[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Linux-PAM-0.56



Hi,

Linux-PAM-0.56 is available. Thanks to all those that submitted bug reports
and patches... Keep them coming.

I've not included anything new from the past week, please look for things
like the rhosts patch in the next pre-release.

Best wishes

Andrew

The Changelog from 0.56

0.56: Sat Feb 15 12:21:01 PST 1997 <morgan@parc.power.net>

* pam_handlers.c can now interpret the pam.d/ service config tree:
	- if /etc/pam.d/ exists /etc/pam.conf is IGNORED
	  (otherwise /etc/pam.conf is treated as before)
	- given /etc/pam.d/
	  . config files are named (in lower case) by service-name
	  . config files have same syntax as /etc/pam.conf except	
	    that the "service-name" field is not present. (there
	    are thus three manditory fields (and arguments are
	    optional):

		module-type  control-flag  module-path  optional-args...

	    )

* included conf/pam_conv1 for converting pam.conf to a pam.d/ version
  1.0 directory tree. This program reads a pam.conf file on the
  standard input stream and creates ./pam.d/ (in the local directory)
  and fills it with ./pam.d/"service-name" files.

	*> Note: It will fail if ./pam.d/ already exists.

  PLEASE REPORT ANY BUGS WITH THIS CONVERSION PROGRAM... It currently
  cannot retain comments from the old conf file, so take care to do this
  by hand. Also, please email me with the fix that makes the
  shift/reduce conflict go away...

* Added default module path to libpam for modules (see pam_handlers.c)
  it makes use of Makfile defined symbol: DEFAULT_MODULE_PATH which is
  inhereted from the defs/* variable $(SECUREDIR). Removed module
  paths from the sample pam.conf file as they are no longer needed.

* pam_pwdb can now verify read protected passwords when it is not run
  by root.  This is via a helper binary that is setuid root.

* pam_permit now prompts for a username if it is not already determined

* pam_rhosts now honors "debug" and no longer hardwire's "root" as the
  superuser's name.

* pam_securetty now honors the "debug" flag

* trouble parsing extra spaces fixed in pam_time and pam_group

* added Michael K. Johnson's PGP key to the pgp.keys.asc list

* pam_end->env not being free()'d: fixed

* manuals relocated to section 3

* fixed bug in pam_mail.c, and enhanced to recognize '~' as a prefix
  to indicate the $HOME of the user (courtesy David
  Kinchlea). *Changed* from a "session" module to an "auth"
  module. It cannot be used to authenticate a user, but it can be used
  in setting credentials.

* fixed a stupid bug in pam_warn.. Only PAM_SERVICE was being read :*(

* pam_radius rewritten to exclusively make use of libpwdb. (minor fix
  to Makefile for cleaning up - AGM)

* pam_limits extended to limit the total number of logins on a system
  at any given time.

* libpam and libpam_misc use $(MAJOR_REL) and $(MINOR_REL) to set their
  version numbers [defined in top level makefile]

* bugfix in sed command in defs/redhat.defs (AGM's fault)

* The following was related to a possibility of buffer overruns in
  the syslogging code: removed fixed length array from syslogging
  function in the following modules [capitalized the log identifier
  so the sysadmin can "know" these are fixed on the local system],

	pam_ftp, pam_stress, pam_rootok, pam_securetty,
	pam_listfile, pam_shells, pam_warn, pam_lastlog
  and
	pam_unix_passwd (where it was definitely _not_ exploitable)

-- 
               Linux-PAM, libpwdb, Orange-Linux and Linux-GSS
                  http://parc.power.net/morgan/index.html
       [ For those that prefer FTP  ---  ftp://ftp.lalug.org/morgan ]



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []