1pam-modules -- history of user-visible changes. 2018-01-02 2Copyright (C) 2001, 2004-2005, 2007-2012, 2015, 2018 Sergey Poznyakoff 3See the end of file for copying conditions. 4 5Please send pam-modules bug reports to <bug-pam-modules@gnu.org.ua> 6 7Version 2.2, 2018-01-02 8 9* Improve pam_fshadow 10 11This release allows the user to use arbitrary group numbers for 12username and domain parts. 13 14New options username-index and domain-index are used to indicate 15indices of the parenthesized groups used to extract the user and 16the domain name. The default corresponds to 'user-index=1 domain-index=1'. 17 18Additionally, the behavior in case if the user name doesn't match the 19regexp is changed. Previous versions would fall back to plain 20authentication. The new behavior is to reject access. 21 22Version 2.1, 2015-08-04 23 24Fix documentation. 25 26 27Version 2.0, 2015-02-26 28 29* pam_ldaphome reads LDAP configuration from /etc/ldap.conf 30 31This is in addition to its regular configuration file. 32 33* pam_ldaphome runs inirc-command with user privileges 34 35To run the command with root privileges, the configuration 36variable initrc-root must be set to true. 37 38* New pam_ldaphome variable: user-keys-boundary 39 40User key files can contain both keys managed by pam_ldaphome and 41added by the user. These two groups of keys must be separated by 42a special comment line, which informs pam_ldaphome that all keys 43below it must be retained. 44 45This feature is enabled by the user-keys-boundary configuration 46setting. Its value defines a string which, when used after a 47'#' character, forms the delimiting comment. E.g. if the 48configuration file contains: 49 50 user-keys-boundary :user 51 52then the line '#:user' can be used to delimit ldap-synchronized 53and user-specific keys. 54 55* audit option 56 57All modules now support 'audit' option, which is equivalent to 58debug=100, i.e. it enables logging maximum debugging output. 59 60* pam_fshadow is built on all systems 61 62 63Version 1.9, 2014-05-21 64 65* New module pam_groupmember 66 67Tests whether the user is a member of one or more groups. 68 69* pam_ldaphome can invoke an external program 70 71An external program defined with the inirc-command keyword is run 72in the newly created user's home directory. It can be used for 73per-user customization of the files copied from the skeleton dir. 74 75The examples directory contains a perl program "usergitconfig", which, 76when used as inirc-command, initializes the user's .gitconfig file. 77 78* New auxiliary utilities 79 80** ldappubkey 81 82The `ldappubkey' utility is a simple Perl program which takes user 83login name as its argument and produces on the standard output public 84ssh keys for that user, each on a separate line. The program is 85designed for use with `openssh' version 6.2p1 or higher. 86 87** usergitconfig 88 89Customizes user's `.gitconfig' file using attributes from his LDAP 90entry. This utility can be used with the initrc-command statement 91in pam_ldaphome.conf file. 92 93* Bugfixes 94 95 96Version 1.8, 2013-07-29 97 98* pam_ldaphome 99 100This module creates the user home directory, if it does not 101already exist, and updates his `.ssh/authorized_keys' file with the 102keys from the LDAP database. 103 104* pam_umotd 105 106Pam_umotd displays a user-specific message of the day. The text can 107be taken either from a disk file, or read from the standard output of 108a program launched for that purpose. This module is Linux-specific. 109 110* Bugfixes 111** pam_fshadow made reentrant 112 113 114 115Version 1.7, 2011-04-08 116 117* Allow for use of `CALL proc' in MySQL queries. 118* Minor bugfixes in pamck. 119 120 121Version 1.6, 2009-02-25 122 123* pamck 124 125Pamck is a command line utility for checking PAM authentication and 126other management groups. E.g.: 127 128 pamck -s login smith 129 130attempts to authenticate user `smith' using PAM service name `login'. 131 132 133Version 1.5, 2009-02-17 134 135* Configure 136 137New command line options: 138 139 --disable-fshadow 140 --disable-log 141 --disable-regex 142 143Improved autodetection of MySQL and PostgreSQL libraries. 144 145Missing prerequisites for any module cause disabling of that module, 146but the configuration process continues. 147 148 149Version 1.4, 2008-03-20 150 151* pam_mysql and pam_pgsql 152 153** Session management 154 155Session management is implemented for both modules. Session 156management queries are `session-start-query' and `session-stop-query'. 157 158** Variable expansion in configuration file. 159 160Old style of variable expansion has been dropped. The `$name' 161notation is used instead. To convert your old configuration files, 162replace %u with $user, and %p with $password. 163 164** setenv-query 165 166This new query allows to store arbitrary data in PAM environment. 167 168 169Version 1.3, 2008-03-15 170 171* pam_mysql and pam_pgsql 172 173** Configuration file syntax 174 175Long statements can be split over several lines by placing 176'\' character at the end of each line. 177 178** ldap passwords 179 180Both modules understand passwords in LDAP form. A special 181configuration file statement `allow-ldap-pass' is provided to control 182this feature. By default, `allow-ldap-pass yes' is assumed. 183 184 185Version 1.2, 2008-03-14 186 187* Several fixes in debugging code and pam_mysql, pam_pgsql modules. 188 189* pam_fshadow 190 191By default extended regular expressions are used. 192 193* pam_regex transform=expr 194 195New command line option `transform' allows to rewrite user names. 196 197 198Version 1.1, 2007-08-11 199 200* pam_fshadow allows to use virtual domains to specify alternate password 201databases. New options: regex, basic, extended, ignore-case, icase 202and revert-index. 203 204* pam_regex: ignore-case can be used as an alias to icase. 205 206* New modules 207 208pam_log Log arbitrary data 209pam_mysql Authenticate using a MySQL database 210pam_pgsql Authenticate using a PostgreSQL database 211 212 213Version 1.0 214 215 Added documentation, improved configuration suite. 216 217 218Version 0.1 219 220 Initial release. See README for short description. 221 222^L 223========================================================================= 224Copyright information: 225 226Copyright (C) 2001, 2004-2005, 2007-2015 Sergey Poznyakoff 227 228 Permission is granted to anyone to make or distribute verbatim copies 229 of this document as received, in any medium, provided that the 230 copyright notice and this permission notice are preserved, 231 thus giving the recipient permission to redistribute in turn. 232 233 Permission is granted to distribute modified versions 234 of this document, or of portions of it, 235 under the above conditions, provided also that they 236 carry prominent notices stating who last changed them. 237 238Local variables: 239mode: outline 240paragraph-separate: "[ ]*$" 241eval: (add-hook 'write-file-hooks 'time-stamp) 242time-stamp-start: "changes. " 243time-stamp-format: "%:y-%02m-%02d" 244time-stamp-end: "\n" 245end: 246 247 248