nss-pam-ldapd commit: r1096 - in nss-pam-ldapd: . debian man
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
nss-pam-ldapd commit: r1096 - in nss-pam-ldapd: . debian man
- From: "Commits of the nss-pam-ldapd project." <nss-pam-ldapd-commits [at] lists.arthurdejong.org>
- To: nss-pam-ldapd-commits [at] lists.arthurdejong.org
- Reply-to: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: nss-pam-ldapd commit: r1096 - in nss-pam-ldapd: . debian man
- Date: Sun, 9 May 2010 13:40:21 +0200 (CEST)
Author: arthur
Date: Sun May 9 13:40:20 2010
New Revision: 1096
URL: http://arthurdejong.org/viewvc/nss-pam-ldapd?view=rev&revision=1096
Log:
get files ready for 0.7.4 release
Modified:
nss-pam-ldapd/ChangeLog
nss-pam-ldapd/NEWS
nss-pam-ldapd/TODO
nss-pam-ldapd/configure.ac
nss-pam-ldapd/debian/changelog
nss-pam-ldapd/man/nslcd.8.xml
nss-pam-ldapd/man/nslcd.conf.5.xml
nss-pam-ldapd/man/pam_ldap.8.xml
Modified: nss-pam-ldapd/ChangeLog
==============================================================================
--- nss-pam-ldapd/ChangeLog Sun May 9 12:44:36 2010 (r1095)
+++ nss-pam-ldapd/ChangeLog Sun May 9 13:40:20 2010 (r1096)
@@ -1,3 +1,136 @@
+2010-05-09 10:44 arthur
+
+ * [r1095] nslcd/myldap.c: only log "connected to LDAP server" if
+ the previous connect failed or we are failing over to a different
+ server
+
+2010-05-09 10:39 arthur
+
+ * [r1094] debian/nslcd.postinst, man/nslcd.conf.5.xml, nslcd/cfg.c,
+ nslcd/cfg.h, nslcd/myldap.c, tests/README, tests/nslcd-test.conf:
+ rename reconnect_maxsleeptime option to reconnect_retrytime
+
+2010-05-09 10:20 arthur
+
+ * [r1093] nslcd/myldap.c: don't log errno if it is not set (make
+ error less confusing)
+
+2010-05-09 10:08 arthur
+
+ * [r1092] nslcd/myldap.c: handle authentication searches a little
+ differently (only try once if an authentication error is
+ returned)
+
+2010-05-09 09:51 arthur
+
+ * [r1091] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h,
+ nslcd/myldap.c: refactor retry timing mechanism to use time
+ between first and last error to determin when to rerty and only
+ try once (and don't sleep) when we have been failing for a long
+ time
+
+2010-05-08 10:39 arthur
+
+ * [r1090] man/nslcd.conf.5.xml: fix wrapping of long line (thanks
+ lintian)
+
+2010-05-08 10:34 arthur
+
+ * [r1089] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h,
+ nslcd/pam.c: rename authz_search option to pam_authz_search
+
+2010-05-07 21:45 arthur
+
+ * [r1088] man/nslcd.conf.5.xml, man/pam_ldap.8.xml, nslcd/cfg.c,
+ nslcd/cfg.h, nslcd/pam.c: implement an authz_search option to
+ test whether the user is authorised
+
+2010-05-07 21:25 arthur
+
+ * [r1087] nslcd/alias.c, nslcd/ether.c, nslcd/group.c,
+ nslcd/host.c, nslcd/netgroup.c, nslcd/network.c, nslcd/passwd.c,
+ nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c:
+ tune some buffer sizes and small cleanups
+
+2010-05-07 20:43 arthur
+
+ * [r1086] tests/test_myldap.c: implement test for buffer overflow
+
+2010-05-07 20:40 arthur
+
+ * [r1085] nslcd/myldap.c: fix buffer overflow
+
+2010-05-07 11:23 arthur
+
+ * [r1084] man, man/Makefile.am: have the possibility to generate
+ HTML for manual pages (not done by default)
+
+2010-05-07 11:22 arthur
+
+ * [r1083] man/nslcd.conf.5.xml, man/pam_ldap.8.xml: use docbook
+ elements where possible
+
+2010-05-06 21:40 arthur
+
+ * [r1082] compat/pam_compat.h, configure.ac,
+ debian/libpam-ldapd.pam-auth-update, man/pam_ldap.8.xml,
+ pam/pam.c: implement a minimum_uid option for the PAM module to
+ ignore users that have a lower numeric user id
+
+2010-05-05 10:58 arthur
+
+ * [r1081] config.guess, config.sub: include updated files
+
+2010-05-03 20:29 arthur
+
+ * [r1080] debian/nslcd.config: also parse /etc/ldap.conf for
+ systems that use that for NSS and PAM configuration
+
+2010-04-13 19:21 arthur
+
+ * [r1079] nslcd/myldap.c, nslcd/myldap.h, nslcd/pam.c: don't have
+ myldap_set_credentials() try to open a connection but have the
+ PAM code perform a search with the new credentials so we re-use
+ the fail-over mechanism in myldap_search()
+
+2010-04-13 19:17 arthur
+
+ * [r1078] nslcd/cfg.c, nslcd/common.h, nslcd/myldap.c,
+ nslcd/myldap.h, nslcd/passwd.c, tests/test_myldap.c: also have
+ myldap_search() return an LDAP status code
+
+2010-04-01 19:49 arthur
+
+ * [r1077] tests/README, tests/test.ldif.gz, tests/test_nsscmds.sh:
+ small improvements to the test setup
+
+2010-03-20 16:01 arthur
+
+ * [r1076] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h,
+ nslcd/group.c: add an nss_initgroups_ignoreusers option to ignore
+ username to group lookups for the specified users
+
+2010-03-13 15:40 arthur
+
+ * [r1075] man/nslcd.conf.5.xml: remove commented-oud default option
+ because it is not implemented and we have a better mechanism now
+
+2010-02-28 08:10 arthur
+
+ * [r1074] nslcd/myldap.c: have less warnings when LDAP_OPT_X_TLS
+ isn't defined
+
+2010-02-28 08:07 arthur
+
+ * [r1073] man/nslcd.conf.5.xml: document which attributes may be
+ mapped with an expression
+
+2010-02-27 15:28 arthur
+
+ * [r1071] ChangeLog, NEWS, configure.ac, debian/changelog,
+ man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get
+ files ready for 0.7.3 release
+
2010-02-27 15:26 arthur
* [r1070] debian/NEWS: add blank line for apt-listchanges
Modified: nss-pam-ldapd/NEWS
==============================================================================
--- nss-pam-ldapd/NEWS Sun May 9 12:44:36 2010 (r1095)
+++ nss-pam-ldapd/NEWS Sun May 9 13:40:20 2010 (r1096)
@@ -1,3 +1,22 @@
+changes from 0.7.3 to 0.7.4
+---------------------------
+
+* fix a buffer overflow that should have no security consequences
+* perform proper fail-over when authenticating in the PAM module
+* add an nss_initgroups_ignoreusers option to ignore user name to group
+ lookups for the specified users
+* add an pam_authz_search option to perform a flexible authorisation check on
+ login (e.g. to restrict which users can login to which hosts, etc)
+* implement a minimum_uid option for the PAM module to ignore users that have
+ a lower numeric user id
+* change the way retries are done to error out quicker if the LDAP server is
+ down for some time (this should make the system more responsive when the
+ LDAP server is unavailable) and rename the reconnect_maxsleeptime option to
+ reconnect_retrytime to better describe the behaviour
+* only log "connected to LDAP server" if the previous connection failed
+* documentation improvements
+
+
changes from 0.7.2 to 0.7.3
---------------------------
Modified: nss-pam-ldapd/TODO
==============================================================================
--- nss-pam-ldapd/TODO Sun May 9 12:44:36 2010 (r1095)
+++ nss-pam-ldapd/TODO Sun May 9 13:40:20 2010 (r1096)
@@ -22,7 +22,6 @@
* maybe make myldap code thread-safe (use locking)
* review changes in nss_ldap and merge any useful changes
* maybe rate-limit LDAP entry warnings
-* test non-ASCII characters in fields (mostly cn)
* only parse configuration options if they are available on the platform
* have some more general mechanism to disable NSS lookups from nslcd
* maybe support memberOf attribute in passwd entries that map to groups
Modified: nss-pam-ldapd/configure.ac
==============================================================================
--- nss-pam-ldapd/configure.ac Sun May 9 12:44:36 2010 (r1095)
+++ nss-pam-ldapd/configure.ac Sun May 9 13:40:20 2010 (r1096)
@@ -32,8 +32,8 @@
configure.ac file for more details.])
# initialize and set version and bugreport address
-AC_INIT([nss-pam-ldapd],[0.7.3],[nss-pam-ldapd-users@lists.arthurdejong.org])
-RELEASE_MONTH="Feb 2010"
+AC_INIT([nss-pam-ldapd],[0.7.4],[nss-pam-ldapd-users@lists.arthurdejong.org])
+RELEASE_MONTH="May 2010"
AC_SUBST(RELEASE_MONTH)
AC_CONFIG_SRCDIR([nslcd.h])
Modified: nss-pam-ldapd/debian/changelog
==============================================================================
--- nss-pam-ldapd/debian/changelog Sun May 9 12:44:36 2010 (r1095)
+++ nss-pam-ldapd/debian/changelog Sun May 9 13:40:20 2010 (r1096)
@@ -1,3 +1,27 @@
+nss-pam-ldapd (0.7.4) unstable; urgency=low
+
+ * fix a buffer overflow that should have no security consequences
+ * perform proper fail-over when authenticating in the PAM module
+ (closes: #577593)
+ * add an nss_initgroups_ignoreusers option to ignore user name to group
+ lookups for the specified users
+ * add an pam_authz_search option to perform a flexible authorisation check
+ on login (e.g. to restrict which users can login to which hosts, etc)
+ * implement a minimum_uid option for the PAM module to ignore users that
+ have a lower numeric user id and make 1000 the default value for Debian
+ (closes: #579574)
+ * change the way retries are done to error out quicker if the LDAP server
+ is down for some time (this should make the system more responsive when
+ the LDAP server is unavailable) and rename the reconnect_maxsleeptime
+ option to reconnect_retrytime to better describe the behaviour
+ * only log "connected to LDAP server" if the previous connection failed
+ (closes: #483795)
+ * documentation improvements
+ * debian/nslcd.config: also parse /etc/ldap.conf for systems that put NSS
+ and PAM configuration there
+
+ -- Arthur de Jong <adejong@debian.org> Sat, 08 May 2010 12:00:00 +0200
+
nss-pam-ldapd (0.7.3) unstable; urgency=low
* allow password modification by root using the rootpwmoddn configuration
Modified: nss-pam-ldapd/man/nslcd.8.xml
==============================================================================
--- nss-pam-ldapd/man/nslcd.8.xml Sun May 9 12:44:36 2010 (r1095)
+++ nss-pam-ldapd/man/nslcd.8.xml Sun May 9 13:40:20 2010 (r1096)
@@ -36,9 +36,9 @@
<refmeta>
<refentrytitle>nslcd</refentrytitle>
<manvolnum>8</manvolnum>
- <refmiscinfo class="version">Version 0.7.3</refmiscinfo>
+ <refmiscinfo class="version">Version 0.7.4</refmiscinfo>
<refmiscinfo class="manual">System Manager's Manual</refmiscinfo>
- <refmiscinfo class="date">Dec 2009</refmiscinfo>
+ <refmiscinfo class="date">May 2010</refmiscinfo>
</refmeta>
<refnamediv id="name">
Modified: nss-pam-ldapd/man/nslcd.conf.5.xml
==============================================================================
--- nss-pam-ldapd/man/nslcd.conf.5.xml Sun May 9 12:44:36 2010 (r1095)
+++ nss-pam-ldapd/man/nslcd.conf.5.xml Sun May 9 13:40:20 2010 (r1096)
@@ -36,9 +36,9 @@
<refmeta>
<refentrytitle>nslcd.conf</refentrytitle>
<manvolnum>5</manvolnum>
- <refmiscinfo class="version">Version 0.7.3</refmiscinfo>
+ <refmiscinfo class="version">Version 0.7.4</refmiscinfo>
<refmiscinfo class="manual">System Manager's Manual</refmiscinfo>
- <refmiscinfo class="date">Dec 2009</refmiscinfo>
+ <refmiscinfo class="date">May 2010</refmiscinfo>
</refmeta>
<refnamediv id="name">
Modified: nss-pam-ldapd/man/pam_ldap.8.xml
==============================================================================
--- nss-pam-ldapd/man/pam_ldap.8.xml Sun May 9 12:44:36 2010 (r1095)
+++ nss-pam-ldapd/man/pam_ldap.8.xml Sun May 9 13:40:20 2010 (r1096)
@@ -35,9 +35,9 @@
<refmeta>
<refentrytitle>pam_ldap</refentrytitle>
<manvolnum>8</manvolnum>
- <refmiscinfo class="version">Version 0.7.3</refmiscinfo>
+ <refmiscinfo class="version">Version 0.7.4</refmiscinfo>
<refmiscinfo class="manual">System Manager's Manual</refmiscinfo>
- <refmiscinfo class="date">Dec 2009</refmiscinfo>
+ <refmiscinfo class="date">May 2010</refmiscinfo>
</refmeta>
<refnamediv id="name">
--
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits
- nss-pam-ldapd commit: r1096 - in nss-pam-ldapd: . debian man,
Commits of the nss-pam-ldapd project.
