RSS feed

release 0.9.1 of nss-pam-ldapd

[Date Prev][Date Next] [Thread Prev][Thread Next]

release 0.9.1 of nss-pam-ldapd

This is an update for the 0.9 development branch of nss-pam-ldapd that
includes a number of new features. This branch will see more development
and features added.

As such, this isn't the most stable version and should be used with
caution. The 0.7 and 0.8 branches will remain to be supported with bug
and security fixes for some time.

A summary of the changes since 0.9.0:

* rename the nscd_invalidate option to reconnect_invalidate and allow
  flushing the nfsidmap cache with the new option
* implement an -n switch to not daemonise (by Caleb Callaway)
* nslcd will now return partial shadow information to non-root users to
  avoid authorisation problems with setgid shadow authentication helpers
  with some PAM stacks
* nslcd will now retry failing LDAP connections after receiving SIGUSR1
  (SIGUSR1 could be sent after re-establishing a network connection)
* fix the way manual pages are installed in some situations
* the code for the nslcd utilities (getent.ldap and chsh.ldap) is now
  installed in {prefix}/share/nslcd-utils
* improve error and help output of the getent.ldap command
* documentation updates
* a number of tests were added and existing tests were extended
* fix for a potential, small memory leak in PAM module regarding
  temporary saving of old password
* a large number of bug fixes and improvements in pynslcd
* hide passwords from the pynslcd debug output
* support start_tls, pam_password_prohibit_message,
  nss_initgroups_ignoreusers and nss_min_uid in pynslcd
* fix rootpwmodpw handling in pynslcd
* complete a basic PAM implementation in pynslcd (some things such as
  shadow attribute checking remain to be implemented)
* clean up the caching functionality in pynslcd (functionality is still

More information can be found at:

The pynslcd implementation is becoming more and more featureful and
robust. It should be a reasonable replacement for nslcd in some
environments. The biggest missing features are support for multiple LDAP
servers with fail-over and support for authenticated LDAP connections
for normal operations. 
However, pynslcd is still not as well tested as nslcd.

Ideas, comments and patches for functionality are more than welcome.
Please drop a note on the nss-pam-ldapd-users mailing list with any
ideas or patches you may have.

-- arthur - - --
To unsubscribe send an email to or see