[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Linux-PAM pre release


I've made another pre-release of Linux-PAM.  I've added all of the patches
that I had outstanding.  To my knowledge, the only thing that is missing is
the sufficient -> [success=ok other=ignore] change.  (I don't have that

Depending upon how my job search pans out, I may be leaving the active Linux
community.  If there is anyone out there that is keen and up to maintaining
this library, I'd like to hear from you now so I can feel good about passing
on the responsibility later...

Best wishes


Here is the ever lengthening list of changes over 0.57

* pam_getenvlist() has a more robust definition (XSSO) than was previously
  thought.  It would seem that we no longer need pam_misc_copy_env()
  which was there to provide the robustness that pam_getenvlist()
  lacked before...

  Accordingly, I have REMOVED the prototype from libpam_misc. (The
  function, however, will remain in the library as a wrapper for
  legacy apps, but will likely be removed from libpam_misc-1.0.) PLEASE

* Alexy Nogin reported garbage output from pam_env in the case of
  a non-existent environment variable.  This may be fixed, but I have
  not yet had any feedback on it.

* 'fixed' pwdb compilation for pam_wheel.  Not very cleanly
  done.. Mmmm. Should really clean up the entire source tree...

* added prototypes for mapping functions


  various constants have had there names changed.  Numerical values have
  been retained but be aware some source old modules/applications will
  need to be fixed before recompilation.


* appended documentation to README for pam_rhosts module (Nicolai

* verified X/Open compatibility of header files - note, where we differ
  it is at the level of compilation warnings and the use of 'const char *'
  instead of 'char *'.  Previously, Sun(X/open) have revised their spec
  to be more 'const'-ervative in the light of comments from Linux-PAM


	changed: pam_pwdb(pam_unix_acct) (also bug fix for
	_shadow_acct_mgmt_exp() return value), pam_stress,
	libpam/pam_dispatch, blank, xsh.

* New: PAM_AUTHTOK_EXPIRED - password has expired.

* Ooops! PAM_CRED_ESTABLISH (etc.) should have been PAM_ESTABLISH_CRED
  etc... (changed - this may break some people's modules - PLEASE TAKE
	changed: pam_group, pam_mail, blank, xsh; module and appl
	docs, pam_setcred manual page.

* renamed internal _pam_handle structure to be pam_handle as per XSSO.

* added PAM_RADIO_TYPE  (for multiple choice input method).  Also
  added PAM_BINARY_{MSG,PROMPT} (for interaction out of sight of user
  - this could be used for RSA type authentication but is currently
  just there for experimental purposes).  The _BINARY_ types are now
  usable with hooks in the libpam_misc conversation function.

* added pam_access module (Alexei Nogin)

* added documentation for pam_lastlog.  Also modified the module to
  not (by default) print "welcome to your new account" when it cannot
  find a utmp entry for the user (you can turn this on with the
  "never" argument).

* small correction to the pam_fail_delay manual page.  Either the appl or
  the modules header file will prototype this function.

* added "bigcrypt" (DEC's C2) algorithm(0) to pam_pwdb. (Andy Phillips)

* *BSD tweaking for various #include's etc. (pam_lastlog, pam_rhosts,
  pam_wheel, libpam/pam_handlers). (Michael Smith)

* added configuration directory $SCONFIGED for module specific
  configuration files.

* added two new "linked" man pages (pam.conf(8) and pam.d(8))

* included a reasonable default for /etc/pam.conf (which can be
  translated to /etc/pam.d/* files with the pam_conv1 binary)

* fixed the names of the new configuration files in

* fixed make check.

* pam_lastlog fixed to handle UID in virgin part of /var/log/lastlog
  (bug report from Ronald Wahl).

* grammar fix in pam_cracklib

* segfault avoided in pam_pwdb (getting user). Updating of passwords
  that are directed to a "new" database are more robust now (bug noted
  by Michael K. Johnson).  Added "unix" module argument for migrating
  passwords from another database to /etc/passwd. (documentation

* ctrl-D respected in conversation function (libpam_misc)

* Removed -DPAM_FAIL_DELAY_ON from top-level Makefile. Nothing in
  the distribution uses it.  I guess this change happened a while
  back, basically I'm trying to make the module parts of the
  distribution "source compatible" with the RFC definition of PAM.
  This implementation of PAM is a superset of that definition. I have
  added the following symbols to the Linux-PAM header files:

	PAM_DATA_SILENT (see _pam_types.h)
	HAVE_PAM_FAIL_DELAY (see _pam_types.h)
	PAM_DATA_REPLACE (see _pam_modules.h)

  Any module (or application) that wants to utilize these features,
  should check (#ifdef) for these tokens before using the associated
  functionality.  (Credit to Michael K. Johnson for pointing out my
  earlier omission: not documenting this change :*)

* first stab at making modules more independent of full library
  source.  Modules converted:

* pam_env.c: #include <errno.h> added to ease GNU libc use. (Michael
  K. Johnson)

* pam_unix_passwd fixes to shadow aging code (Eliot Frank)

* added README for pam_tally

               Linux-PAM, libpwdb, Orange-Linux and Linux-GSS

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []