From 031ca7a89d56f87297feeff68eb71d61b2c63966 Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@redhat.com>
Date: Aug 30 2012 22:57:15 +0000
Subject: tag 2.3.92


---

diff --git a/NEWS b/NEWS
index d5532f5..3a0b4ac 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,7 @@
 	 * add support for preserving configuration information in ccaches
 	 * add support for creating and cleaning up DIR: ccaches
 	 * finish cleaning up KEYRING: ccaches
+	 * add "armor" and "armor_strategy" options
 - 2.3.14:* also drop privileges when reinitializing or refreshing credentials,
            for the sake of login (#822493)
 - 2.3.13:* don't bother creating a v5 ccache in "external" mode
diff --git a/README b/README
index 193adb2..77ef68a 100644
--- a/README
+++ b/README
@@ -28,6 +28,15 @@ o always_allow_localname
   Always allow the local user, as derived from the principal name being
   authenticated, to access the account, even when not explicitly listed in
   the .k5login file or its equivalent(s).
+o armor
+  Attempt to use a secondary credential cache for armoring exchanges with
+  the KDC.
+o armor_strategy
+  Override how the module attempts to obtain credentials for use as armor.
+  By default, the module supports these methods:
+    keytab    Use the default or configured keytab to get a service's TGT.
+    pkinit    Use anonymous PKINIT.
+  The default list of methods, and their order, is noted in the manual pages.
 o banner=Kerberos
   When changing passwords, tell users that they are changing their Kerberos
   passwords (unset to avoid using any term other than "password").
@@ -133,9 +142,6 @@ o tokens
 o token_strategy
   Override how the module attempts to get credentials and set AFS tokens.
   By default, the module supports these methods:
-    v4    Get krb4 credentials and use the traditional rxkad token format.
-    524   Convert krb5 credentials to krb4 credentials with the help of a
-          running 524 service, and use the traditional rxkad token format.
     2b    Get krb5 credentials, and use the "2b" rxkad token format, which
           is only supported in OpenAFS 1.2.8 and later.
     rxk5  Get krb5 credentials, and use the rxk5 token format, which may be
diff --git a/configure.ac b/configure.ac
index b702e89..0108b9c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,6 +1,6 @@
 AC_INIT(configure.ac)
 AC_PREREQ(2.59)
-AM_INIT_AUTOMAKE(pam_krb5,2.3.91)
+AM_INIT_AUTOMAKE(pam_krb5,2.3.92)
 AC_PROG_CC
 AC_LANG([C])
 AC_DISABLE_STATIC
diff --git a/pam_krb5.spec b/pam_krb5.spec
index 1ec6527..29a2d0a 100644
--- a/pam_krb5.spec
+++ b/pam_krb5.spec
@@ -1,6 +1,6 @@
 Summary: A Pluggable Authentication Module for Kerberos 5
 Name: pam_krb5
-Version: 2.3.91
+Version: 2.3.92
 Release: 1%{?dist}
 Source0: https://fedorahosted.org/released/pam_krb5/pam_krb5-%{version}.tar.gz
 Source1: https://fedorahosted.org/released/pam_krb5/pam_krb5-%{version}.tar.gz.sig
@@ -60,6 +60,9 @@ sed -ri -e 's|/lib(64)?/|/\$LIB/|g' $RPM_BUILD_ROOT/%{_mandir}/man*/pam_krb5*.8*
 %{_mandir}/man8/*
 
 %changelog
+* Thu Aug 30 2012 Nalin Dahyabhai <nalin@redhat.com> - 2.3.92-1
+  - armoring options
+
 * Wed Aug 29 2012 Nalin Dahyabhai <nalin@redhat.com> - 2.3.91-1
 - update to 2.3.91
   - support for DIR: ccaches