* fix: LDAP write on userPassword fails when chasing referral and cached
policy error is POLICY_ERROR_PASSWORD_EXPIRED
* fix: only request attributes that are actually used
* fix: canonicalize PAM_USER name
against recent openpam headers produce non functioning pam_ldap.so
on NetBSD 4.99.47(?) or more recent systems.
There's something really fishy in the headers...
- Fix miscellaneous pkglint warnings.
- Fix security problem; CAN-2006-5170.
$Id: ChangeLog,v 1.212 2006/10/05 23:23:52 lukeh Exp $
===============================================================
183 Luke Howard <lukeh@padl.com>
* fix for BUG#291: don't suppress password policy
errors which should not be suppressed
182 Luke Howard <lukeh@padl.com>
* fix for BUG#269: compile time error in call to
ldap_sasl_interactive_bind_s()
181 Luke Howard <lukeh@padl.com>
* fix for BUG#256: don't send password policy request
control if pam_lookup_policy no specified
* fix for BUG#254: check gethostbyname() result
* fix for BUG#237: typo in ldap_get_lderrno()
implementation
* fix for BUG#207: if ldap_start_tls_s() fails
return PAM_AUTHINFO_UNAVAIL
* fix for BUG#261: sslpath example wrong
* fix for BUG#268: POLICY_ERROR_CHANGE_AFTER_RESET
should be handled as POLICY_ERROR_PASSWORD_EXPIRED,
other password policy errors to be treated as fatal
changes:
-manpage added
-fix for BUG#210: use start_tls on referrals if configured to do so
-when handling new password policy control, only fall through to account
management module if a policy error was returned (CERT VU#778916)
pkgsrc change: use /etc/pam_ldap.conf as config file, to distinguish
from nss_ldap
update include:
* The configuration file (shared with nss_ldap.so and sudo) has
been moved to ${PKG_SYSCONFDIR}/ldap.conf. Any secrets file is
found in ${PKG_SYSCONFDIR}/ldap.secret.
* Use the pkg.install framework to copy the config file from the
example directory to the real location.
* Use libtool to build and install the PAM module.
Changes from version 150 include:
* preliminary SASL bind support
* include password policy schema file
* preliminary support for
draft-behera-ldap-password-policy-07.txt
* support for service-based authorization
(based on patch from Manon Goo)
* add ignore_authinfo_unavail flag
* pam_filter works again
* fix from Thorsten Kukuk (SuSE) to handle scope-less
nss_base_passwd configuration
* AD password change fix
* fix from Thorsten Kukuk (SuSE) to handle aborted password changes
* support for multiple service search descriptors from Symas
* support non-experimental password change exop
* patch from Howard Chu to use linker grouping on Solaris
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
foo-* to foo-[0-9]*. This is to cause the dependencies to match only the
packages whose base package name is "foo", and not those named "foo-bar".
A concrete example is p5-Net-* matching p5-Net-DNS as well as p5-Net. Also
change dependency examples in Packages.txt to reflect this.
