the affected pam_krb5 package.
Risk factor :
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 60460 ()
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.