-
nss-pam-ldapd (0.8.10-2) unstable; urgency=low
* fix typo in comment (thanks Caleb Callaway)
* install a ldapns.ldif in nslcd doc directory (closes: #674591)
* ensure that time is set before starting k5start to ensure that Kerberos
ticket is granted (closes: #659227)
* properly parse and write configuration options with an optional map
parameter during debconf configuration (LP: #1029062)
-- Arthur de Jong <email address hidden> Fri, 31 Aug 2012 23:30:00 +0200
-
nss-pam-ldapd (0.8.10-1) unstable; urgency=low
* New upstream release:
- documentation improvements
- fix a problem that causes the PAM module to prompt for a new password
even though the old one was wrong
- log successful password change in nslcd
-- Arthur de Jong <email address hidden> Fri, 29 Jun 2012 12:30:00 +0200
-
nss-pam-ldapd (0.8.9-1) unstable; urgency=low
* new upstream release:
- allow the pam_authz_search option to be specified multiple times
- implement extra range checking of all numeric values
- make documentation up-to-date
- compatibility improvements
-- Arthur de Jong <email address hidden> Sun, 20 May 2012 23:00:00 +0200
-
nss-pam-ldapd (0.8.8-2) unstable; urgency=low
* switch PAM config back to additional because if shadow information is
provided pam_unix accepts the user and causes pam_ldap to be skipped
-- Arthur de Jong <email address hidden> Wed, 02 May 2012 22:48:23 +0200
-
nss-pam-ldapd (0.8.6-1) unstable; urgency=low
* new upstream release:
- a number of code improvements by Jakub Hrozek
* switch to non-native packaging
- add debian/watch file
- update Vcs-Svn and Vcs-Browser control fields
* updated Norwegian Bokmål debconf translation by Bjørn Steensrud
(closes: #654273)
* updated Simplified Chinese debconf translation by zym (closes: #654679)
* automatically comment out mapping of uniqueMember to member on upgrades
because member is default now
* debian/copyright: copyright year updates
-- Arthur de Jong <email address hidden> Sun, 29 Jan 2012 17:35:00 +0100
-
nss-pam-ldapd (0.8.4) unstable; urgency=low
* Upload to unstable
* switch to using the member attribute by default instead of
uniqueMember (backwards incompatible change)
* only return "x" as a password hash when the object has the shadowAccount
objectClass and nsswitch.conf is configured to do shadow lookups using
LDAP (this avoids some problems with pam_unix)
* fix problem with partial attribute name matches in DN (thanks Timothy
White)
* fix a problem with objectSid mappings with recent versions of OpenLDAP
(patch by Wesley Mason)
* set the socket timeout in a connection callback to avoid timeout
issues during the SSL handshake (patch by Stefan Völkel)
* check for unknown variables in pam_authz_search
* only check password expiration when authenticating, only check account
expiration when doing authorisation
* make buffer sizes consistent and grow all buffers holding string
representations of numbers to be able to hold 64-bit numbers
* update AX_PTHREAD from autoconf-archive
* support querying DNS SRV records from a different domain than the current
one (based on a patch by James M. Leddy)
* fix a problem with uninitialised memory while parsing the tls_ciphers
option (closes: #638872) (but doesn't work yet due to #640384)
* implement bounds checking of numeric values read from LDAP (patch by
Jakub Hrozek)
* correctly support large uid and gid values from LDAP (patch by Jakub
Hrozek)
* improvements to the configure script (patch by Jakub Hrozek)
* switch to dh for debian/rules and bump debhelper compatibility to 8
* build Debian packages with multiarch support
* ship shlibs (but still no symbol files) for libnss-ldapd since that was
the easiest way to support multiarch
* fix output in init script when restarting nslcd (closes: #637132)
* correctly handle leading and trailing spaces in preseeded debconf uri
option (patch by Andreas B. Mundt) (closes: #637863)
* support spaces around database names in /etc/nsswitch.conf while
configuring package (closes: #640185)
* updated Russian debconf translation by Yuri Kozlov (closes: #637751)
* updated French debconf translation by Christian Perrier (closes: #637756)
* added Slovak debconf translation by Slavko (closes: #637759)
* updated Danish debconf translation by Joe Hansen (closes :#637763)
* updated Brazilian Portuguese debconf translation by Denis Doria
* updated Portuguese debconf translation by Américo Monteiro
* updated Japanese debconf translation by Kenshi Muto (closes: #638195)
* updated Czech debconf translation by Miroslav Kure (closes: #639026)
* updated German debconf translation by Chris Leick (closes: #639107)
* updated Spanish debconf translation by Francisco Javier Cuadrado
(closes: #639236)
* updated Dutch debconf translation by Arthur de Jong with help from Paul
Gevers and Jeroen Schot
nss-pam-ldapd (0.8.3) experimental; urgency=low
* support using the objectSid attribute to provide numeric user and group
ids, based on a patch by Wesley Mason
* check shadow account and password expiry properties (similarly to what
pam_unix does) in the PAM handling code
* implement attribute mapping functionality in pynslcd
* relax default for validnames option to allow user names of only two
characters (closes: #620235)
* make user and group name validation errors a little more informative
* small portability improvements
* general code improvements and refactoring in pynslcd
* some simplifications in the protocol between the PAM module and nslcd
(without actual protocol changes so far)
* fix debconf LDAP search base suggestion when domain has more than two
parts (patch by Per Carlson) (closes: #626571)
* search for LDAP server by looking for SRV _ldap._tcp DNS records and
try to query LDAP server for base DN during package configuration
(based on work by Petter Reinholdtsen for the sssd package)
* upgrade to standards-version 3.9.2 (no changes needed)
nss-pam-ldapd (0.8.2) experimental; urgency=low
* fix problem with endless loop on incorrect password
* fix definition of HOST_NAME_MAX (closes: #618795) and fall back to
_POSIX_HOST_NAME_MAX
* ignore password change requests for users not in LDAP (closes: #617452)
* many clean-ups to the tests and added some new tests including some
integration tests for the PAM functionality
* some smaller code clean-ups and improvements
* improvements to pynslcd, including implementations for service, protocol
and rpc lookups
* implement a validnames option that can be used to filter valid user and
group names using a regular expression
* integrate patch by Daniel Dehennin to not loose debconf values of
previously set options with dpkg-reconfigure (closes: #610117)
* improvements to the way nslcd shuts down with hanging worker threads
nss-pam-ldapd (0.8.1) experimental; urgency=low
* SECURITY FIX: the PAM module will allow authentication for users that do
not exist in LDAP, this allows login to local users with an
incorrect password (CVE-2011-0438)
the exploitability of the problem depends on the details of
the PAM stack and the use of the minimum_uid PAM option
* add FreeBSD support, partially imported from the FreeBSD port (thanks to
Jacques Vidrine, Artem Kazakov and Alexander V. Chernikov)
* document how to replace name pam_check_service_attr and
pam_check_host_attr options in PADL's pam_ldap with with pam_authz_search
in nss-pam-ldapd (closes: #610925)
* implement a fqdn variable that can be used in pam_authz_search filters
* create the directory to hold the socket and pidfile on startup
* implement host, network and netgroup support in pynslcd
nss-pam-ldapd (0.8.0) experimental; urgency=low
* include Solaris support developed by Ted C. Cheng of Symas Corporation
* include an experimental partial implementation of nslcd in Python
(disabled by default, see --enable-pynslcd configure option)
* implement a nss_min_uid option to filter user entries returned by LDAP
* implement a rootpwmodpw option that allows the root user to change a
user's password without a password prompt
* try to update the shadowLastChange attribute on password change
* all log messages now include a description of the request to more easily
track problems when not running in debug mode
* allow attribute mapping expressions for the userPassword attribute for
passwd, group and shadow entries and by default map it to the unmatchable
password ("*") to avoid accidentally leaking password information
* numerous compatibility improvements
* add --with-pam-seclib-dir and --with-pam-ldap-soname configure options to
allow more control of hot to install the PAM module
* add --with-nss-flavour and --with-nss-maps configure options to support
other C libraries and limit which NSS modules to install
* allow tilde (~) in user and group names (closes: #607640)
* improvements to the timeout mechanism (connections are now actively timed
out using the idle_timelimit option)
* set socket timeouts on the LDAP connection to disconnect regardless of
LDAP and possibly TLS handling of connection
* better disconnect/reconnect handling of error conditions
* some code improvements and cleanups and several smaller bug fixes
* all internal string comparisons are now also case sensitive (e.g. for
providing DN to username lookups, etc)
* signal handling in the daemon was changed to behave more reliable across
different threading implementations
* nslcd will now always return a positive authorisation result during
authentication to avoid confusing the PAM module when it is only used for
authorisation (closes: #604147)
* implement configuring SASL authentication using Debconf, based on a patch
by Daniel Dehennin (closes: #586532) (not called for translations yet
because the English text is likely to change)
-- Ubuntu Archive Auto-Sync <email address hidden> Mon, 17 Oct 2011 13:42:31 +0000
