« back to all changes in this revision
Viewing changes to man/pam_ldap.8
- Committer: Bazaar Package Importer
- Date: 2011-03-10 22:00:00 UTC
- mto: (14.1.5 experimental) (16.1.6)
- mto: This revision was merged to the branch mainline in revision 15.
- Revision ID: james.westby@ubuntu.com-20110310220000-tyhxifj2ovpxnqqm
* SECURITY FIX: the PAM module will allow authentication for users that do
not exist in LDAP, this allows login to local users with an
incorrect password (CVE-2011-0438)
the explotability of the problem depends on the details of
the PAM stack and the use of the minimum_uid PAM option
* add FreeBSD support, partially imported from the FreeBSD port (thanks to
Jacques Vidrine, Artem Kazakov and Alexander V. Chernikov)
* document how to replace name pam_check_service_attr and
pam_check_host_attr options in PADL's pam_ldap with with pam_authz_search
in nss-pam-ldapd (closes: #610925)
* implement a fqdn variable that can be used in pam_authz_search filters
* create the directory to hold the socket and pidfile on startup
* implement host, network and netgroup support in pynslcd
not exist in LDAP, this allows login to local users with an
incorrect password (CVE-2011-0438)
the explotability of the problem depends on the details of
the PAM stack and the use of the minimum_uid PAM option
* add FreeBSD support, partially imported from the FreeBSD port (thanks to
Jacques Vidrine, Artem Kazakov and Alexander V. Chernikov)
* document how to replace name pam_check_service_attr and
pam_check_host_attr options in PADL's pam_ldap with with pam_authz_search
in nss-pam-ldapd (closes: #610925)
* implement a fqdn variable that can be used in pam_authz_search filters
* create the directory to hold the socket and pidfile on startup
* implement host, network and netgroup support in pynslcd
- files added:
- nss/bsdnss.c
- files modified:
- AUTHORS
added
removed
man/pam_ldap.8
