-$Id$
+=======================================================================
+=======================================================================
+
+ This file is no longer used for tracking changes for Linux-PAM. For
+ user visible changes, please look at the NEWS file. A more verbose
+ list of changes can be found in ChangeLog.
+
+=======================================================================
+=======================================================================
-----------------------------
library for helping to develop modules that contains it and other
stuff. Also add sha-1 and ripemd-160 digest algorithms.
- once above is done. remove hacks from the secret@here module etc..
- - remove prototype for gethostname in pam_access.c (Derrick)
- document PAM_INCOMPLETE changes
- verify that the PAM_INCOMPLETE interface is sensible. Can we
catch errors? should we permit item changing etc., between
- verify that the PAM_INCOMPLETE interface works (auth seems ok..)
- add PAM_INCOMPLETE support to modules (partially added to pam_pwdb)
- work on RFC.
- - do we still need to remove openlog/closelog from modules..?
- auth and acct support in pam_cracklib, "yes, I know the password
you just typed was valid, I just don't think it was very strong..."
- - add in the pam_cap and pam_netid modules
====================================================================
-Note, as of release 0.73, all checkins should be accompanied with a
-Bug ID. The bug IDs relate to sourceforge IDs.. (Of course, nothing is
-ever that simple. It turns out that at some point in Sourceforge's
-history all of the bug ids got bumped by 100000, so pretty much if you
-see a bug ID below that begins with a '1' and your attempted query
-fails, try adding 100000 to the number and trying again. I believe
-this only affects bugs before release 0.76.)
-
-You can query the related bug description with the following URL:
-
- http://sourceforge.net/tracker/index.php?func=detail&aid=XXXXXX&group_id=6663&atid=106663
-
-Where you should replace XXXXXX with a bug-id.
-
-For general documentation completion work, I'm doing it all with
-respect to specific tasks. Open tasks are listed here:
-
- http://sourceforge.net/pm/task.php?group_id=6663&group_project_id=2741&func=browse&set=open
If you have found a bug in Linux-PAM (including a documentation bug,
or a new feature request and/or patch), please consider filing such a
(to file another bug see the 'submit bug' button on that page).
-
-There is now a second bug tracking system for Linux-PAM on BerliOS.
-You can find the list of outstanding bugs on BerliOS here:
-
-http://developer.berlios.de/bugs/?func=browse&group_id=2134&set=open
-
-BerliOS Bugs are marked with (BerliOS #XXXX).
-
====================================================================
-0.79: please submit patches for this section with actual code/doc
+0.81: please submit patches for this section with actual code/doc
patches!
+* pam_umask: New module for setting umask from GECOS field, /etc/login.defs
+ or /etc/default/login (kukuk)
+* configure/pam_strerror: Remove old ugly-hack option for pam_strerror
+ interface change (kukuk)
+* configure.in: Fix AC_DEFINE usage for autoheader (kukuk)
+* configure.in/_pam_aconf.h.in: Remove feature.h inclusion (kukuk)
+* defs: Remove obsolete directory/content (kukuk)
+* Rename _pam_aconf.h.in to config.h (kukuk)
+* pam_unix: Don't ignore pam_get_item return value (kukuk)
+* pam_userdb: Fix regression - crash when crypt param not specified (t8m)
+* libpam: Remove pam_authenticate_secondary stub (kukuk)
+* Use autoconf/automake/libtool (kukuk)
+* pam_securetty: Be fail-close on user lookups, always log failures,
+ not just with "debug" (Solar Designer)
+* Add gettext support
+* Add translations for cs, de, es, fr, hu, it, ja, nb, pa, pt_BR,
+ pt, zh_CN and zh_TW
+* pam_limits: Apply ALT Linux/Owl patch
+* pam_motd: Apply ALT Linux/Owl patch
+* libpam: Cache pam_get_user() failures
+* libpam: Add pam_prompt,pam_vprompt,pam_error,pam_verror,pam_info
+ and pam_vinfo functions for use by modules as extension (kukuk).
+* pam_cracklib: Make path to cracklib dicts an option (kukuk).
+* libpam: Add pam_syslog function for unified syslog messages from
+ PAM modules (kukuk).
+* pam_tally, pam_time, pam_userdb: use pam_syslog and pam_prompt (ldv)
+* pam_issue: major cleanup (ldv)
+* pam_echo: New PAM module for message output (kukuk)
+* pam_limits: Fix regression from RLIMIT_NICE support (wrong limit
+ values for other limits are applied) patch by Anton Guda
+* pam_unix: Always honor nis flag on password change (by Aaron Hope)
+* libpam: Moved functions from pammodutil to libpam (t8m)
+* pam_lastlog: Cleanup, fix broken logic in pam_parse,
+ modify wtmp by default, nowtmp option switches that off (ldv)
+
+0.80: Wed Jul 13 13:23:20 CEST 2005
+* pam_tally: test for NULL data before dereferencing them (t8m)
+* pam_unix: fix regression introduced in 0.78 - both NIS and local password
+ should be changed if possible (t8m)
+* misc_conv: flush input first then print the prompt - fixes problem
+ with expect scripts (t8m)
+* pam_unix: nis option shouldn't clear the shadow option (t8m)
+* cleanups and minor bugfixes by Steve Grubb (t8m)
+* pam_private.h: set PAM_DEFAULT_PROMPT to "login: " (kukuk)
+* pam_mkhomedir: Create parent directories if they do not already
+ exist (Bug 600351 - kukuk)
+* pam_mkhomedir: Set owner/permissions of home directory after we
+ created all files (Bug 1032922 - kukuk)
+* pam_rhosts: Get rid of static buffer for path (kukuk)
+* pam_selinux/pam_unix/pam_rootok: Add SELinux support based on
+ patch from Red Hat (kukuk)
+* pam_limits: Correct support of unlimited limits, use correct type
+ for rlimit value (Bug 945449 - kukuk, t8m)
+* pam_xauth: Unset the XAUTHORITY variable when requesting user is
+ root and target user is not (t8m)
+* pam_access: Add listsep option to set list element separator by
+ Richard Shaffer (t8m)
+* pam_limits: Don't reset process priority if none is specified in
+ the config file (Novell #81690 - kukuk)
+* Fix all occurrence of dereferencing type-punned pointer will break
+ strict-aliasing rules warnings (kukuk)
+* pam_limits: Support new limits in linux 2.6.12 (t8m)
+* pam_mkhomedir: change mode datatype (toady)
+* pam_limits: Don't lowercase login names (kukuk)
+
+0.79: Thu Mar 31 16:48:45 CEST 2005
+* pam_tally: added audit option (toady)
* pam_unix: don't log user unknown failure when he can be properly
authenticated by another module (t8m)
* configure: don't abort if no cracklib dictinaries were found, but
warn user that pam_cracklib will not be built (kukuk)
-* modules/pam_unix/support.c: Fix return value, if user aborts while
+* modules/pam_unix/support.c: Fix return value if user aborts while
changes the password (Bug 872945 - kukuk)
+* modules/pam_unix/support.c: Fix return value for an unknown user
+ (Bug 872943 - kukuk)
* pam_limits: support for new Linux kernel 2.6 limits (from toby cabot
- t8m)
+* pam_tally: major rewrite of the module (t8m)
+* libpam: don't return PAM_IGNORE for OK or JUMP actions if using
+ cached chain (Bug 629251 - t8m)
+* pam_nologin: don't overwrite return value with return from
+ pam_get_item (t8m)
+* libpam: Add more checks for broken PAM configuration files to
+ avoid seg.faults (kukuk)
+* pam_shells: correct README
+* libpam: Fix debug code (kukuk)
+* pam_limits: Fix order of LIMITS_DEF_* priorities (kukuk)
+* pam_xauth: preserve DISPLAY variable (Novell #66885 - kukuk)
+* libpam: Add prelude ids (http://www.prelude-ids.org) support,
+ as experimental. (toady)
+* configure: Add the directory where new versions of cracklib is
+ installed (from Jim Gifford - toady)
+* libpamc: Use standard u_intX_t types instead of __uX (kukuk)
0.78: Do Nov 18 14:48:36 CET 2004
* pam_unix: change the order of trying password changes - local first,
NIS second (t8m)
-* pam_wheel: add option only_root to make it affect authentication
+* pam_wheel: add option only_root to make it affect authentication
to root account only
* pam_unix: test return values on renaming files and report error to
syslog and to user
The whole idea is to create few "systemwide" pam configs and include
parts of them in application pam configs.
(patch by "Dmitry V. Levin" <ldv@altlinux.org>) (Bug 812567 - baggins).
-* doc/modules/pam_mkhomedir.sgml: Remove wrong debug options
+* doc/modules/pam_mkhomedir.sgml: Remove wrong debug options
(Bug 591605 - kukuk)
* pam_unix: Call password checking helper whenever the password field
contains only one character (Bug 1027903 - kukuk)
(otherwise /etc/pam.conf is treated as before)
- given /etc/pam.d/
. config files are named (in lower case) by service-name
- . config files have same syntax as /etc/pam.conf except
+ . config files have same syntax as /etc/pam.conf except
that the "service-name" field is not present. (there
are thus three manditory fields (and arguments are
optional):
also some coverage of libpam_misc in the App. Developers' guide.
* Cristian's patches to pam_limits and pam_pwdb. Fixing bugs. (MORE added)
-
+
* adopted Cristian's _pam_macros.h file to help with common macros and
debugging stuff, gone through tree tidying up debugging lines to use
this [not complete].
* removed <bf/ .. / from documentation titles. This was not giving
politically correct html..
-
+
----- My vvvvvvvvvvvvvvvvvvv was a long time ago ;*] -----
Wed Sep 4 23:57:19 PDT 1996 (Andrew Morgan <morgan@physics.ucla.edu>
*** If anyone has any trouble, please *say*. Your problem will be
fixed in the next release. Also please feel free to scour the
- code for race conditions etc...
+ code for race conditions etc...
[* The above change requires that you purge your /usr/lib/security
directory of the old pam_unix_XXX.so modules: they will NOT be deleted
future documentation of static module support in pam_modules.sgml)
* libpam; many changes to makefiles and also automated the inclusion of
static module objects in pam_static.c
-* modified modules for automated static/dynamic support. Added static &
+* modified modules for automated static/dynamic support. Added static &
dynamic subdirectories, as instructed by Michael
* removed an annoying syslog message from pam_filter: "parent exited.."
* updated todo list (anyone know anything about svgalib/X? we probably should
* stable code from pam_unix is added to modules/pam_unix
* test/test.c now requests username and password and attempts
to perform authentication
-