1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911
|
$Id: ChangeLog,v 1.204 2005/08/17 22:35:03 lukeh Exp $
===============================================================
180 Luke Howard <lukeh@padl.com>
* from Peter Marschall <peter@adpm.de>:
manual page installation fix
* fix for BUG#210: use start_tls on referrals if
configured to do so
* when handling new password policy control, only
fall through to account management module if a
policy error was returned (CERT VU#778916)
179 Luke Howard <lukeh@padl.com>
* more manual page updates
178 Luke Howard <lukeh@padl.com>
* manual page updates
177 Luke Howard <lukeh@padl.com>
* fix for BUG#188: better documentation for OpenLDAP
SSL options
* add manual page
176 Luke Howard <lukeh@padl.com>
* fix for compilation with Netscape SDK
175 Luke Howard <lukeh@padl.com>
* fix BUG#182: don't send old password in exop
password change unless pam_password is exop_send_old
174 Luke Howard <lukeh@padl.com>
* fix typo s/intereact/interact
173 Luke Howard <lukeh@padl.com>
* s/pam_sasl_mechanism/pam_sasl_mech/ for
consistency with OpenLDAP ldap.conf
172 Luke Howard <lukeh@padl.com>
* preliminary SASL bind support
171 Luke Howard <lukeh@padl.com>
* use correct AIX link flags even if --with-ldap-dir
is not specified
170 Luke Howard <lukeh@padl.com>
* sync ldap.conf with nss_ldap
* AIX 5.2 port
169 Luke Howard <lukeh@padl.com>
* include password policy schema file
* preliminary support for
draft-behera-ldap-password-policy-07.txt
168 Luke Howard <lukeh@padl.com>
* define LDAP_DEPRECATED for compiling with
OpenLDAP 2.2
* send old password when calling password change
extended operation: if the password had expired
the user may not be bound and so relying on the
LDAP connection to be authenticated is unwise
167 Luke Howard <lukeh@padl.com>
* fix compilation error on Solaris 9
166 Luke Howard <lukeh@padl.com>
* fix signed/unsigned comparison issues
* merge in LDAP debug patch from Howard Chu
* fix BUG#126 (updating shadowLastChange)
165 Luke Howard <lukeh@padl.com>
* fix BUG#142
* don't set LDAP_OPT_X_TLS_REQUIRE_CERT if not specified
in configuration file
164 Luke Howard <lukeh@padl.com>
* fix typo in ldapns.schema (!)
163 Luke Howard <lukeh@padl.com>
* fix typo in authorizedService patch
* add ldapns.schema for authorizedServiceObject and
hostObject
162 Luke Howard <lukeh@padl.com>
* support for service-based authorization
(based on patch from Manon Goo)
* add ignore_authinfo_unavail flag
* pam_filter works again
161 Luke Howard <lukeh@padl.com>
* fix from Thorsten Kukuk (SuSE) to handle scope-less
nss_base_passwd configuration
160 Luke Howard <lukeh@padl.com>
* AD password change fix
* fix from Thorsten Kukuk (SuSE) to handle aborted
password changes
159 Luke Howard <lukeh@padl.com>
* updated version information
158 Luke Howard <lukeh@padl.com>
* support for multiple service search descriptors from
Symas
157 Luke Howard <lukeh@padl.com>
* BUG#120 feature: pam_password_prohibit_message
* fix for BUG#105
* removed static function prototypes from pam_ldap.h
* check for libnsl
156 Luke Howard <lukeh@padl.com>
* fix for bug #119
155 Luke Howard <lukeh@padl.com>
* proper for for non-experimental password change exop;
broke compiling with older SDKs
154 Luke Howard <lukeh@padl.com>
* fix for bug #115
* PWEXPIRED fix from Howard Chu
153 Luke Howard <lukeh@padl.com>
* support non-experimental password change exop
* patch from Howard Chu to use linker grouping on
Solaris
152 Luke Howard <lukeh@padl.com>
* fix build breakage with OpenLDAP HEAD
151 Luke Howard <lukeh@padl.com>
* HP-UX port
* import dlfcn.h on Solaris with Netscape SDK
* export required symbols only on Linux, HP-UX, Darwin
150 Luke Howard <lukeh@padl.com>
* added depcomp for new automake
149 Luke Howard <lukeh@padl.com>
* OS X build fix
* alias for RACF password changing
* use LDAP_MOD_ADD when changing NDS passwords rather
than LDAP_MOD_REPLACE; NDS documentation indicates
that this should work, and this is required for RACF.
* BUG#101: should build with recent automake/autoconf
148 Luke Howard <lukeh@padl.com>
* check for Netscape SDK without SSL; don't require
pthreads for these
147 Luke Howard <lukeh@padl.com>
* make shadow.lstchg default -1 to not force
password change when now shadow information present
146 Luke Howard <lukeh@padl.com>
* fix for BUG#91 / Debian Bug #144175: adhere to
convention of the last change of the password being
on the Unix Epoch implying a forced password change,
and fix error propagation with expiring passwords
145 Luke Howard <lukeh@padl.com>
* patch for building on OpenLDAP 1.x from Nalin
at RedHat
144 Luke Howard <lukeh@padl.com>
* avoid use of temporary variable when reporting
non-existent configuration file; fix for local
format string vulnerability reported at:
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0053.html
* log correct configuration file name when reporting
missing "host" directive
143 Luke Howard <lukeh@padl.com>
* specify runtime path for LDAP library correctly to
native Solaris linker
142 Luke Howard <lukeh@padl.com>
* use native linker on Solaris
141 Luke Howard <lukeh@padl.com>
* support for headers in /usr/include/pam (Darwin)
* integrated fix for BUG#79
140 Luke Howard <lukeh@padl.com>
* further fix for recall #8362: do not turn
all users into template users
139 Luke Howard <lukeh@padl.com>
* fix for recall #8362: support template users
when try_first_pass succeeds
138 Luke Howard <lukeh@padl.com>
* when flushing cached session data, check to see
whether the application has requested a different
configuration file due to a changed service
137 Luke Howard <lukeh@padl.com>
* treat exceeded time and size limits as a successful
return code; we may still have a single entry back.
* BUG#77: make configuration file paths configurable
136 Luke Howard <lukeh@padl.com>
* module stack fixes from Thorsten Kukuk
135 Luke Howard <lukeh@padl.com>
* revert UID check to getuid() per patch from
Erich Schneider
134 Luke Howard <lukeh@padl.com>
* per suggest from Bill Welliver, check for
effective UID being 0, not real UID
* added ber_free() after ber_flatten() in
extended operation password changing code
133 Luke Howard <lukeh@padl.com>
* Patch from Ed Golden for group_dn: set error
code correctly
132 Luke Howard <lukeh@padl.com>
* Patch from Bob Guo to discard trailing whitespace
in configuration file
131 Luke Howard <lukeh@padl.com>
* allow "*" wildcard value to be present in host
attribute
* added ignore_unknown_user option to all module
functions; if the user could not be found and this
option is set, PAM_IGNORE will be returned instead
of PAM_USER_UNKNOWN
130 Luke Howard <lukeh@padl.com>
* don't return PAM_AUTH_ERR for authorization errors;
return PAM_PERM_DENIED
* reverted patch in pam_ldap-114: if a user doesn't
exist in LDAP, pam_sm_acct_mgmt() returns
PAM_IGNORE, rather than PAM_SUCCESS.
* HEADS UP: in default configuration, disable checking
the host attribute. This must now be manually
enabled with pam_check_host_attr in ldap.conf.
* HEADS UP: if checking the host attribute is
enabled, and a user does not have any values for
the host attribute, do not allow them to login.
This avoids the ugly situation of having to add
a dummy, invalid value for the host attribute for
users that were not allowed to login to any host.
129 Luke Howard <lukeh@padl.com>
* don't return PAM_SYSTEM_ERR for LDAP-related errors
* return PAM_AUTHINFO_UNAVAIL for directory-related
(but not configuration-related) errors so that
stacking modules will work properly (thanks to
Brian Nelson <bnelson@cis.ysu.edu> for pointing this
out)
127 Luke Howard <lukeh@padl.com>
* fixed segfault bug if nss_base_passwd contains
a scope but no filter (BUG#69)
126 Luke Howard <lukeh@padl.com>
* fixed rebind prototype in pam_ldap.h for new
OpenLDAP client library
125 Luke Howard <lukeh@padl.com>
* added ldap.conf stanza for AIX
* added configurable checking host host attribute
(pam_check_host_attr in ldap.conf)
124 Luke Howard <lukeh@padl.com>
* note in ldap.conf that the default encryption
scheme for changing passwords is none (let
the server do it) (BUG#65)
* pass NULL as session handle for SSL options;
they are set globally
123 Luke Howard <lukeh@padl.com>
* support for new OpenLDAP rebind procedure
* do not try to open /etc/ldap.secret unless root
* use LDAP_OPT_NETWORK_TIMEOUT if available
122 Luke Howard <lukeh@padl.com>
* make buildable with Sun's C compiler
121 Luke Howard <lukeh@padl.com>
* escape username only, not entire filter
120 Luke Howard <lukeh@padl.com>
* escape search filter to avoid wildcards etc
* put prototypes back in, where did they go?
119 Luke Howard <lukeh@padl.com>
* with password change exop, use bind password not encoded
old password for old password
* added --disable-ssl option to configure for Debian
* patch from Helmut Wirth <wirth@bison-soft.de> to allow
only a URI to be specified.
* only set SSL options if we have values for those options
118 Luke Howard <lukeh@padl.com>
* in _set_ssl_options(), apply the options actually to
the current session not a NULL pointer (which apparently
worked with ldap_pvt_tls_set_option())
117 Luke Howard <lukeh@padl.com>
* do not strdup a NULL pointer if we are root
when changing passwords
116 Luke Howard <lukeh@padl.com>
* make sure old authentication token is zeroed
out before freeing (now that we are storing the
old authentication token privately)
115 Luke Howard <lukeh@padl.com>
* fix for updating passwords (consistent for Linux/Solaris)
114 Luke Howard <lukeh@padl.com>
* patch from Brian Nelson <bnelson@cis.ysu.edu>; if
a user doesn't exist in LDAP, then make pam_sm_acct_mgmt()
return PAM_SUCCESS
* another patch for correctly updating passwords on
Solaris (which doesn't do preliminary password changing
the same was as Linux-PAM)
113 Luke Howard <lukeh@padl.com>
* don't use ldap_pvt_tls_set_option(); it is private API
112 Luke Howard <lukeh@padl.com>
* SSL fix
111 Luke Howard <lukeh@padl.com>
* further patch from Tero to fix chfn/chsh
* further patch from Jarkko for TLS/SSL using
OpenLDAP: support for LDAPS, cipher suite
selection, client key/cert authentication
110 Luke Howard <lukeh@padl.com>
* build on Mac OS X FCS; configure --libdir=/Library
(this will only work properly on HFS+ volumes)
109 Luke Howard <lukeh@padl.com>
* patch from Tero Pelander <tpeland@tkukoulu.fi> for
testing scope in nss_base_passwd
* patch from Jarkko Turkulainen <jt@wapit.com> for client
side certificate support
108 Luke Howard <lukeh@padl.com>
* patch from Thorsten Kukuk <kukuk@suse.de>:
The problem: pam_ldap does not abort in the second
pam_sm_chauthtok call, if we really change the password
and the user does not exist in the LDAP database (tested
with pam_ldap-105 and pam_ldap-107).
107 Luke Howard <lukeh@padl.com>
* s/HAVE_LDAP_SET_REBIND_PROC_ARGS/LDAP_SET_REBIND_PROC_ARGS/
(typo causing prototype mismatch)
106 Luke Howard <lukeh@padl.com>
* URI support
* cleaned up some warnings with older client
libraries
105 Luke Howard <lukeh@padl.com>
* check for HAVE_LDAP_{SET,GET}_OPTION always
104 Luke Howard <lukeh@padl.com>
* check for ldap_set_option(), as LDAP_OPT_REFERRALS
is defined for OpenLDAP 1.x but without the
ldap_set_option() function
103 Luke Howard <lukeh@padl.com>
* patch from Thomas Noel to handle shadow
expiry properly
102 Luke Howard <lukeh@padl.com>
* define macros LDAP_OPT_{OFF,ON} if
not defined
* make SECSPERDAY 86400LL
101 Luke Howard <lukeh@padl.com>
* fix uninitialized variable
* retrieve password policy on actual password
change, may not have been done if we were root.
100 Luke Howard <lukeh@padl.com>
* use -rpath on all platforms except Solaris,
not just Linux
99 Luke Howard <lukeh@padl.com>
* use -shared not --shared
* compile with -DPIC on FreeBSD
98 Luke Howard <lukeh@padl.com>
* merged ldap.conf
97 Luke Howard <lukeh@padl.com>
* %configure -> ./configure
96 Luke Howard <lukeh@padl.com>
* put some meaningful content in AUTHORS
* new spec file from Joe Little
95 Luke Howard <lukeh@padl.com>
* add files for automake happiness
94 Luke Howard <lukeh@padl.com>
* default to LDAP protocol version 3
* documented exop in README
* link on Solaris with -M mapfile
* Solaris link with -Wl; will work with
gcc only, I think
* use sysconfdir, not etcdir
93 Luke Howard <lukeh@padl.com>
* made PAM_CLEAR the default for pam_password,
as was originally the case. Don't break
existing configurations!
92 Luke Howard <lukeh@padl.com>
* support for OpenLDAP password change extended
operation, if available. Enable with
pam_password exop
in ldap.conf
91 Luke Howard <lukeh@padl.com>
* centralized authtok update code. The pam_crypt,
pam_ad_passwd, and pam_nds_passwd configuration
file keys are deprecated; instead the following
configuration file key will be used:
pam_password [clear|crypt|md5|nds|ad]
See README for more information. (NB: The
pam_crypt will continue to work so as to not
compromise existing deployments.)
90 Luke Howard <lukeh@padl.com>
* support for correct rebind function prototype
with OpenLDAP SDK
89 Luke Howard <lukeh@padl.com>
* support for connection timeout in Netscape SDK
88 Luke Howard <lukeh@padl.com>
* support for "referrals" and "restart" in
ldap.conf
* don't use ldap_perror() for logging TLS errors
* optionally get scope/filter from
"nss_base_passwd" value
* accept on/yes/true for boolean configuration
keys
87 Luke Howard <lukeh@padl.com>
* support for "timelimit" and "bind_timelimit" in
ldap.conf
* use "nss_base_passwd" for search base preferentially
to "base"
* fixed code order bug in setting TLS option;
introduced by patch in pam_ldap-86
86 Luke Howard <lukeh@padl.com>
* patches from Norbert Klasen:
* activate either Start TLS or LDAPS with
OpenLDAP 2.x using "ssl start_tls" or
"ssl yes" respectively in ldap.conf
* Active Directory password changing
85 Luke Howard <lukeh@padl.com>
* patches from David Begley:
* note about using --with-ldap-lib=netscape4
* patch to configure (regenerated from configure.in)
* note about using gnumake
* linking with lib{plc,plds,nspr}3 libraries for
4.1x Netscape SDK
* use -G not --shared when building shared
libraries on Solaris
84 Luke Howard <lukeh@padl.com>
* fixed typo in pam_ldap.c
83 Luke Howard <lukeh@padl.com>
* patch from nalin@redhat.com for StartTLS,
enforce V3
* fixed up indenting
* patch from David Begley to check for netscape4.1 lib
82 Luke Howard <lukeh@padl.com>
* s/conffile/config; forgot to patch properly
81 Luke Howard <lukeh@padl.com>
* use MAXPATHLEN instead of PATH_MAX; pam_ldap-80
failed on Solaris
80 Luke Howard <lukeh@padl.com>
* added support for configurable configuration files;
you can now specify an alternate configuration file
using the config= parameter in pam.conf. This patch
was provided by scremer@dohle.com
* added Solaris-specific linker flag patch from
David Begley
79 Luke Howard <lukeh@padl.com>
* updated shipables for RC
78 Luke Howard <lukeh@padl.com>
* updated prebuild step for RC
77 Luke Howard <lukeh@padl.com>
* renamed _authenticate() to _do_authentication()
to avoid name conflict with ONC RPC headers
76 Luke Howard <lukeh@padl.com>
* fixes to configure from David Begley;
detect LDAP client libraries properly
* fix to Makefile.am from David Begley;
don't delete nss_ldap library on uninstall
75 Luke Howard <lukeh@padl.com>
* updated README with Solaris crypt(3) FAQ
74 Luke Howard <lukeh@padl.com>
* fixed support for NDS password changing,
from Petr Olivka <Petr.Olivka@vsb.cz>
73 Luke Howard <lukeh@padl.com>
* added support for OpenLDAP start TLS, from
Alex Schlessinger <alex@hq.workspot.com>
72 Luke Howard <lukeh@padl.com>
* added nasty_ssl_hack() constructor; this
dlopens ourself so that we always remain
loaded, and ssl_initialized is set across
invocations of PAM. Probably the path should
not be hardcoded but sourced from config.h.
71 Luke Howard <lukeh@padl.com>
* call ldapssl_client_init() once only (this doesn't
have the desired effect because PAM unloads the
library after pam_end() is called)
70 Luke Howard <lukeh@padl.com>
* in rebind proc, check session->info != NULL
* in rebind proc, check {user,bind}{dn,pw} != NULL
68 Luke Howard <lukeh@padl.com>
* initialize tmplattr/tmpluser fields
67 Luke Howard <lukeh@padl.com>
* check _authenticate() return code before setting
template user
66 Luke Howard <lukeh@padl.com>
* ypldapd locator support is now a configure option
65 Luke Howard <lukeh@padl.com>
* set shadowLastChange silently (allow it to fail)
64 Luke Howard <lukeh@padl.com>
* more consistent log messages (removed brackets)
* set uid to nobody if unreadable from directory
* support template users so users can login with
a name without a local POSIX account.
* PAM_AUTHTOK_RECOVERY_ERR (not ...RECOVER_ERR)
on Soalris
63 Luke Howard <lukeh@padl.com>
* return PAM_MAXTRIES if number of tries exceeded
62 Luke Howard <lukeh@padl.com>
* new spec file from Dan Berry
61 Luke Howard <lukeh@padl.com>
* patch from norbert.klasen@zdv.uni-tuebingen.de (bug);
was logging plaintext password in pam_ldap.c
* log pam_strerror() not integer status code
60 Luke Howard <lukeh@padl.com>
* patch from Jungle Lin@judicial.gov.tw to fix
logic bug in pam_sm_chauthtok()
59 Luke Howard <lukeh@padl.com>
* fixed some assumptions in chsh/chfn, need to look
further at this though
58 Tom Lear <tom@trap.mtview.ca.us>
* Debian bug #64217: remove redunant code in pam_ldap.c
* Debian bug #64220: add minuid and maxuid parameters
* Debian bug #65295: chsh/chfn implementation
55 Doug Nazar <nazard@dragoninc.on.ca>
* md5 crypt support
* rootbinddn support
* rebind support for openldap
* async ldap calls for bind
* use_authtok support
* autoconf/automake support
51 Luke Howard <lukeh@padl.com>
* updated spec file
50 Luke Howard <lukeh@padl.com>
* more patches from Scott Balneaves
* use PAM_NEW_AUTHTOK_REQD instead of PAM_AUTHTOK_REQD
* return PAM_SUCCESS for pam_sm_open_session()
* reorganization of shadow code
49 Luke Howard <lukeh@padl.com>
* more patches from Scott Balneaves; now just check
for shadow expiry date rather than shadowAccount
object class
* added deref parameter to ldap.conf for parity with
OpenLDAP
48 Luke Howard <lukeh@padl.com>
* added patch from Scott Balneaves <sbalneav@legalaid.mb.ca>
to read shadowAccount attributes
47 Luke Howard <lukeh@padl.com>
* removed _connect_anonymously() clause when updating
shadowLastChange
46 Luke Howard <lukeh@padl.com>
* incorporated new spec file
44 Luke Howard <lukeh@padl.com>
* incorporated patch for shadowLastChange attribute
40 Luke Howard <lukeh@padl.com>
* added support for NDSv8 password changing
(this is experimental)
39 Luke Howard <lukeh@padl.com>
* added some comments in Make.defs about different
SDKs
38 Luke Howard <lukeh@padl.com>
* fixed typo in pam.d/ssh
37 Luke Howard <lukeh@padl.com>
* merged in BUG#37 branch
* added Makefile.freebsd
36.BZ37.6 Luke Howard <lukeh@padl.com>
* updated ChangeLog (this file)
36.BZ37.5 Luke Howard <lukeh@padl.com>
* included FreeBSD porting fixes
36.BZ37.4 Luke Howard <lukeh@padl.com>
* send user credentials of bound_as_user is
set, rather than if userpw != NULL
36.BZ37.3 Luke Howard <lukeh@padl.com>
* drop userpw if it is already set
36.BZ37.2 Luke Howard <lukeh@padl.com>
* fixed reordered include to compile properly
36.BZ37.1 Luke Howard <lukeh@padl.com>
* patch release with possible fix for BUG#37, where
user credentials were not being forwarded to
referred servers (whilst password changing)
36 Luke Howard <lukeh@padl.com>
* added -lresolv to library search path
* incorporated stein@terminator.net's patches for RPM
builds
35 Luke Howard <lukeh@padl.com>
* put /usr/ucblib back in linker search path on Solaris
33 Luke Howard <lukeh@padl.com>
* fixed pam_ldap.c to support compiling against an API
which conforms to draft-ietf-ldapext-ldap-c-api-02.txt.
Should make it easier to work with OpenLDAP 2. Netscape
specific extensions are guarded with NETSCAPE_API_EXTENSIONS.
30 Luke Howard <lukeh@padl.com>
* fixed Make.defs for linking against OpenLDAP libldap
(recall #279)
* more SSL stuff
28 Luke Howard <lukeh@padl.com>
* added patch from gero@faveve.uni-stuttgart.de for
parsing of ldap.conf with tabs
* various patches hopefully to get SSL to work
27 Luke Howard <lukeh@padl.com>
* fix for recall 256: free() smasher
26 Luke Howard <lukeh@padl.com>
* added commented out flags for non-V3 SDKs
25 Luke Howard <lukeh@padl.com>
* removed ucblib search path
24 Luke Howard <lukeh@padl.com>
* compile with -D_REENTRANT and link against -lpthread
to satisfy dependancies in libldapssl30. (BUG#7)
23 Luke Howard <lukeh@padl.com>
* no longer use LDAP_VERSION3 to select API
(BUG#6)
21 Luke Howard <lukeh@padl.com>
* added rebind function
* various stuff for RC added
* broke out makefiles
* ldap.conf keys case-insensitive for compat with
OpenLDAP
17 Luke Howard <lukeh@padl.com>
* force users to change passwords if their account has
expired
* updated mapfile for Solaris
14 Luke Howard <lukeh@padl.com>
* fall back to /etc/ldap.conf if ypldapd is configured
for configuration lookup
* fixed up pam.conf
13 Luke Howard <lukeh@padl.com>
* added -lcrypt for Linux
12 Luke Howard <lukeh@padl.com>
* Use ldap_open() for V2 as ldap_init() doesn't work
* Support hashing passwords locally for UMich crypt
patched server
* Tested against Microsoft Exchange Server
* Fixed some errors in ldap.conf and mapfile
11 Luke Howard <lukeh@padl.com>
* Added support for group membership as in Chris'
pam_ldap_auth module; see the pam_groupdn and
pam_group_attribute configuration keys.
* Changed pam_attribute to pam_login_attribute to
avoid confusion with pam_group_attribute.
* Support Netscape password expiration controls
* Avoid authenticating users with empty passwords,
even if the directory server does
* Fill in pam_sm_{open,close}_session for completeness
(they return PAM_IGNORE)
10 Luke Howard <lukeh@padl.com>
* tested with Linux-PAM 0.57
* made all functions static
* added prototypes
* LDAP connections can be persistent over an entire PAM
session through the use of pam_set_data() and
pam_get_data()
* fixed some bugs
9 Luke Howard <lukeh@padl.com>
* first publically available version.
|