1pam-modules -- history of user-visible changes. 2018-01-02
2Copyright (C) 2001, 2004-2005, 2007-2012, 2015, 2018 Sergey Poznyakoff
3See the end of file for copying conditions.
4
5Please send pam-modules bug reports to <bug-pam-modules@gnu.org.ua>
6
7Version 2.2, 2018-01-02
8
9* Improve pam_fshadow
10
11This release allows the user to use arbitrary group numbers for
12username and domain parts.
13
14New options username-index and domain-index are used to indicate
15indices of the parenthesized groups used to extract the user and
16the domain name. The default corresponds to 'user-index=1 domain-index=1'.
17
18Additionally, the behavior in case if the user name doesn't match the
19regexp is changed. Previous versions would fall back to plain
20authentication. The new behavior is to reject access.
21
22Version 2.1, 2015-08-04
23
24Fix documentation.
25
26
27Version 2.0, 2015-02-26
28
29* pam_ldaphome reads LDAP configuration from /etc/ldap.conf
30
31This is in addition to its regular configuration file.
32
33* pam_ldaphome runs inirc-command with user privileges
34
35To run the command with root privileges, the configuration
36variable initrc-root must be set to true.
37
38* New pam_ldaphome variable: user-keys-boundary
39
40User key files can contain both keys managed by pam_ldaphome and
41added by the user. These two groups of keys must be separated by
42a special comment line, which informs pam_ldaphome that all keys
43below it must be retained.
44
45This feature is enabled by the user-keys-boundary configuration
46setting. Its value defines a string which, when used after a
47'#' character, forms the delimiting comment. E.g. if the
48configuration file contains:
49
50 user-keys-boundary :user
51
52then the line '#:user' can be used to delimit ldap-synchronized
53and user-specific keys.
54
55* audit option
56
57All modules now support 'audit' option, which is equivalent to
58debug=100, i.e. it enables logging maximum debugging output.
59
60* pam_fshadow is built on all systems
61
62
63Version 1.9, 2014-05-21
64
65* New module pam_groupmember
66
67Tests whether the user is a member of one or more groups.
68
69* pam_ldaphome can invoke an external program
70
71An external program defined with the inirc-command keyword is run
72in the newly created user's home directory. It can be used for
73per-user customization of the files copied from the skeleton dir.
74
75The examples directory contains a perl program "usergitconfig", which,
76when used as inirc-command, initializes the user's .gitconfig file.
77
78* New auxiliary utilities
79
80** ldappubkey
81
82The `ldappubkey' utility is a simple Perl program which takes user
83login name as its argument and produces on the standard output public
84ssh keys for that user, each on a separate line. The program is
85designed for use with `openssh' version 6.2p1 or higher.
86
87** usergitconfig
88
89Customizes user's `.gitconfig' file using attributes from his LDAP
90entry. This utility can be used with the initrc-command statement
91in pam_ldaphome.conf file.
92
93* Bugfixes
94
95
96Version 1.8, 2013-07-29
97
98* pam_ldaphome
99
100This module creates the user home directory, if it does not
101already exist, and updates his `.ssh/authorized_keys' file with the
102keys from the LDAP database.
103
104* pam_umotd
105
106Pam_umotd displays a user-specific message of the day. The text can
107be taken either from a disk file, or read from the standard output of
108a program launched for that purpose. This module is Linux-specific.
109
110* Bugfixes
111** pam_fshadow made reentrant
112
113
114
115Version 1.7, 2011-04-08
116
117* Allow for use of `CALL proc' in MySQL queries.
118* Minor bugfixes in pamck.
119
120
121Version 1.6, 2009-02-25
122
123* pamck
124
125Pamck is a command line utility for checking PAM authentication and
126other management groups. E.g.:
127
128 pamck -s login smith
129
130attempts to authenticate user `smith' using PAM service name `login'.
131
132
133Version 1.5, 2009-02-17
134
135* Configure
136
137New command line options:
138
139 --disable-fshadow
140 --disable-log
141 --disable-regex
142
143Improved autodetection of MySQL and PostgreSQL libraries.
144
145Missing prerequisites for any module cause disabling of that module,
146but the configuration process continues.
147
148
149Version 1.4, 2008-03-20
150
151* pam_mysql and pam_pgsql
152
153** Session management
154
155Session management is implemented for both modules. Session
156management queries are `session-start-query' and `session-stop-query'.
157
158** Variable expansion in configuration file.
159
160Old style of variable expansion has been dropped. The `$name'
161notation is used instead. To convert your old configuration files,
162replace %u with $user, and %p with $password.
163
164** setenv-query
165
166This new query allows to store arbitrary data in PAM environment.
167
168
169Version 1.3, 2008-03-15
170
171* pam_mysql and pam_pgsql
172
173** Configuration file syntax
174
175Long statements can be split over several lines by placing
176'\' character at the end of each line.
177
178** ldap passwords
179
180Both modules understand passwords in LDAP form. A special
181configuration file statement `allow-ldap-pass' is provided to control
182this feature. By default, `allow-ldap-pass yes' is assumed.
183
184
185Version 1.2, 2008-03-14
186
187* Several fixes in debugging code and pam_mysql, pam_pgsql modules.
188
189* pam_fshadow
190
191By default extended regular expressions are used.
192
193* pam_regex transform=expr
194
195New command line option `transform' allows to rewrite user names.
196
197
198Version 1.1, 2007-08-11
199
200* pam_fshadow allows to use virtual domains to specify alternate password
201databases. New options: regex, basic, extended, ignore-case, icase
202and revert-index.
203
204* pam_regex: ignore-case can be used as an alias to icase.
205
206* New modules
207
208pam_log Log arbitrary data
209pam_mysql Authenticate using a MySQL database
210pam_pgsql Authenticate using a PostgreSQL database
211
212
213Version 1.0
214
215 Added documentation, improved configuration suite.
216
217
218Version 0.1
219
220 Initial release. See README for short description.
221
222^L
223=========================================================================
224Copyright information:
225
226Copyright (C) 2001, 2004-2005, 2007-2015 Sergey Poznyakoff
227
228 Permission is granted to anyone to make or distribute verbatim copies
229 of this document as received, in any medium, provided that the
230 copyright notice and this permission notice are preserved,
231 thus giving the recipient permission to redistribute in turn.
232
233 Permission is granted to distribute modified versions
234 of this document, or of portions of it,
235 under the above conditions, provided also that they
236 carry prominent notices stating who last changed them.
237
238Local variables:
239mode: outline
240paragraph-separate: "[ �]*$"
241eval: (add-hook 'write-file-hooks 'time-stamp)
242time-stamp-start: "changes. "
243time-stamp-format: "%:y-%02m-%02d"
244time-stamp-end: "\n"
245end:
246
247
248