-
Committer:
Bazaar Package Importer
-
Author(s):
Arthur de Jong
-
Date:
2011-03-10 22:00:00 UTC
-
mto:
(14.1.5 experimental)
(16.1.6)
-
mto:
This revision was merged to the branch mainline in
revision
15.
-
Revision ID:
james.westby@ubuntu.com-20110310220000-tyhxifj2ovpxnqqm
Tags: 0.8.1
* SECURITY FIX: the PAM module will allow authentication for users that do
not exist in LDAP, this allows login to local users with an
incorrect password (CVE-2011-0438)
the explotability of the problem depends on the details of
the PAM stack and the use of the minimum_uid PAM option
* add FreeBSD support, partially imported from the FreeBSD port (thanks to
Jacques Vidrine, Artem Kazakov and Alexander V. Chernikov)
* document how to replace name pam_check_service_attr and
pam_check_host_attr options in PADL's pam_ldap with with pam_authz_search
in nss-pam-ldapd (closes: #610925)
* implement a fqdn variable that can be used in pam_authz_search filters
* create the directory to hold the socket and pidfile on startup
* implement host, network and netgroup support in pynslcd