nss-pam-ldapd 0.8.4 source package in Ubuntu

Changelog

nss-pam-ldapd (0.8.4) unstable; urgency=low

  * Upload to unstable
  * switch to using the member attribute by default instead of
    uniqueMember (backwards incompatible change)
  * only return "x" as a password hash when the object has the shadowAccount
    objectClass and nsswitch.conf is configured to do shadow lookups using
    LDAP (this avoids some problems with pam_unix)
  * fix problem with partial attribute name matches in DN (thanks Timothy
    White)
  * fix a problem with objectSid mappings with recent versions of OpenLDAP
    (patch by Wesley Mason)
  * set the socket timeout in a connection callback to avoid timeout
    issues during the SSL handshake (patch by Stefan Völkel)
  * check for unknown variables in pam_authz_search
  * only check password expiration when authenticating, only check account
    expiration when doing authorisation
  * make buffer sizes consistent and grow all buffers holding string
    representations of numbers to be able to hold 64-bit numbers
  * update AX_PTHREAD from autoconf-archive
  * support querying DNS SRV records from a different domain than the current
    one (based on a patch by James M. Leddy)
  * fix a problem with uninitialised memory while parsing the tls_ciphers
    option (closes: #638872) (but doesn't work yet due to #640384)
  * implement bounds checking of numeric values read from LDAP (patch by
    Jakub Hrozek)
  * correctly support large uid and gid values from LDAP (patch by Jakub
    Hrozek)
  * improvements to the configure script (patch by Jakub Hrozek)
  * switch to dh for debian/rules and bump debhelper compatibility to 8
  * build Debian packages with multiarch support
  * ship shlibs (but still no symbol files) for libnss-ldapd since that was
    the easiest way to support multiarch
  * fix output in init script when restarting nslcd (closes: #637132)
  * correctly handle leading and trailing spaces in preseeded debconf uri
    option (patch by Andreas B. Mundt) (closes: #637863)
  * support spaces around database names in /etc/nsswitch.conf while
    configuring package (closes: #640185)
  * updated Russian debconf translation by Yuri Kozlov (closes: #637751)
  * updated French debconf translation by Christian Perrier (closes: #637756)
  * added Slovak debconf translation by Slavko (closes: #637759)
  * updated Danish debconf translation by Joe Hansen (closes :#637763)
  * updated Brazilian Portuguese debconf translation by Denis Doria
  * updated Portuguese debconf translation by Américo Monteiro
  * updated Japanese debconf translation by Kenshi Muto (closes: #638195)
  * updated Czech debconf translation by Miroslav Kure (closes: #639026)
  * updated German debconf translation by Chris Leick (closes: #639107)
  * updated Spanish debconf translation by Francisco Javier Cuadrado
    (closes: #639236)
  * updated Dutch debconf translation by Arthur de Jong with help from Paul
    Gevers and Jeroen Schot

nss-pam-ldapd (0.8.3) experimental; urgency=low

  * support using the objectSid attribute to provide numeric user and group
    ids, based on a patch by Wesley Mason
  * check shadow account and password expiry properties (similarly to what
    pam_unix does) in the PAM handling code
  * implement attribute mapping functionality in pynslcd
  * relax default for validnames option to allow user names of only two
    characters (closes: #620235)
  * make user and group name validation errors a little more informative
  * small portability improvements
  * general code improvements and refactoring in pynslcd
  * some simplifications in the protocol between the PAM module and nslcd
    (without actual protocol changes so far)
  * fix debconf LDAP search base suggestion when domain has more than two
    parts (patch by Per Carlson) (closes: #626571)
  * search for LDAP server by looking for SRV _ldap._tcp DNS records and
    try to query LDAP server for base DN during package configuration
    (based on work by Petter Reinholdtsen for the sssd package)
  * upgrade to standards-version 3.9.2 (no changes needed)

nss-pam-ldapd (0.8.2) experimental; urgency=low

  * fix problem with endless loop on incorrect password
  * fix definition of HOST_NAME_MAX (closes: #618795) and fall back to
    _POSIX_HOST_NAME_MAX
  * ignore password change requests for users not in LDAP (closes: #617452)
  * many clean-ups to the tests and added some new tests including some
    integration tests for the PAM functionality
  * some smaller code clean-ups and improvements
  * improvements to pynslcd, including implementations for service, protocol
    and rpc lookups
  * implement a validnames option that can be used to filter valid user and
    group names using a regular expression
  * integrate patch by Daniel Dehennin to not loose debconf values of
    previously set options with dpkg-reconfigure (closes: #610117)
  * improvements to the way nslcd shuts down with hanging worker threads

nss-pam-ldapd (0.8.1) experimental; urgency=low

  * SECURITY FIX: the PAM module will allow authentication for users that do
                  not exist in LDAP, this allows login to local users with an
                  incorrect password (CVE-2011-0438)
                  the exploitability of the problem depends on the details of
                  the PAM stack and the use of the minimum_uid PAM option
  * add FreeBSD support, partially imported from the FreeBSD port (thanks to
    Jacques Vidrine, Artem Kazakov and Alexander V. Chernikov)
  * document how to replace name pam_check_service_attr and
    pam_check_host_attr options in PADL's pam_ldap with with pam_authz_search
    in nss-pam-ldapd (closes: #610925)
  * implement a fqdn variable that can be used in pam_authz_search filters
  * create the directory to hold the socket and pidfile on startup
  * implement host, network and netgroup support in pynslcd

nss-pam-ldapd (0.8.0) experimental; urgency=low

  * include Solaris support developed by Ted C. Cheng of Symas Corporation
  * include an experimental partial implementation of nslcd in Python
    (disabled by default, see --enable-pynslcd configure option)
  * implement a nss_min_uid option to filter user entries returned by LDAP
  * implement a rootpwmodpw option that allows the root user to change a
    user's password without a password prompt
  * try to update the shadowLastChange attribute on password change
  * all log messages now include a description of the request to more easily
    track problems when not running in debug mode
  * allow attribute mapping expressions for the userPassword attribute for
    passwd, group and shadow entries and by default map it to the unmatchable
    password ("*") to avoid accidentally leaking password information
  * numerous compatibility improvements
  * add --with-pam-seclib-dir and --with-pam-ldap-soname configure options to
    allow more control of hot to install the PAM module
  * add --with-nss-flavour and --with-nss-maps configure options to support
    other C libraries and limit which NSS modules to install
  * allow tilde (~) in user and group names (closes: #607640)
  * improvements to the timeout mechanism (connections are now actively timed
    out using the idle_timelimit option)
  * set socket timeouts on the LDAP connection to disconnect regardless of
    LDAP and possibly TLS handling of connection
  * better disconnect/reconnect handling of error conditions
  * some code improvements and cleanups and several smaller bug fixes
  * all internal string comparisons are now also case sensitive (e.g. for
    providing DN to username lookups, etc)
  * signal handling in the daemon was changed to behave more reliable across
    different threading implementations
  * nslcd will now always return a positive authorisation result during
    authentication to avoid confusing the PAM module when it is only used for
    authorisation (closes: #604147)
  * implement configuring SASL authentication using Debconf, based on a patch
    by Daniel Dehennin (closes: #586532) (not called for translations yet
    because the English text is likely to change)
 -- Ubuntu Archive Auto-Sync <email address hidden>   Mon,  17 Oct 2011 13:42:31 +0000