nss-pam-ldapd 0.8.4 source package in Ubuntu
Changelog
nss-pam-ldapd (0.8.4) unstable; urgency=low * Upload to unstable * switch to using the member attribute by default instead of uniqueMember (backwards incompatible change) * only return "x" as a password hash when the object has the shadowAccount objectClass and nsswitch.conf is configured to do shadow lookups using LDAP (this avoids some problems with pam_unix) * fix problem with partial attribute name matches in DN (thanks Timothy White) * fix a problem with objectSid mappings with recent versions of OpenLDAP (patch by Wesley Mason) * set the socket timeout in a connection callback to avoid timeout issues during the SSL handshake (patch by Stefan Völkel) * check for unknown variables in pam_authz_search * only check password expiration when authenticating, only check account expiration when doing authorisation * make buffer sizes consistent and grow all buffers holding string representations of numbers to be able to hold 64-bit numbers * update AX_PTHREAD from autoconf-archive * support querying DNS SRV records from a different domain than the current one (based on a patch by James M. Leddy) * fix a problem with uninitialised memory while parsing the tls_ciphers option (closes: #638872) (but doesn't work yet due to #640384) * implement bounds checking of numeric values read from LDAP (patch by Jakub Hrozek) * correctly support large uid and gid values from LDAP (patch by Jakub Hrozek) * improvements to the configure script (patch by Jakub Hrozek) * switch to dh for debian/rules and bump debhelper compatibility to 8 * build Debian packages with multiarch support * ship shlibs (but still no symbol files) for libnss-ldapd since that was the easiest way to support multiarch * fix output in init script when restarting nslcd (closes: #637132) * correctly handle leading and trailing spaces in preseeded debconf uri option (patch by Andreas B. Mundt) (closes: #637863) * support spaces around database names in /etc/nsswitch.conf while configuring package (closes: #640185) * updated Russian debconf translation by Yuri Kozlov (closes: #637751) * updated French debconf translation by Christian Perrier (closes: #637756) * added Slovak debconf translation by Slavko (closes: #637759) * updated Danish debconf translation by Joe Hansen (closes :#637763) * updated Brazilian Portuguese debconf translation by Denis Doria * updated Portuguese debconf translation by Américo Monteiro * updated Japanese debconf translation by Kenshi Muto (closes: #638195) * updated Czech debconf translation by Miroslav Kure (closes: #639026) * updated German debconf translation by Chris Leick (closes: #639107) * updated Spanish debconf translation by Francisco Javier Cuadrado (closes: #639236) * updated Dutch debconf translation by Arthur de Jong with help from Paul Gevers and Jeroen Schot nss-pam-ldapd (0.8.3) experimental; urgency=low * support using the objectSid attribute to provide numeric user and group ids, based on a patch by Wesley Mason * check shadow account and password expiry properties (similarly to what pam_unix does) in the PAM handling code * implement attribute mapping functionality in pynslcd * relax default for validnames option to allow user names of only two characters (closes: #620235) * make user and group name validation errors a little more informative * small portability improvements * general code improvements and refactoring in pynslcd * some simplifications in the protocol between the PAM module and nslcd (without actual protocol changes so far) * fix debconf LDAP search base suggestion when domain has more than two parts (patch by Per Carlson) (closes: #626571) * search for LDAP server by looking for SRV _ldap._tcp DNS records and try to query LDAP server for base DN during package configuration (based on work by Petter Reinholdtsen for the sssd package) * upgrade to standards-version 3.9.2 (no changes needed) nss-pam-ldapd (0.8.2) experimental; urgency=low * fix problem with endless loop on incorrect password * fix definition of HOST_NAME_MAX (closes: #618795) and fall back to _POSIX_HOST_NAME_MAX * ignore password change requests for users not in LDAP (closes: #617452) * many clean-ups to the tests and added some new tests including some integration tests for the PAM functionality * some smaller code clean-ups and improvements * improvements to pynslcd, including implementations for service, protocol and rpc lookups * implement a validnames option that can be used to filter valid user and group names using a regular expression * integrate patch by Daniel Dehennin to not loose debconf values of previously set options with dpkg-reconfigure (closes: #610117) * improvements to the way nslcd shuts down with hanging worker threads nss-pam-ldapd (0.8.1) experimental; urgency=low * SECURITY FIX: the PAM module will allow authentication for users that do not exist in LDAP, this allows login to local users with an incorrect password (CVE-2011-0438) the exploitability of the problem depends on the details of the PAM stack and the use of the minimum_uid PAM option * add FreeBSD support, partially imported from the FreeBSD port (thanks to Jacques Vidrine, Artem Kazakov and Alexander V. Chernikov) * document how to replace name pam_check_service_attr and pam_check_host_attr options in PADL's pam_ldap with with pam_authz_search in nss-pam-ldapd (closes: #610925) * implement a fqdn variable that can be used in pam_authz_search filters * create the directory to hold the socket and pidfile on startup * implement host, network and netgroup support in pynslcd nss-pam-ldapd (0.8.0) experimental; urgency=low * include Solaris support developed by Ted C. Cheng of Symas Corporation * include an experimental partial implementation of nslcd in Python (disabled by default, see --enable-pynslcd configure option) * implement a nss_min_uid option to filter user entries returned by LDAP * implement a rootpwmodpw option that allows the root user to change a user's password without a password prompt * try to update the shadowLastChange attribute on password change * all log messages now include a description of the request to more easily track problems when not running in debug mode * allow attribute mapping expressions for the userPassword attribute for passwd, group and shadow entries and by default map it to the unmatchable password ("*") to avoid accidentally leaking password information * numerous compatibility improvements * add --with-pam-seclib-dir and --with-pam-ldap-soname configure options to allow more control of hot to install the PAM module * add --with-nss-flavour and --with-nss-maps configure options to support other C libraries and limit which NSS modules to install * allow tilde (~) in user and group names (closes: #607640) * improvements to the timeout mechanism (connections are now actively timed out using the idle_timelimit option) * set socket timeouts on the LDAP connection to disconnect regardless of LDAP and possibly TLS handling of connection * better disconnect/reconnect handling of error conditions * some code improvements and cleanups and several smaller bug fixes * all internal string comparisons are now also case sensitive (e.g. for providing DN to username lookups, etc) * signal handling in the daemon was changed to behave more reliable across different threading implementations * nslcd will now always return a positive authorisation result during authentication to avoid confusing the PAM module when it is only used for authorisation (closes: #604147) * implement configuring SASL authentication using Debconf, based on a patch by Daniel Dehennin (closes: #586532) (not called for translations yet because the English text is likely to change) -- Ubuntu Archive Auto-Sync <email address hidden> Mon, 17 Oct 2011 13:42:31 +0000
Upload details
- Uploaded by:
- Ubuntu Archive Auto-Sync
- Uploaded to:
- Precise
- Original maintainer:
- Arthur de Jong
- Architectures:
- any
- Section:
- admin
- Urgency:
- Low Urgency
See full publishing history Publishing
Series | Published | Component | Section | |
---|---|---|---|---|
Precise | release | universe | admin |
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
nss-pam-ldapd_0.8.4.tar.gz | 531.8 KiB | 294815467b730ee0238a2014221e7b9e862b1f98d83c86f775f33527ab179b46 |
nss-pam-ldapd_0.8.4.dsc | 1.1 KiB | edcae8bd4c5e8fa1ae9891b68d9f390321528903ab646a3602e6c381adb76b72 |
Available diffs
- diff from 0.7.13 to 0.8.4 (254.5 KiB)
Binary packages built by this source
- libnss-ldapd: No summary available for libnss-ldapd in ubuntu quantal.
No description available for libnss-ldapd in ubuntu quantal.
- libpam-ldapd: PAM module for using LDAP as an authentication service
This package provides a Pluggable Authentication Module that allows
user authentication, authorisation and password management based on
credentials stored in an LDAP server.
- nslcd: No summary available for nslcd in ubuntu quantal.
No description available for nslcd in ubuntu quantal.