* Numerous bug fixes for most of the PAM modules, including several
string length checks and fixes (update recommended!).
* fix for legacy behavior of pam_setcred and pam_close_session in
the case that pam_authenticate and pam_open_session hadn't been
called
* pam_unix:
- don't zero out password strings during password changing function
* pam_wheel:
- feature: can use the module to provide wheel access to non-root
accounts.
* pam_limits:
- added '%' domain for maxlogins limiting, now '*' and @group
have the old meaning (every) and '%' the new one (all)
- handle negative priority limits (which can apply to the
superuser too).
* pam_userdb:
- require that all of typed password matches that in database
* pam_access:
- added the 'fieldsep=' argument, made a PAM_RHOST of ""
equivalent to NULL
Incidentally, cups-1.1.18 will once again do PAM authentication using
pam_unix.so if built against PAM-0.77.
incompatible changes to libpam.so; prior versions were buggy so upgrading
is highly recommended.
Pkgsrc changes from version 0.72 include:
* Honor ${PKG_SYSCONFDIR}: the config files are now found in /etc/pam.conf
and /etc/pam/*.conf, or in the appropriate ${PKG_SYSCONFBASE} directory.
* Convert to use the general INSTALL/DEINSTALL scripts.
Changes from version 0.72 include:
* bug fixes to almost every PAM module
* pam_pwdb replaced with pam_unix
* fixed a small security hole (more of a user confusion issue) with
the unix and pwdb password helper binaries.
* improved handling of the setcred/close_session and update chauthtok
stack. *Warning* This is a backwardly incompatible change, but 'more
sane' than before. (Bug 129775 - agmorgan)
* added support for '/' symbols in pam_time and pam_group config files
(support for modern terminal devices). Fixed infinite loop problem
with '\\[^\n]' in these files.
* added accessconf=<filename> feature to pam_access
