rpms/pam/devel pam-0.99.8.1-unix-hpux-aging.patch, NONE, 1.1 pam-0.99.8.1-unix-update-helper.patch, 1.2, 1.3 pam.spec, 1.164, 1.165 pam-0.99.7.1-unix-hpux-aging.patch, 1.1, NONE
Tomas Mraz (tmraz)
fedora-extras-commits at redhat.com
Tue Jan 8 18:54:59 UTC 2008
Author: tmraz
Update of /cvs/pkgs/rpms/pam/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22870
Modified Files:
pam-0.99.8.1-unix-update-helper.patch pam.spec
Added Files:
pam-0.99.8.1-unix-hpux-aging.patch
Removed Files:
pam-0.99.7.1-unix-hpux-aging.patch
Log Message:
* Wed Jan 8 2008 Tomas Mraz <tmraz at redhat.com> 0.99.8.1-14
- support for sha256 and sha512 password hashes
- account expiry checks moved to unix_chkpwd helper
pam-0.99.8.1-unix-hpux-aging.patch:
--- NEW FILE pam-0.99.8.1-unix-hpux-aging.patch ---
diff -up Linux-PAM-0.99.8.1/modules/pam_unix/passverify.h.unix-hpux-aging Linux-PAM-0.99.8.1/modules/pam_unix/passverify.h
--- Linux-PAM-0.99.8.1/modules/pam_unix/passverify.h.unix-hpux-aging 2008-01-08 14:43:36.000000000 +0100
+++ Linux-PAM-0.99.8.1/modules/pam_unix/passverify.h 2008-01-08 15:49:43.000000000 +0100
@@ -13,7 +13,7 @@
#define OLD_PASSWORDS_FILE "/etc/security/opasswd"
int
-verify_pwd_hash(const char *p, const char *hash, unsigned int nullok);
+verify_pwd_hash(const char *p, char *hash, unsigned int nullok);
int
is_pwd_shadowed(const struct passwd *pwd);
diff -up Linux-PAM-0.99.8.1/modules/pam_unix/passverify.c.unix-hpux-aging Linux-PAM-0.99.8.1/modules/pam_unix/passverify.c
--- Linux-PAM-0.99.8.1/modules/pam_unix/passverify.c.unix-hpux-aging 2008-01-08 14:43:36.000000000 +0100
+++ Linux-PAM-0.99.8.1/modules/pam_unix/passverify.c 2008-01-08 15:49:02.000000000 +0100
@@ -44,14 +44,32 @@
# include "./lckpwdf.-c"
#endif
+static void
+strip_hpux_aging(char *p)
+{
+ const char *valid = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ "abcdefghijklmnopqrstuvwxyz"
+ "0123456789./";
+ if ((*p != '$') && (strlen(p) > 13)) {
+ for (p += 13; *p != '\0'; p++) {
+ if (strchr(valid, *p) == NULL) {
+ *p = '\0';
+ break;
+ }
+ }
+ }
+}
+
int
-verify_pwd_hash(const char *p, const char *hash, unsigned int nullok)
+verify_pwd_hash(const char *p, char *hash, unsigned int nullok)
{
- size_t hash_len = strlen(hash);
+ size_t hash_len;
char *pp = NULL;
int retval;
D(("called"));
+ strip_hpux_aging(hash);
+ hash_len = strlen(hash);
if (!hash_len) {
/* the stored password is NULL */
if (nullok) { /* this means we've succeeded */
pam-0.99.8.1-unix-update-helper.patch:
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.2 -r 1.3 pam-0.99.8.1-unix-update-helper.patch
Index: pam-0.99.8.1-unix-update-helper.patch
===================================================================
RCS file: /cvs/pkgs/rpms/pam/devel/pam-0.99.8.1-unix-update-helper.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- pam-0.99.8.1-unix-update-helper.patch 18 Sep 2007 20:23:57 -0000 1.2
+++ pam-0.99.8.1-unix-update-helper.patch 8 Jan 2008 18:54:47 -0000 1.3
@@ -1,14 +1,51 @@
+diff -up Linux-PAM-0.99.8.1/modules/pam_unix/pam_unix_sess.c.update-helper Linux-PAM-0.99.8.1/modules/pam_unix/pam_unix_sess.c
+--- Linux-PAM-0.99.8.1/modules/pam_unix/pam_unix_sess.c.update-helper 2006-06-17 18:44:58.000000000 +0200
++++ Linux-PAM-0.99.8.1/modules/pam_unix/pam_unix_sess.c 2008-01-07 16:39:07.000000000 +0100
+@@ -73,7 +73,7 @@ PAM_EXTERN int pam_sm_open_session(pam_h
+
+ D(("called."));
+
+- ctrl = _set_ctrl(pamh, flags, NULL, argc, argv);
++ ctrl = _set_ctrl(pamh, flags, NULL, NULL, argc, argv);
+
+ retval = pam_get_item(pamh, PAM_USER, (void *) &user_name);
+ if (user_name == NULL || *user_name == '\0' || retval != PAM_SUCCESS) {
+@@ -107,7 +107,7 @@ PAM_EXTERN int pam_sm_close_session(pam_
+
+ D(("called."));
+
+- ctrl = _set_ctrl(pamh, flags, NULL, argc, argv);
++ ctrl = _set_ctrl(pamh, flags, NULL, NULL, argc, argv);
+
+ retval = pam_get_item(pamh, PAM_USER, (void *) &user_name);
+ if (user_name == NULL || *user_name == '\0' || retval != PAM_SUCCESS) {
diff -up Linux-PAM-0.99.8.1/modules/pam_unix/pam_unix_passwd.c.update-helper Linux-PAM-0.99.8.1/modules/pam_unix/pam_unix_passwd.c
--- Linux-PAM-0.99.8.1/modules/pam_unix/pam_unix_passwd.c.update-helper 2007-04-30 12:47:30.000000000 +0200
-+++ Linux-PAM-0.99.8.1/modules/pam_unix/pam_unix_passwd.c 2007-09-18 09:52:43.000000000 +0200
++++ Linux-PAM-0.99.8.1/modules/pam_unix/pam_unix_passwd.c 2008-01-08 16:17:32.000000000 +0100
@@ -2,6 +2,7 @@
* Main coding by Elliot Lee <sopwith at redhat.com>, Red Hat Software.
* Copyright (C) 1996.
* Copyright (c) Jan Rêkorajski, 1999.
-+ * Copyright (c) Red Hat, Inc., 2007.
++ * Copyright (c) Red Hat, Inc., 2007, 2008.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
+@@ -63,7 +64,6 @@
+ #ifdef WITH_SELINUX
+ static int selinux_enabled=-1;
+ #include <selinux/selinux.h>
+-static security_context_t prev_context=NULL;
+ #define SELINUX_ENABLED (selinux_enabled!=-1 ? selinux_enabled : (selinux_enabled=is_selinux_enabled()>0))
+ #endif
+
+@@ -84,6 +84,7 @@ static security_context_t prev_context=N
+ #include "yppasswd.h"
+ #include "md5.h"
+ #include "support.h"
++#include "passverify.h"
+ #include "bigcrypt.h"
+
+ #if !((__GLIBC__ == 2) && (__GLIBC_MINOR__ >= 1))
@@ -92,15 +93,6 @@ extern int getrpcport(const char *host,
#endif /* GNU libc 2.1 */
@@ -159,64 +196,7 @@
retval = PAM_AUTH_ERR;
} else {
retval = WEXITSTATUS(retval);
-@@ -315,8 +249,56 @@ static int _unix_run_shadow_binary(pam_h
-
- return retval;
- }
-+
-+static int selinux_confined(void)
-+{
-+ static int confined = -1;
-+ int fd;
-+ char tempfile[]="/etc/.pwdXXXXXX";
-+
-+ if (confined != -1)
-+ return confined;
-+
-+ /* cannot be confined without SELinux enabled */
-+ if (!SELINUX_ENABLED){
-+ confined = 0;
-+ return confined;
-+ }
-+
-+ /* let's try opening shadow read only */
-+ if ((fd=open("/etc/shadow", O_RDONLY)) != -1) {
-+ close(fd);
-+ confined = 0;
-+ return confined;
-+ }
-+
-+ if (errno == EACCES) {
-+ confined = 1;
-+ return confined;
-+ }
-+
-+ /* shadow opening failed because of other reasons let's try
-+ creating a file in /etc */
-+ if ((fd=mkstemp(tempfile)) != -1) {
-+ unlink(tempfile);
-+ close(fd);
-+ confined = 0;
-+ return confined;
-+ }
-+
-+ confined = 1;
-+ return confined;
-+}
-+
-+#else
-+static int selinux_confined(void)
-+{
-+ return 0;
-+}
- #endif
-
-+#include "passupdate.c"
-+
- static int check_old_password(const char *forwho, const char *newpass)
- {
- static char buf[16384];
-@@ -354,393 +336,6 @@ static int check_old_password(const char
+@@ -354,393 +288,6 @@ static int check_old_password(const char
return retval;
}
@@ -610,18 +590,22 @@
static int _do_setpass(pam_handle_t* pamh, const char *forwho,
const char *fromwhat,
char *towhat, unsigned int ctrl, int remember)
-@@ -769,7 +364,7 @@ static int _do_setpass(pam_handle_t* pam
+@@ -768,9 +315,7 @@ static int _do_setpass(pam_handle_t* pam
+ enum clnt_stat err;
/* Unlock passwd file to avoid deadlock */
- #ifdef USE_LCKPWDF
+-#ifdef USE_LCKPWDF
- ulckpwdf();
+-#endif
+ unlock_pwdf();
- #endif
unlocked = 1;
-@@ -832,33 +427,22 @@ static int _do_setpass(pam_handle_t* pam
+ /* Initialize password information */
+@@ -830,129 +375,63 @@ static int _do_setpass(pam_handle_t* pam
+ }
+
if (_unix_comesfromsource(pamh, forwho, 1, 0)) {
- #ifdef USE_LCKPWDF
+-#ifdef USE_LCKPWDF
if(unlocked) {
- int i = 0;
- /* These values for the number of attempts and the sleep time
@@ -639,72 +623,169 @@
return PAM_AUTHTOK_LOCK_BUSY;
}
}
- #endif
+#ifdef WITH_SELINUX
-+ if (selinux_confined())
++ if (unix_selinux_confined())
+ return _unix_run_update_binary(pamh, ctrl, forwho, fromwhat, towhat, remember);
-+#endif
+ #endif
/* first, save old password */
- if (save_old_password(pamh, forwho, fromwhat, remember)) {
+ if (save_old_password(forwho, fromwhat, remember)) {
retval = PAM_AUTHTOK_ERR;
goto done;
}
- if (on(UNIX_SHADOW, ctrl) || _unix_shadowed(pwd)) {
- retval = _update_shadow(pamh, forwho, towhat);
+- if (on(UNIX_SHADOW, ctrl) || _unix_shadowed(pwd)) {
+- retval = _update_shadow(pamh, forwho, towhat);
-#ifdef WITH_SELINUX
- if (retval != PAM_SUCCESS && SELINUX_ENABLED)
- retval = _unix_run_shadow_binary(pamh, ctrl, forwho, fromwhat, towhat);
-#endif
++ if (on(UNIX_SHADOW, ctrl) || is_pwd_shadowed(pwd)) {
++ retval = unix_update_shadow(pamh, forwho, towhat);
if (retval == PAM_SUCCESS)
- if (!_unix_shadowed(pwd))
- retval = _update_passwd(pamh, forwho, "x");
-@@ -870,7 +454,7 @@ static int _do_setpass(pam_handle_t* pam
+- if (!_unix_shadowed(pwd))
+- retval = _update_passwd(pamh, forwho, "x");
++ if (!is_pwd_shadowed(pwd))
++ retval = unix_update_passwd(pamh, forwho, "x");
+ } else {
+- retval = _update_passwd(pamh, forwho, towhat);
++ retval = unix_update_passwd(pamh, forwho, towhat);
+ }
+ }
+
done:
- #ifdef USE_LCKPWDF
[...2856 lines suppressed...]
+- if (pwd == NULL)
+- retval = PAM_USER_UNKNOWN;
+- else
+- retval = PAM_AUTHINFO_UNAVAIL;
+ if (on(UNIX_AUDIT, ctrl)) {
+ /* this might be a typo and the user has given a password
+ instead of a username. Careful with this. */
+- pam_syslog(pamh, LOG_ALERT,
++ pam_syslog(pamh, LOG_WARNING,
+ "check pass; user (%s) unknown", name);
+ } else {
+ name = NULL;
+ if (on(UNIX_DEBUG, ctrl) || pwd == NULL) {
+- pam_syslog(pamh, LOG_ALERT,
++ pam_syslog(pamh, LOG_WARNING,
+ "check pass; user unknown");
+ } else {
+ /* don't log failure as another pam module can succeed */
+@@ -679,48 +604,7 @@ int _unix_verify_password(pam_handle_t *
+ }
+ }
+ } else {
+- size_t salt_len = strlen(salt);
+- if (!salt_len) {
+- /* the stored password is NULL */
+- if (off(UNIX__NONULL, ctrl)) {/* this means we've succeeded */
+- D(("user has empty password - access granted"));
+- retval = PAM_SUCCESS;
+- } else {
+- D(("user has empty password - access denied"));
+- retval = PAM_AUTH_ERR;
+- }
+- } else if (!p || *salt == '*' || *salt == '!') {
+- retval = PAM_AUTH_ERR;
+- } else {
+- if (!strncmp(salt, "$1$", 3)) {
+- pp = Goodcrypt_md5(p, salt);
+- if (pp && strcmp(pp, salt) != 0) {
+- _pam_delete(pp);
+- pp = Brokencrypt_md5(p, salt);
+- }
+- } else if (*salt != '$' && salt_len >= 13) {
+- pp = bigcrypt(p, salt);
+- if (pp && salt_len == 13 && strlen(pp) > salt_len) {
+- _pam_overwrite(pp + salt_len);
+- }
+- } else {
+- /*
+- * Ok, we don't know the crypt algorithm, but maybe
+- * libcrypt nows about it? We should try it.
+- */
+- pp = x_strdup (crypt(p, salt));
+- }
+- p = NULL; /* no longer needed here */
+-
+- /* the moment of truth -- do we agree with the password? */
+- D(("comparing state of pp[%s] and salt[%s]", pp, salt));
+-
+- if (pp && strcmp(pp, salt) == 0) {
+- retval = PAM_SUCCESS;
+- } else {
+- retval = PAM_AUTH_ERR;
+- }
+- }
++ retval = verify_pwd_hash(p, salt, off(UNIX__NONULL, ctrl));
+ }
- CLEANFILES = *~
+ if (retval == PAM_SUCCESS) {
+@@ -809,8 +693,6 @@ cleanup:
+ _pam_delete(data_name);
+ if (salt)
+ _pam_delete(salt);
+- if (pp)
+- _pam_delete(pp);
--EXTRA_DIST = README md5.c md5_crypt.c lckpwdf.-c $(MANS) CHANGELOG \
-+EXTRA_DIST = README md5.c md5_crypt.c lckpwdf.-c passupdate.c $(MANS) CHANGELOG \
- tst-pam_unix $(XMLS)
+ D(("done [%d].", retval));
+
+@@ -971,26 +853,12 @@ int _unix_read_password(pam_handle_t * p
+ return PAM_SUCCESS;
+ }
- man_MANS = pam_unix.8 unix_chkpwd.8
-@@ -16,7 +16,8 @@ securelibdir = $(SECUREDIR)
+-int _unix_shadowed(const struct passwd *pwd)
+-{
+- if (pwd != NULL) {
+- if (strcmp(pwd->pw_passwd, "x") == 0) {
+- return 1;
+- }
+- if ((pwd->pw_passwd[0] == '#') &&
+- (pwd->pw_passwd[1] == '#') &&
+- (strcmp(pwd->pw_name, pwd->pw_passwd + 2) == 0)) {
+- return 1;
+- }
+- }
+- return 0;
+-}
+-
+ /* ****************************************************************** *
+ * Copyright (c) Jan Rêkorajski 1999.
+ * Copyright (c) Andrew G. Morgan 1996-8.
+ * Copyright (c) Alex O. Yuriev, 1996.
+ * Copyright (c) Cristian Gafton 1996.
++ * Copyright (c) Red Hat, Inc. 2007.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+diff -up Linux-PAM-0.99.8.1/modules/pam_unix/Makefile.am.update-helper Linux-PAM-0.99.8.1/modules/pam_unix/Makefile.am
+--- Linux-PAM-0.99.8.1/modules/pam_unix/Makefile.am.update-helper 2006-12-18 19:50:50.000000000 +0100
++++ Linux-PAM-0.99.8.1/modules/pam_unix/Makefile.am 2008-01-08 16:17:32.000000000 +0100
+@@ -16,7 +16,9 @@ securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
- -DCHKPWD_HELPER=\"$(sbindir)/unix_chkpwd\"
+ -DCHKPWD_HELPER=\"$(sbindir)/unix_chkpwd\" \
-+ -DUPDATE_HELPER=\"$(sbindir)/unix_update\"
++ -DUPDATE_HELPER=\"$(sbindir)/unix_update\" \
++ -DPATH_RANDOMDEV=\"/dev/urandom\"
if HAVE_LIBSELINUX
AM_CFLAGS += -D"WITH_SELINUX"
-@@ -34,9 +35,9 @@ endif
+@@ -25,33 +27,40 @@ if HAVE_LIBCRACK
+ AM_CFLAGS += -D"USE_CRACKLIB"
+ endif
+
+-pam_unix_la_LDFLAGS = -no-undefined -avoid-version -module \
+- @LIBCRACK@ @LIBNSL@ -L$(top_builddir)/libpam -lpam \
+- @LIBCRYPT@ @LIBSELINUX@
++pam_unix_la_LDFLAGS = -no-undefined -avoid-version -module
+ if HAVE_VERSIONING
+ pam_unix_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
+ endif
++pam_unix_la_LIBADD = @LIBCRACK@ @LIBNSL@ -L$(top_builddir)/libpam -lpam \
++ @LIBCRYPT@ @LIBSELINUX@
securelib_LTLIBRARIES = pam_unix.la
@@ -2588,21 +3681,43 @@
noinst_PROGRAMS = bigcrypt
-@@ -48,11 +49,16 @@ bigcrypt_SOURCES = bigcrypt.c bigcrypt_m
+ pam_unix_la_SOURCES = bigcrypt.c pam_unix_acct.c \
+ pam_unix_auth.c pam_unix_passwd.c pam_unix_sess.c support.c \
+- yppasswd_xdr.c md5_good.c md5_broken.c
++ passverify.c yppasswd_xdr.c md5_good.c md5_broken.c
+
+ bigcrypt_SOURCES = bigcrypt.c bigcrypt_main.c
bigcrypt_CFLAGS = $(AM_CFLAGS)
- bigcrypt_LDFLAGS = @LIBCRYPT@
+-bigcrypt_LDFLAGS = @LIBCRYPT@
++bigcrypt_LDADD = @LIBCRYPT@
-unix_chkpwd_SOURCES = unix_chkpwd.c md5_good.c md5_broken.c bigcrypt.c
-+unix_chkpwd_SOURCES = unix_chkpwd.c passverify.c md5_good.c md5_broken.c bigcrypt.c
- unix_chkpwd_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@
- unix_chkpwd_LDFLAGS = @PIE_LDFLAGS@ -L$(top_builddir)/libpam -lpam \
- @LIBCRYPT@ @LIBSELINUX@
-
-+unix_update_SOURCES = unix_update.c passverify.c md5_good.c md5_broken.c bigcrypt.c
-+unix_update_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@
-+unix_update_LDFLAGS = @PIE_LDFLAGS@ -L$(top_builddir)/libpam -lpam \
-+ @LIBCRYPT@ @LIBSELINUX@
-+
+-unix_chkpwd_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@
+-unix_chkpwd_LDFLAGS = @PIE_LDFLAGS@ -L$(top_builddir)/libpam -lpam \
+- @LIBCRYPT@ @LIBSELINUX@
++unix_chkpwd_SOURCES = unix_chkpwd.c md5_good.c md5_broken.c bigcrypt.c \
++ passverify.c
++unix_chkpwd_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@ -DHELPER_COMPILE=\"unix_chkpwd\"
++unix_chkpwd_LDFLAGS = @PIE_LDFLAGS@
++unix_chkpwd_LDADD = @LIBCRYPT@ @LIBSELINUX@
++
++unix_update_SOURCES = unix_update.c md5_good.c md5_broken.c bigcrypt.c \
++ passverify.c
++unix_update_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@ -DHELPER_COMPILE=\"unix_update\"
++unix_update_LDFLAGS = @PIE_LDFLAGS@
++unix_update_LDADD = @LIBCRYPT@ @LIBSELINUX@
+
if ENABLE_REGENERATE_MAN
noinst_DATA = README
- README: pam_unix.8.xml
+diff -up Linux-PAM-0.99.8.1/modules/pam_unix/pam_unix_auth.c.update-helper Linux-PAM-0.99.8.1/modules/pam_unix/pam_unix_auth.c
+--- Linux-PAM-0.99.8.1/modules/pam_unix/pam_unix_auth.c.update-helper 2006-12-20 15:52:55.000000000 +0100
++++ Linux-PAM-0.99.8.1/modules/pam_unix/pam_unix_auth.c 2008-01-07 16:38:50.000000000 +0100
+@@ -111,7 +111,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
+
+ D(("called."));
+
+- ctrl = _set_ctrl(pamh, flags, NULL, argc, argv);
++ ctrl = _set_ctrl(pamh, flags, NULL, NULL, argc, argv);
+
+ /* Get a few bytes so we can pass our return value to
+ pam_sm_setcred(). */
Index: pam.spec
===================================================================
RCS file: /cvs/pkgs/rpms/pam/devel/pam.spec,v
retrieving revision 1.164
retrieving revision 1.165
diff -u -r1.164 -r1.165
--- pam.spec 2 Jan 2008 10:42:27 -0000 1.164
+++ pam.spec 8 Jan 2008 18:54:47 -0000 1.165
@@ -11,7 +11,7 @@
Summary: A security tool which provides authentication for applications
Name: pam
Version: 0.99.8.1
-Release: 13%{?dist}
+Release: 14%{?dist}
# The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
# as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
# pam_rhosts_auth module is BSD with advertising
@@ -32,8 +32,7 @@
Patch4: pam-0.99.8.1-dbpam.patch
Patch5: pam-0.99.8.1-audit-no-log.patch
Patch24: pam-0.99.8.1-unix-update-helper.patch
-Patch25: pam-0.99.7.1-unix-hpux-aging.patch
-Patch26: pam-0.99.8.1-unix-blankpass.patch
+Patch25: pam-0.99.8.1-unix-hpux-aging.patch
Patch31: pam-0.99.3.0-cracklib-try-first-pass.patch
Patch32: pam-0.99.3.0-tally-fail-close.patch
Patch40: pam-0.99.7.1-namespace-temp-logon.patch
@@ -107,7 +106,7 @@
%patch5 -p1 -b .no-log
%patch24 -p1 -b .update-helper
%patch25 -p1 -b .unix-hpux-aging
-%patch26 -p1 -b .blankpass
+#%patch26 -p1 -b .blankpass
%patch31 -p1 -b .try-first-pass
%patch32 -p1 -b .fail-close
%patch40 -p1 -b .temp-logon
@@ -414,6 +413,10 @@
%doc doc/adg/*.txt doc/adg/html
%changelog
+* Wed Jan 8 2008 Tomas Mraz <tmraz at redhat.com> 0.99.8.1-14
+- support for sha256 and sha512 password hashes
+- account expiry checks moved to unix_chkpwd helper
+
* Wed Jan 2 2008 Tomas Mraz <tmraz at redhat.com> 0.99.8.1-13
- wildcard match support in pam_tty_audit (by Miloslav TrmaÄ)
--- pam-0.99.7.1-unix-hpux-aging.patch DELETED ---
More information about the fedora-extras-commits
mailing list