1
nss-pam-ldapd (0.8.4) unstable; urgency=low
4
* switch to using the member attribute by default instead of
5
uniqueMember (backwards incompatible change)
6
* only return "x" as a password hash when the object has the shadowAccount
7
objectClass and nsswitch.conf is configured to do shadow lookups using
8
LDAP (this avoids some problems with pam_unix)
9
* fix problem with partial attribute name matches in DN (thanks Timothy
11
* fix a problem with objectSid mappings with recent versions of OpenLDAP
12
(patch by Wesley Mason)
13
* set the socket timeout in a connection callback to avoid timeout
14
issues during the SSL handshake (patch by Stefan Völkel)
15
* check for unknown variables in pam_authz_search
16
* only check password expiration when authenticating, only check account
17
expiration when doing authorisation
18
* make buffer sizes consistent and grow all buffers holding string
19
representations of numbers to be able to hold 64-bit numbers
20
* update AX_PTHREAD from autoconf-archive
21
* support querying DNS SRV records from a different domain than the current
22
one (based on a patch by James M. Leddy)
23
* fix a problem with uninitialised memory while parsing the tls_ciphers
24
option (closes: #638872) (but doesn't work yet due to #640384)
25
* implement bounds checking of numeric values read from LDAP (patch by
27
* correctly support large uid and gid values from LDAP (patch by Jakub
29
* improvements to the configure script (patch by Jakub Hrozek)
30
* switch to dh for debian/rules and bump debhelper compatibility to 8
31
* build Debian packages with multiarch support
32
* ship shlibs (but still no symbol files) for libnss-ldapd since that was
33
the easiest way to support multiarch
34
* fix output in init script when restarting nslcd (closes: #637132)
35
* correctly handle leading and trailing spaces in preseeded debconf uri
36
option (patch by Andreas B. Mundt) (closes: #637863)
37
* support spaces around database names in /etc/nsswitch.conf while
38
configuring package (closes: #640185)
39
* updated Russian debconf translation by Yuri Kozlov (closes: #637751)
40
* updated French debconf translation by Christian Perrier (closes: #637756)
41
* added Slovak debconf translation by Slavko (closes: #637759)
42
* updated Danish debconf translation by Joe Hansen (closes :#637763)
43
* updated Brazilian Portuguese debconf translation by Denis Doria
44
* updated Portuguese debconf translation by Américo Monteiro
45
* updated Japanese debconf translation by Kenshi Muto (closes: #638195)
46
* updated Czech debconf translation by Miroslav Kure (closes: #639026)
47
* updated German debconf translation by Chris Leick (closes: #639107)
48
* updated Spanish debconf translation by Francisco Javier Cuadrado
50
* updated Dutch debconf translation by Arthur de Jong with help from Paul
51
Gevers and Jeroen Schot
53
-- Arthur de Jong <adejong@debian.org> Sun, 04 Sep 2011 21:00:00 +0200
55
nss-pam-ldapd (0.8.3) experimental; urgency=low
57
* support using the objectSid attribute to provide numeric user and group
58
ids, based on a patch by Wesley Mason
59
* check shadow account and password expiry properties (similarly to what
60
pam_unix does) in the PAM handling code
61
* implement attribute mapping functionality in pynslcd
62
* relax default for validnames option to allow user names of only two
63
characters (closes: #620235)
64
* make user and group name validation errors a little more informative
65
* small portability improvements
66
* general code improvements and refactoring in pynslcd
67
* some simplifications in the protocol between the PAM module and nslcd
68
(without actual protocol changes so far)
69
* fix debconf LDAP search base suggestion when domain has more than two
70
parts (patch by Per Carlson) (closes: #626571)
71
* search for LDAP server by looking for SRV _ldap._tcp DNS records and
72
try to query LDAP server for base DN during package configuration
73
(based on work by Petter Reinholdtsen for the sssd package)
74
* upgrade to standards-version 3.9.2 (no changes needed)
76
-- Arthur de Jong <adejong@debian.org> Fri, 13 May 2011 15:00:00 +0200
78
nss-pam-ldapd (0.8.2) experimental; urgency=low
80
* fix problem with endless loop on incorrect password
81
* fix definition of HOST_NAME_MAX (closes: #618795) and fall back to
83
* ignore password change requests for users not in LDAP (closes: #617452)
84
* many clean-ups to the tests and added some new tests including some
85
integration tests for the PAM functionality
86
* some smaller code clean-ups and improvements
87
* improvements to pynslcd, including implementations for service, protocol
89
* implement a validnames option that can be used to filter valid user and
90
group names using a regular expression
91
* integrate patch by Daniel Dehennin to not loose debconf values of
92
previously set options with dpkg-reconfigure (closes: #610117)
93
* improvements to the way nslcd shuts down with hanging worker threads
95
-- Arthur de Jong <adejong@debian.org> Sat, 26 Mar 2011 19:00:00 +0100
97
nss-pam-ldapd (0.8.1) experimental; urgency=low
99
* SECURITY FIX: the PAM module will allow authentication for users that do
100
not exist in LDAP, this allows login to local users with an
101
incorrect password (CVE-2011-0438)
102
the exploitability of the problem depends on the details of
103
the PAM stack and the use of the minimum_uid PAM option
104
* add FreeBSD support, partially imported from the FreeBSD port (thanks to
105
Jacques Vidrine, Artem Kazakov and Alexander V. Chernikov)
106
* document how to replace name pam_check_service_attr and
107
pam_check_host_attr options in PADL's pam_ldap with with pam_authz_search
108
in nss-pam-ldapd (closes: #610925)
109
* implement a fqdn variable that can be used in pam_authz_search filters
110
* create the directory to hold the socket and pidfile on startup
111
* implement host, network and netgroup support in pynslcd
113
-- Arthur de Jong <adejong@debian.org> Thu, 10 Mar 2011 22:00:00 +0100
115
nss-pam-ldapd (0.8.0) experimental; urgency=low
117
* include Solaris support developed by Ted C. Cheng of Symas Corporation
118
* include an experimental partial implementation of nslcd in Python
119
(disabled by default, see --enable-pynslcd configure option)
120
* implement a nss_min_uid option to filter user entries returned by LDAP
121
* implement a rootpwmodpw option that allows the root user to change a
122
user's password without a password prompt
123
* try to update the shadowLastChange attribute on password change
124
* all log messages now include a description of the request to more easily
125
track problems when not running in debug mode
126
* allow attribute mapping expressions for the userPassword attribute for
127
passwd, group and shadow entries and by default map it to the unmatchable
128
password ("*") to avoid accidentally leaking password information
129
* numerous compatibility improvements
130
* add --with-pam-seclib-dir and --with-pam-ldap-soname configure options to
131
allow more control of hot to install the PAM module
132
* add --with-nss-flavour and --with-nss-maps configure options to support
133
other C libraries and limit which NSS modules to install
134
* allow tilde (~) in user and group names (closes: #607640)
135
* improvements to the timeout mechanism (connections are now actively timed
136
out using the idle_timelimit option)
137
* set socket timeouts on the LDAP connection to disconnect regardless of
138
LDAP and possibly TLS handling of connection
139
* better disconnect/reconnect handling of error conditions
140
* some code improvements and cleanups and several smaller bug fixes
141
* all internal string comparisons are now also case sensitive (e.g. for
142
providing DN to username lookups, etc)
143
* signal handling in the daemon was changed to behave more reliable across
144
different threading implementations
145
* nslcd will now always return a positive authorisation result during
146
authentication to avoid confusing the PAM module when it is only used for
147
authorisation (closes: #604147)
148
* implement configuring SASL authentication using Debconf, based on a patch
149
by Daniel Dehennin (closes: #586532) (not called for translations yet
150
because the English text is likely to change)
152
-- Arthur de Jong <adejong@debian.org> Thu, 30 Dec 2010 20:00:00 +0100
1
154
nss-pam-ldapd (0.7.13) unstable; urgency=low
3
156
* fix handling of idle_timelimit option