← Back to branch summary

~ubuntu-branches/ubuntu/natty/nss-pam-ldapd/natty

~ubuntu-branches/ubuntu/natty/nss-pam-ldapd/natty

« back to all changes in this revision

Viewing changes to man/pam_ldap.8.xml

Committer: Bazaar Package Importer
Author(s): Arthur de Jong
Date: 2010-05-08 12:00:00 UTC
Revision ID: james.westby@ubuntu.com-20100508120000-7hue9o7rqox4ih4q

Tags: 0.7.4

http://bugs.debian.org/577593

http://bugs.debian.org/579574

http://bugs.debian.org/483795

* fix a buffer overflow that should have no security consequences
* perform proper fail-over when authenticating in the PAM module
  (closes: #577593)
* add an nss_initgroups_ignoreusers option to ignore user name to group
  lookups for the specified users
* add an pam_authz_search option to perform a flexible authorisation check
  on login (e.g. to restrict which users can login to which hosts, etc)
* implement a minimum_uid option for the PAM module to ignore users that
  have a lower numeric user id and make 1000 the default value for Debian
  (closes: #579574)
* change the way retries are done to error out quicker if the LDAP server
  is down for some time (this should make the system more responsive when
  the LDAP server is unavailable) and rename the reconnect_maxsleeptime
  option to reconnect_retrytime to better describe the behaviour
* only log "connected to LDAP server" if the previous connection failed
  (closes: #483795)
* documentation improvements
* debian/nslcd.config: also parse /etc/ldap.conf for systems that put NSS
  and PAM configuration there

files modified:
ChangeLog

NEWS

TODO

compat/pam_compat.h

config.guess

config.h.in

config.sub

configure

configure.ac

debian/changelog

debian/libpam-ldapd.pam-auth-update

debian/nslcd.config

debian/nslcd.postinst

man/Makefile.am

man/Makefile.in

man/nslcd.8

man/nslcd.8.xml

man/nslcd.conf.5

man/nslcd.conf.5.xml

man/pam_ldap.8

man/pam_ldap.8.xml

nslcd/alias.c

nslcd/cfg.c

nslcd/cfg.h

nslcd/common.h

nslcd/ether.c

nslcd/group.c

nslcd/host.c

nslcd/myldap.c

nslcd/myldap.h

nslcd/netgroup.c

nslcd/network.c

nslcd/pam.c

nslcd/passwd.c

nslcd/protocol.c

nslcd/rpc.c

nslcd/service.c

nslcd/shadow.c

pam/pam.c

tests/README

tests/nslcd-test.conf

tests/test_myldap.c

tests/test_nsscmds.sh

Show diffs side-by-side

added added

removed removed

man/pam_ldap.8.xml

35

35

<refmeta>

36

36

<refentrytitle>pam_ldap</refentrytitle>

37

37

<manvolnum>8</manvolnum>

38

<refmiscinfo class="version">Version 0.7.3</refmiscinfo>

38

<refmiscinfo class="version">Version 0.7.4</refmiscinfo>

39

39

<refmiscinfo class="manual">System Manager's Manual</refmiscinfo>

40

<refmiscinfo class="date">Dec 2009</refmiscinfo>

40

<refmiscinfo class="date">May 2010</refmiscinfo>

41

41

</refmeta>

42

42

43

43

<refnamediv id="name">

147

147

</para>

148

148

</listitem>

149

149

</varlistentry>

150

<varlistentry>

151

<term>

152

<option>minimum_uid=<replaceable>UID</replaceable></option>

153

</term>

154

<listitem>

155

<para>

156

This option causes the <acronym>PAM</acronym> module to ignore the user

157

if the user id is lower than the specified value. This can be used to

158

only authenticate normal users (non-system users) using

159

<acronym>LDAP</acronym> (e.g. by setting it to <literal>1000</literal>).

160

</para>

161

</listitem>

162

</varlistentry>

150

163

</variablelist>

151

164

</refsect1>

152

165

153

166

<refsect1 id="moduleservices">

154

167

<title>Module Services Provided</title>

155

168

<para>

156

All services are provided by this module but currently only authentication

157

(auth) and password change (password) are implemented in the nslcd daemon.

169

All services are provided by this module but currently sessions changes

170

are not implemented in the nslcd daemon.

158

171

</para>

159

172

</refsect1>

160

173

Older »