|
 |
1ba4063 |
%define pam_redhat_version 0.99.9-1
|
|
cvsdist |
035542f |
|
|
|
da4d7fa |
Summary: A security tool which provides authentication for applications
|
|
cvsdist |
d1a852a |
Name: pam
|
|
|
8955a46 |
Version: 1.0.2
|
|
|
e30408c |
Release: 2%{?dist}
|
|
|
81e34ba |
# The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
|
|
|
73ea19b |
# as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
|
|
|
73ea19b |
# pam_rhosts_auth module is BSD with advertising
|
|
|
73ea19b |
License: BSD and GPLv2+ and BSD with advertising
|
|
cvsdist |
d1a852a |
Group: System Environment/Base
|
|
|
7d29dd0 |
Source0: http://ftp.us.kernel.org/pub/linux/libs/pam/library/Linux-PAM-%{version}.tar.bz2
|
|
|
7d29dd0 |
Source1: http://ftp.us.kernel.org/pub/linux/libs/pam/library/Linux-PAM-%{version}.tar.bz2.sign
|
|
|
1ba4063 |
Source2: https://fedorahosted.org/releases/p/a/pam-redhat/pam-redhat-%{pam_redhat_version}.tar.bz2
|
|
cvsdist |
d577226 |
Source5: other.pamd
|
|
cvsdist |
d577226 |
Source6: system-auth.pamd
|
|
|
84f70fb |
Source7: config-util.pamd
|
|
cvsdist |
d577226 |
Source8: dlopen.sh
|
|
|
46d6d05 |
Source9: system-auth.5
|
|
|
46d6d05 |
Source10: config-util.5
|
|
|
0533865 |
Source11: 90-nproc.conf
|
|
|
0b9c1ba |
Patch1: pam-0.99.7.0-redhat-modules.patch
|
|
|
3be955e |
Patch5: pam-1.0.1-autoreconf.patch
|
|
|
65a47cc |
Patch10: pam-1.0.0-sepermit-screensaver.patch
|
|
|
afb096a |
Patch12: pam-1.0.0-selinux-env-params.patch
|
|
|
8938fa9 |
Patch21: pam-0.99.10.0-unix-audit-failed.patch
|
|
|
a37d2c7 |
Patch22: pam-1.0.1-unix-prompts.patch
|
|
|
8955a46 |
Patch31: pam-1.0.1-cracklib-try-first-pass.patch
|
|
|
8955a46 |
Patch32: pam-1.0.1-tally-fail-close.patch
|
|
|
e30408c |
Patch33: pam-1.0.2-tally-fdleak.patch
|
|
|
a37d2c7 |
Patch41: pam-1.0.1-namespace-create.patch
|
|
|
e30408c |
Patch42: pam-1.0.2-cracklib-pwquality.patch
|
|
|
e30408c |
Patch43: pam-0.99.6.2-lastlog-failed.patch
|
|
|
e30408c |
Patch44: pam-1.0.2-many-groups.patch
|
|
cvsdist |
cd929cb |
|
|
|
717cfde |
%define _sbindir /sbin
|
|
|
717cfde |
%define _moduledir /%{_lib}/security
|
|
|
717cfde |
%define _secconfdir %{_sysconfdir}/security
|
|
|
717cfde |
%define _pamconfdir %{_sysconfdir}/pam.d
|
|
|
717cfde |
|
|
|
717cfde |
%if %{?WITH_SELINUX:0}%{!?WITH_SELINUX:1}
|
|
|
717cfde |
%define WITH_SELINUX 1
|
|
|
717cfde |
%endif
|
|
|
717cfde |
%if %{?WITH_AUDIT:0}%{!?WITH_AUDIT:1}
|
|
|
717cfde |
%define WITH_AUDIT 1
|
|
|
717cfde |
%endif
|
|
|
717cfde |
|
|
|
0b9c1ba |
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
|
|
05cc723 |
Requires: cracklib, cracklib-dicts >= 2.8
|
|
|
392622e |
Requires(post): coreutils, /sbin/ldconfig
|
|
|
0b9c1ba |
BuildRequires: autoconf >= 2.60
|
|
|
0b9c1ba |
BuildRequires: automake, libtool
|
|
|
da4d7fa |
BuildRequires: bison, flex, sed
|
|
|
4f2fe36 |
BuildRequires: cracklib-devel, cracklib-dicts >= 2.8
|
|
|
8a453fc |
BuildRequires: perl, pkgconfig, gettext
|
|
|
f1b09e9 |
%if %{WITH_AUDIT}
|
|
|
da4d7fa |
BuildRequires: audit-libs-devel >= 1.0.8
|
|
|
ea087a7 |
Requires: audit-libs >= 1.0.8
|
|
|
f1b09e9 |
%endif
|
|
|
717cfde |
%if %{WITH_SELINUX}
|
|
|
19a8f79 |
BuildRequires: libselinux-devel >= 1.33.2
|
|
|
19a8f79 |
Requires: libselinux >= 1.33.2
|
|
|
717cfde |
%endif
|
|
|
da4d7fa |
BuildRequires: glibc >= 2.3.90-37
|
|
|
54e490e |
Requires: glibc >= 2.3.90-37
|
|
|
8955a46 |
BuildRequires: db4-devel
|
|
|
21ad6a0 |
# Following deps are necessary only to build the pam library documentation.
|
|
|
da4d7fa |
BuildRequires: linuxdoc-tools, w3m, libxslt
|
|
|
da4d7fa |
BuildRequires: docbook-style-xsl, docbook-dtds
|
|
|
21ad6a0 |
|
|
cvsdist |
69b5f73 |
URL: http://www.us.kernel.org/pub/linux/libs/pam/index.html
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
%description
|
|
cvsdist |
2e03b4f |
PAM (Pluggable Authentication Modules) is a system security tool that
|
|
cvsdist |
2e03b4f |
allows system administrators to set authentication policy without
|
|
cvsdist |
2e03b4f |
having to recompile programs that handle authentication.
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
69b5f73 |
%package devel
|
|
cvsdist |
69b5f73 |
Group: Development/Libraries
|
|
|
da4d7fa |
Summary: Files needed for developing PAM-aware applications and modules for PAM
|
|
cvsdist |
69b5f73 |
Requires: pam = %{version}-%{release}
|
|
cvsdist |
69b5f73 |
|
|
cvsdist |
69b5f73 |
%description devel
|
|
cvsdist |
2e03b4f |
PAM (Pluggable Authentication Modules) is a system security tool that
|
|
cvsdist |
2e03b4f |
allows system administrators to set authentication policy without
|
|
cvsdist |
2e03b4f |
having to recompile programs that handle authentication. This package
|
|
cvsdist |
2e03b4f |
contains header files and static libraries used for building both
|
|
cvsdist |
2e03b4f |
PAM-aware applications and modules for use with PAM.
|
|
cvsdist |
69b5f73 |
|
|
cvsdist |
d1a852a |
%prep
|
|
|
8955a46 |
%setup -q -n Linux-PAM-%{version} -a 2
|
|
cvsdist |
d577226 |
|
|
|
1ba4063 |
# Add custom modules.
|
|
|
1ba4063 |
mv pam-redhat-%{pam_redhat_version}/* modules
|
|
|
1ba4063 |
|
|
|
fbfca35 |
%patch1 -p1 -b .redhat-modules
|
|
|
3be955e |
%patch5 -p1 -b .autoreconf
|
|
|
65a47cc |
%patch10 -p1 -b .screensaver
|
|
|
afb096a |
%patch12 -p0 -b .env-params
|
|
|
8938fa9 |
%patch21 -p1 -b .audit-failed
|
|
|
a37d2c7 |
%patch22 -p1 -b .prompts
|
|
|
6c64534 |
%patch31 -p1 -b .try-first-pass
|
|
|
6c64534 |
%patch32 -p1 -b .fail-close
|
|
|
e30408c |
%patch33 -p1 -b .fdleak
|
|
|
a37d2c7 |
%patch41 -p1 -b .create
|
|
|
e30408c |
%patch42 -p1 -b .pwquality
|
|
|
e30408c |
%patch43 -p1 -b .failed
|
|
|
e30408c |
%patch44 -p1 -b .many-groups
|
|
|
71ab958 |
|
|
|
0b9c1ba |
autoreconf
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
%build
|
|
cvsdist |
d577226 |
%configure \
|
|
cvsdist |
d577226 |
--libdir=/%{_lib} \
|
|
|
f06eb03 |
--includedir=%{_includedir}/security \
|
|
|
717cfde |
%if ! %{WITH_SELINUX}
|
|
|
717cfde |
--disable-selinux \
|
|
|
717cfde |
%endif
|
|
|
717cfde |
%if ! %{WITH_AUDIT}
|
|
|
717cfde |
--disable-audit \
|
|
|
717cfde |
%endif
|
|
|
8955a46 |
--enable-isadir=../..%{_moduledir}
|
|
cvsdist |
5a39518 |
make
|
|
|
2badd4f |
# we do not use _smp_mflags because the build of sources in yacc/flex fails
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
%install
|
|
cvsdist |
05a94aa |
rm -rf $RPM_BUILD_ROOT
|
|
|
10ddab4 |
|
|
|
10ddab4 |
mkdir -p doc/txts
|
|
|
10ddab4 |
for readme in modules/pam_*/README ; do
|
|
|
10ddab4 |
cp -f ${readme} doc/txts/README.`dirname ${readme} | sed -e 's|^modules/||'`
|
|
|
10ddab4 |
done
|
|
|
10ddab4 |
|
|
cvsdist |
cd929cb |
# Install the binaries, libraries, and modules.
|
|
|
f06eb03 |
make install DESTDIR=$RPM_BUILD_ROOT LDCONFIG=:
|
|
cvsdist |
e0a9764 |
|
|
|
0533865 |
%if %{WITH_SELINUX}
|
|
|
0533865 |
# Temporary compat link
|
|
|
0533865 |
ln -sf pam_sepermit.so $RPM_BUILD_ROOT%{_moduledir}/pam_selinux_permit.so
|
|
|
0533865 |
%endif
|
|
|
0533865 |
|
|
|
0b9c1ba |
# RPM uses docs from source tree
|
|
|
0b9c1ba |
rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/Linux-PAM
|
|
|
0b9c1ba |
# Included in setup package
|
|
|
0b9c1ba |
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/environment
|
|
|
0b9c1ba |
|
|
cvsdist |
cd929cb |
# Install default configuration files.
|
|
|
717cfde |
install -d -m 755 $RPM_BUILD_ROOT%{_pamconfdir}
|
|
|
717cfde |
install -m 644 %{SOURCE5} $RPM_BUILD_ROOT%{_pamconfdir}/other
|
|
|
717cfde |
install -m 644 %{SOURCE6} $RPM_BUILD_ROOT%{_pamconfdir}/system-auth
|
|
|
717cfde |
install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_pamconfdir}/config-util
|
|
|
0533865 |
install -m 644 %{SOURCE11} $RPM_BUILD_ROOT%{_secconfdir}/limits.d/90-nproc.conf
|
|
|
717cfde |
install -m 600 /dev/null $RPM_BUILD_ROOT%{_secconfdir}/opasswd
|
|
|
4f2fe36 |
install -d -m 755 $RPM_BUILD_ROOT/var/log
|
|
|
4f2fe36 |
install -m 600 /dev/null $RPM_BUILD_ROOT/var/log/faillog
|
|
|
4f2fe36 |
install -m 600 /dev/null $RPM_BUILD_ROOT/var/log/tallylog
|
|
cvsdist |
cd929cb |
|
|
cvsdist |
69b5f73 |
# Install man pages.
|
|
|
46d6d05 |
install -m 644 %{SOURCE9} %{SOURCE10} $RPM_BUILD_ROOT%{_mandir}/man5/
|
|
cvsdist |
69b5f73 |
|
|
|
2badd4f |
for phase in auth acct passwd session ; do
|
|
|
717cfde |
ln -sf pam_unix.so $RPM_BUILD_ROOT%{_moduledir}/pam_unix_${phase}.so
|
|
|
2badd4f |
done
|
|
|
2badd4f |
|
|
|
2badd4f |
# Remove .la files and make new .so links -- this depends on the value
|
|
|
2badd4f |
# of _libdir not changing, and *not* being /usr/lib.
|
|
|
2badd4f |
install -d -m 755 $RPM_BUILD_ROOT%{_libdir}
|
|
|
2badd4f |
for lib in libpam libpamc libpam_misc ; do
|
|
|
2badd4f |
pushd $RPM_BUILD_ROOT%{_libdir}
|
|
|
2badd4f |
ln -sf ../../%{_lib}/${lib}.so.*.* ${lib}.so
|
|
|
2badd4f |
popd
|
|
|
2badd4f |
rm -f $RPM_BUILD_ROOT/%{_lib}/${lib}.so
|
|
|
2badd4f |
rm -f $RPM_BUILD_ROOT/%{_lib}/${lib}.la
|
|
|
2badd4f |
done
|
|
|
717cfde |
rm -f $RPM_BUILD_ROOT%{_moduledir}/*.la
|
|
|
2badd4f |
|
|
|
2badd4f |
# Duplicate doc file sets.
|
|
|
2badd4f |
rm -fr $RPM_BUILD_ROOT/usr/share/doc/pam
|
|
|
2badd4f |
|
|
|
717cfde |
# Create /lib/security in case it isn't the same as %{_moduledir}.
|
|
|
2badd4f |
install -m755 -d $RPM_BUILD_ROOT/lib/security
|
|
|
2badd4f |
|
|
|
2badd4f |
%find_lang Linux-PAM
|
|
|
2badd4f |
|
|
|
2badd4f |
%check
|
|
cvsdist |
cd929cb |
# Make sure every module subdirectory gave us a module. Yes, this is hackish.
|
|
cvsdist |
69b5f73 |
for dir in modules/pam_* ; do
|
|
cvsdist |
69b5f73 |
if [ -d ${dir} ] ; then
|
|
|
717cfde |
%if ! %{WITH_SELINUX}
|
|
|
717cfde |
[ ${dir} = "modules/pam_selinux" ] && continue
|
|
|
717cfde |
%endif
|
|
|
717cfde |
if ! ls -1 $RPM_BUILD_ROOT%{_moduledir}/`basename ${dir}`*.so ; then
|
|
cvsdist |
cd929cb |
echo ERROR `basename ${dir}` did not build a module.
|
|
cvsdist |
69b5f73 |
exit 1
|
|
cvsdist |
69b5f73 |
fi
|
|
cvsdist |
69b5f73 |
fi
|
|
cvsdist |
69b5f73 |
done
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d577226 |
# Check for module problems. Specifically, check that every module we just
|
|
cvsdist |
d577226 |
# installed can actually be loaded by a minimal PAM-aware application.
|
|
|
21ad6a0 |
/sbin/ldconfig -n $RPM_BUILD_ROOT/%{_lib}
|
|
|
717cfde |
for module in $RPM_BUILD_ROOT%{_moduledir}/pam*.so ; do
|
|
|
21ad6a0 |
if ! env LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib} \
|
|
|
de90b38 |
%{SOURCE8} -ldl -lpam -L$RPM_BUILD_ROOT/%{_libdir} ${module} ; then
|
|
|
c337b8b |
echo ERROR module: ${module} cannot be loaded.
|
|
cvsdist |
d577226 |
exit 1
|
|
cvsdist |
d577226 |
fi
|
|
cvsdist |
d577226 |
done
|
|
cvsdist |
d577226 |
|
|
cvsdist |
d1a852a |
%clean
|
|
cvsdist |
05a94aa |
rm -rf $RPM_BUILD_ROOT
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
69b5f73 |
%post
|
|
cvsdist |
69b5f73 |
/sbin/ldconfig
|
|
|
8a453fc |
if [ ! -a /var/log/faillog ] ; then
|
|
|
8a453fc |
install -m 600 /dev/null /var/log/faillog
|
|
|
8a453fc |
fi
|
|
|
8a453fc |
if [ ! -a /var/log/tallylog ] ; then
|
|
|
8a453fc |
install -m 600 /dev/null /var/log/tallylog
|
|
|
8a453fc |
fi
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
%postun -p /sbin/ldconfig
|
|
cvsdist |
d1a852a |
|
|
|
f06eb03 |
%files -f Linux-PAM.lang
|
|
cvsdist |
d1a852a |
%defattr(-,root,root)
|
|
|
717cfde |
%dir %{_pamconfdir}
|
|
|
717cfde |
%config(noreplace) %{_pamconfdir}/other
|
|
|
717cfde |
%config(noreplace) %{_pamconfdir}/system-auth
|
|
|
717cfde |
%config(noreplace) %{_pamconfdir}/config-util
|
|
cvsdist |
d1a852a |
%doc Copyright
|
|
|
10ddab4 |
%doc doc/txts
|
|
|
10ddab4 |
%doc doc/sag/*.txt doc/sag/html
|
|
cvsdist |
d1a852a |
%doc doc/specs/rfc86.0.txt
|
|
cvsdist |
cb2381b |
/%{_lib}/libpam.so.*
|
|
cvsdist |
cb2381b |
/%{_lib}/libpamc.so.*
|
|
cvsdist |
cb2381b |
/%{_lib}/libpam_misc.so.*
|
|
cvsdist |
cd929cb |
%{_sbindir}/pam_console_apply
|
|
cvsdist |
cd929cb |
%{_sbindir}/pam_tally
|
|
|
46d6d05 |
%{_sbindir}/pam_tally2
|
|
|
f06eb03 |
%attr(4755,root,root) %{_sbindir}/pam_timestamp_check
|
|
|
f06eb03 |
%attr(4755,root,root) %{_sbindir}/unix_chkpwd
|
|
|
09b44af |
%attr(0700,root,root) %{_sbindir}/unix_update
|
|
cvsdist |
cb2381b |
%if %{_lib} != lib
|
|
cvsdist |
cb2381b |
%dir /lib/security
|
|
cvsdist |
cb2381b |
%endif
|
|
|
717cfde |
%dir %{_moduledir}
|
|
|
717cfde |
%{_moduledir}/pam_access.so
|
|
|
717cfde |
%{_moduledir}/pam_chroot.so
|
|
|
717cfde |
%{_moduledir}/pam_console.so
|
|
|
717cfde |
%{_moduledir}/pam_cracklib.so
|
|
|
717cfde |
%{_moduledir}/pam_debug.so
|
|
|
717cfde |
%{_moduledir}/pam_deny.so
|
|
|
717cfde |
%{_moduledir}/pam_echo.so
|
|
|
717cfde |
%{_moduledir}/pam_env.so
|
|
|
717cfde |
%{_moduledir}/pam_exec.so
|
|
|
717cfde |
%{_moduledir}/pam_faildelay.so
|
|
|
717cfde |
%{_moduledir}/pam_filter.so
|
|
|
717cfde |
%{_moduledir}/pam_ftp.so
|
|
|
717cfde |
%{_moduledir}/pam_group.so
|
|
|
717cfde |
%{_moduledir}/pam_issue.so
|
|
|
717cfde |
%{_moduledir}/pam_keyinit.so
|
|
|
717cfde |
%{_moduledir}/pam_lastlog.so
|
|
|
717cfde |
%{_moduledir}/pam_limits.so
|
|
|
717cfde |
%{_moduledir}/pam_listfile.so
|
|
|
717cfde |
%{_moduledir}/pam_localuser.so
|
|
|
717cfde |
%{_moduledir}/pam_loginuid.so
|
|
|
717cfde |
%{_moduledir}/pam_mail.so
|
|
|
717cfde |
%{_moduledir}/pam_mkhomedir.so
|
|
|
717cfde |
%{_moduledir}/pam_motd.so
|
|
|
717cfde |
%{_moduledir}/pam_namespace.so
|
|
|
717cfde |
%{_moduledir}/pam_nologin.so
|
|
|
717cfde |
%{_moduledir}/pam_permit.so
|
|
|
717cfde |
%{_moduledir}/pam_postgresok.so
|
|
|
717cfde |
%{_moduledir}/pam_rhosts.so
|
|
|
717cfde |
%{_moduledir}/pam_rootok.so
|
|
|
717cfde |
%if %{WITH_SELINUX}
|
|
|
717cfde |
%{_moduledir}/pam_selinux.so
|
|
|
717cfde |
%{_moduledir}/pam_selinux_permit.so
|
|
|
0533865 |
%{_moduledir}/pam_sepermit.so
|
|
|
717cfde |
%endif
|
|
|
717cfde |
%{_moduledir}/pam_securetty.so
|
|
|
717cfde |
%{_moduledir}/pam_shells.so
|
|
|
717cfde |
%{_moduledir}/pam_stress.so
|
|
|
717cfde |
%{_moduledir}/pam_succeed_if.so
|
|
|
717cfde |
%{_moduledir}/pam_tally.so
|
|
|
717cfde |
%{_moduledir}/pam_tally2.so
|
|
|
717cfde |
%{_moduledir}/pam_time.so
|
|
|
717cfde |
%{_moduledir}/pam_timestamp.so
|
|
|
717cfde |
%{_moduledir}/pam_tty_audit.so
|
|
|
717cfde |
%{_moduledir}/pam_umask.so
|
|
|
717cfde |
%{_moduledir}/pam_unix.so
|
|
|
717cfde |
%{_moduledir}/pam_unix_acct.so
|
|
|
717cfde |
%{_moduledir}/pam_unix_auth.so
|
|
|
717cfde |
%{_moduledir}/pam_unix_passwd.so
|
|
|
717cfde |
%{_moduledir}/pam_unix_session.so
|
|
|
717cfde |
%{_moduledir}/pam_userdb.so
|
|
|
717cfde |
%{_moduledir}/pam_warn.so
|
|
|
717cfde |
%{_moduledir}/pam_wheel.so
|
|
|
717cfde |
%{_moduledir}/pam_xauth.so
|
|
|
717cfde |
%{_moduledir}/pam_filter
|
|
|
717cfde |
%dir %{_secconfdir}
|
|
|
717cfde |
%config(noreplace) %{_secconfdir}/access.conf
|
|
|
717cfde |
%config(noreplace) %{_secconfdir}/chroot.conf
|
|
|
717cfde |
%config %{_secconfdir}/console.perms
|
|
|
717cfde |
%config(noreplace) %{_secconfdir}/console.handlers
|
|
|
717cfde |
%config(noreplace) %{_secconfdir}/group.conf
|
|
|
717cfde |
%config(noreplace) %{_secconfdir}/limits.conf
|
|
|
0533865 |
%dir %{_secconfdir}/limits.d
|
|
|
0533865 |
%config(noreplace) %{_secconfdir}/limits.d/90-nproc.conf
|
|
|
717cfde |
%config(noreplace) %{_secconfdir}/namespace.conf
|
|
|
0533865 |
%dir %{_secconfdir}/namespace.d
|
|
|
717cfde |
%attr(755,root,root) %config(noreplace) %{_secconfdir}/namespace.init
|
|
|
717cfde |
%config(noreplace) %{_secconfdir}/pam_env.conf
|
|
|
717cfde |
%config(noreplace) %{_secconfdir}/sepermit.conf
|
|
|
717cfde |
%config(noreplace) %{_secconfdir}/time.conf
|
|
|
717cfde |
%config(noreplace) %{_secconfdir}/opasswd
|
|
|
717cfde |
%dir %{_secconfdir}/console.apps
|
|
|
717cfde |
%dir %{_secconfdir}/console.perms.d
|
|
|
717cfde |
%config %{_secconfdir}/console.perms.d/50-default.perms
|
|
cvsdist |
a06b5aa |
%dir /var/run/console
|
|
|
b6b1e29 |
%dir /var/run/sepermit
|
|
|
8a453fc |
%ghost %verify(not md5 size mtime) /var/log/faillog
|
|
|
8a453fc |
%ghost %verify(not md5 size mtime) /var/log/tallylog
|
|
cvsdist |
d1a852a |
%{_mandir}/man5/*
|
|
cvsdist |
d1a852a |
%{_mandir}/man8/*
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
69b5f73 |
%files devel
|
|
cvsdist |
69b5f73 |
%defattr(-,root,root)
|
|
cvsdist |
cd929cb |
%{_includedir}/security/
|
|
cvsdist |
cd929cb |
%{_mandir}/man3/*
|
|
cvsdist |
cb2381b |
%{_libdir}/libpam.so
|
|
cvsdist |
cb2381b |
%{_libdir}/libpamc.so
|
|
cvsdist |
cb2381b |
%{_libdir}/libpam_misc.so
|
|
|
10ddab4 |
%doc doc/mwg/*.txt doc/mwg/html
|
|
|
10ddab4 |
%doc doc/adg/*.txt doc/adg/html
|
|
cvsdist |
69b5f73 |
|
|
cvsdist |
d1a852a |
%changelog
|
|
|
e30408c |
* Tue Sep 23 2008 Tomas Mraz <tmraz@redhat.com> 1.0.2-2
|
|
|
e30408c |
- new password quality checks in pam_cracklib
|
|
|
e30408c |
- report failed logins from btmp in pam_lastlog
|
|
|
e30408c |
- allow larger groups in modutil functions
|
|
|
e30408c |
- fix leaked file descriptor in pam_tally
|
|
|
e30408c |
|
|
|
8955a46 |
* Mon Sep 8 2008 Tomas Mraz <tmraz@redhat.com> 1.0.2-1
|
|
|
8955a46 |
- pam_loginuid: uids are unsigned (#460241)
|
|
|
8955a46 |
- new minor upstream release
|
|
|
8955a46 |
- use external db4
|
|
|
8955a46 |
- drop tests for not pulling in libpthread (as NPTL should
|
|
|
8955a46 |
be safe)
|
|
|
8955a46 |
|
|
|
7d29dd0 |
* Wed Jul 9 2008 Tomas Mraz <tmraz@redhat.com> 1.0.1-5
|
|
|
7d29dd0 |
- update internal db4
|
|
|
7d29dd0 |
|
|
|
a37d2c7 |
* Wed May 21 2008 Tomas Mraz <tmraz@redhat.com> 1.0.1-4
|
|
|
a37d2c7 |
- pam_namespace: allow safe creation of directories owned by user (#437116)
|
|
|
a37d2c7 |
- pam_unix: fix multiple error prompts on password change (#443872)
|
|
|
a37d2c7 |
|
|
|
3be955e |
* Tue May 20 2008 Tomas Mraz <tmraz@redhat.com> 1.0.1-3
|
|
|
afb096a |
- pam_selinux: add env_params option which will be used by OpenSSH
|
|
|
3be955e |
- fix build with new autoconf
|
|
|
afb096a |
|
|
|
be4deb2 |
* Tue Apr 22 2008 Tomas Mraz <tmraz@redhat.com> 1.0.1-2
|
|
|
be4deb2 |
- pam_selinux: restore execcon properly (#443667)
|
|
|
be4deb2 |
|
|
|
65a47cc |
* Fri Apr 18 2008 Tomas Mraz <tmraz@redhat.com> 1.0.1-1
|
|
|
65a47cc |
- upgrade to new upstream release (one bugfix only)
|
|
|
65a47cc |
- fix pam_sepermit use in screensavers
|
|
|
65a47cc |
|
|
|
2613b27 |
* Mon Apr 7 2008 Tomas Mraz <tmraz@redhat.com> 1.0.0-2
|
|
|
2613b27 |
- fix regression in pam_set_item
|
|
|
2613b27 |
|
|
|
1fa0a9e |
* Fri Apr 4 2008 Tomas Mraz <tmraz@redhat.com> 1.0.0-1
|
|
|
1fa0a9e |
- upgrade to new upstream release (bugfix only)
|
|
|
1fa0a9e |
|
|
|
6aa700f |
* Thu Mar 20 2008 Tomas Mraz <tmraz@redhat.com> 0.99.10.0-4
|
|
|
6aa700f |
- pam_namespace: fix problem with level polyinst (#438264)
|
|
|
6aa700f |
- pam_namespace: improve override checking for umount
|
|
|
6aa700f |
- pam_selinux: fix syslogging a context after free() (#438338)
|
|
|
6aa700f |
|
|
|
1ba4063 |
* Thu Feb 28 2008 Tomas Mraz <tmraz@redhat.com> 0.99.10.0-3
|
|
|
1ba4063 |
- update pam-redhat module tarball
|
|
|
1ba4063 |
- update internal db4
|
|
|
1ba4063 |
|
|
|
8938fa9 |
* Fri Feb 22 2008 Tomas Mraz <tmraz@redhat.com> 0.99.10.0-2
|
|
|
8938fa9 |
- if shadow is readable for an user do not prevent him from
|
|
|
8938fa9 |
authenticating any user with unix_chkpwd (#433459)
|
|
|
8938fa9 |
- call audit from unix_chkpwd when appropriate
|
|
|
8938fa9 |
|
|
|
0533865 |
* Fri Feb 15 2008 Tomas Mraz <tmraz@redhat.com> 0.99.10.0-1
|
|
|
0533865 |
- new upstream release
|
|
|
0533865 |
- add default soft limit for nproc of 1024 to prevent
|
|
|
0533865 |
accidental fork bombs (#432903)
|
|
|
0533865 |
|
|
|
717cfde |
* Mon Feb 4 2008 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-18
|
|
|
717cfde |
- allow the package to build without SELinux and audit support (#431415)
|
|
|
717cfde |
- macro usage cleanup
|
|
|
717cfde |
|
|
|
b6b1e29 |
* Mon Jan 28 2008 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-17
|
|
|
b6b1e29 |
- test for setkeycreatecon correctly
|
|
|
b6b1e29 |
- add exclusive login mode of operation to pam_selinux_permit (original
|
|
|
b6b1e29 |
patch by Dan Walsh)
|
|
|
b6b1e29 |
|
|
|
2badd4f |
* Tue Jan 22 2008 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-16
|
|
|
2badd4f |
- add auditing to pam_access, pam_limits, and pam_time
|
|
|
2badd4f |
- moved sanity testing code to check script
|
|
|
2badd4f |
|
|
|
392622e |
* Mon Jan 14 2008 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-15
|
|
|
392622e |
- merge review fixes (#226228)
|
|
|
392622e |
|
|
|
c5d3ee3 |
* Wed Jan 8 2008 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-14
|
|
|
c5d3ee3 |
- support for sha256 and sha512 password hashes
|
|
|
c5d3ee3 |
- account expiry checks moved to unix_chkpwd helper
|
|
|
c5d3ee3 |
|
|
|
b99939f |
* Wed Jan 2 2008 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-13
|
|
|
b99939f |
- wildcard match support in pam_tty_audit (by Miloslav Trmač)
|
|
|
b99939f |
|
|
|
a36aa37 |
* Thu Nov 29 2007 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-12
|
|
|
a36aa37 |
- add pam_tty_audit module (#244352) - written by Miloslav Trmač
|
|
|
a36aa37 |
|
|
|
9ae8094 |
* Wed Nov 7 2007 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-11
|
|
|
9ae8094 |
- add substack support
|
|
|
9ae8094 |
|
|
|
00939f1 |
* Tue Sep 25 2007 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-10
|
|
|
00939f1 |
- update db4 to 4.6.19 (#274661)
|
|
|
00939f1 |
|
|
|
36d9a1c |
* Fri Sep 21 2007 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-9
|
|
|
36d9a1c |
- do not preserve contexts when copying skel and other namespace.init
|
|
|
36d9a1c |
fixes (#298941)
|
|
|
36d9a1c |
- do not free memory sent to putenv (#231698)
|
|
|
36d9a1c |
|
|
|
43c3a5a |
* Wed Sep 19 2007 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-8
|
|
|
43c3a5a |
- add pam_selinux_permit module
|
|
|
43c3a5a |
- pam_succeed_if: fix in operator (#295151)
|
|
|
43c3a5a |
|
|
|
ac8e934 |
* Tue Sep 18 2007 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-7
|
|
|
ac8e934 |
- when SELinux enabled always run the helper binary instead of
|
|
|
ac8e934 |
direct shadow access (#293181)
|
|
|
ac8e934 |
|
|
|
9e1a698 |
* Fri Aug 24 2007 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-6
|
|
|
9e1a698 |
- do not ask for blank password when SELinux confined (#254044)
|
|
|
9e1a698 |
- initialize homedirs in namespace init script (original patch by dwalsh)
|
|
|
9e1a698 |
|
|
|
73ea19b |
* Wed Aug 22 2007 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-5
|
|
|
73ea19b |
- most devices are now handled by HAL and not pam_console (patch by davidz)
|
|
|
73ea19b |
- license tag fix
|
|
|
a47d5ca |
- multifunction scanner device support (#251468)
|
|
|
73ea19b |
|
|
|
81e34ba |
* Mon Aug 13 2007 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-4
|
|
|
81e34ba |
- fix auth regression when uid != 0 from previous build (#251804)
|
|
|
81e34ba |
|
|
|
ecf62eb |
* Mon Aug 6 2007 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-3
|
|
|
8fa0463 |
- updated db4 to 4.6.18 (#249740)
|
|
|
8fa0463 |
- added user and new instance parameters to namespace init
|
|
|
8fa0463 |
- document the new features of pam_namespace
|
|
|
8fa0463 |
- do not log an audit error when uid != 0 (#249870)
|
|
|
8fa0463 |
|
|
 |
f6d27e9 |
* Wed Jul 25 2007 Jeremy Katz <katzj@redhat.com> - 0.99.8.1-2
|
|
|
f6d27e9 |
- rebuild for toolchain bug
|
|
|
f6d27e9 |
|
|
|
6c64534 |
* Mon Jul 23 2007 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-1
|
|
|
6c64534 |
- upgrade to latest upstream version
|
|
|
6c64534 |
- add some firewire devices to default console perms (#240770)
|
|
|
6c64534 |
|
|
|
09b44af |
* Thu Apr 26 2007 Tomas Mraz <tmraz@redhat.com> 0.99.7.1-6
|
|
|
09b44af |
- pam_namespace: better document behavior on failure (#237249)
|
|
|
09b44af |
- pam_unix: split out passwd change to a new helper binary (#236316)
|
|
|
09b44af |
- pam_namespace: add support for temporary logons (#241226)
|
|
|
09b44af |
|
|
|
33d3c08 |
* Fri Apr 13 2007 Tomas Mraz <tmraz@redhat.com> 0.99.7.1-5
|
|
|
33d3c08 |
- pam_selinux: improve context change auditing (#234781)
|
|
|
33d3c08 |
- pam_namespace: fix parsing config file with unknown users (#234513)
|
|
|
33d3c08 |
|
|
|
a28e30c |
* Fri Mar 23 2007 Tomas Mraz <tmraz@redhat.com> 0.99.7.1-4
|
|
|
a28e30c |
- pam_console: always decrement use count (#230823)
|
|
|
a28e30c |
- pam_namespace: use raw context for poly dir name (#227345)
|
|
|
a28e30c |
- pam_namespace: truncate long poly dir name (append hash) (#230120)
|
|
|
a28e30c |
- we don't patch any po files anymore
|
|
|
a28e30c |
|
|
|
71ab958 |
* Wed Feb 21 2007 Tomas Mraz <tmraz@redhat.com> 0.99.7.1-3
|
|
|
71ab958 |
- correctly relabel tty in the default case (#229542)
|
|
|
71ab958 |
- pam_unix: cleanup of bigcrypt support
|
|
|
71ab958 |
- pam_unix: allow modification of '*' passwords to root
|
|
|
71ab958 |
|
|
|
504a331 |
* Tue Feb 6 2007 Tomas Mraz <tmraz@redhat.com> 0.99.7.1-2
|
|
|
504a331 |
- more X displays as consoles (#227462)
|
|
|
504a331 |
|
|
|
bbd6bf0 |
* Wed Jan 24 2007 Tomas Mraz <tmraz@redhat.com> 0.99.7.1-1
|
|
|
bbd6bf0 |
- upgrade to new upstream version resolving CVE-2007-0003
|
|
|
bbd6bf0 |
- pam_namespace: unmount poly dir for override users
|
|
|
bbd6bf0 |
|
|
|
d1daca3 |
* Mon Jan 22 2007 Tomas Mraz <tmraz@redhat.com> 0.99.7.0-2
|
|
|
d1daca3 |
- add back min salt length requirement which was erroneously removed
|
|
|
bbd6bf0 |
upstream (CVE-2007-0003)
|
|
|
d1daca3 |
|
|
|
0b9c1ba |
* Fri Jan 19 2007 Tomas Mraz <tmraz@redhat.com> 0.99.7.0-1
|
|
|
0b9c1ba |
- upgrade to new upstream version
|
|
|
0b9c1ba |
- drop pam_stack module as it is obsolete
|
|
|
0b9c1ba |
- some changes to silence rpmlint
|
|
|
0b9c1ba |
|
|
|
8a453fc |
* Tue Jan 16 2007 Tomas Mraz <tmraz@redhat.com> 0.99.6.2-8
|
|
|
8a453fc |
- properly include /var/log/faillog and tallylog as ghosts
|
|
|
8a453fc |
and create them in post script (#209646)
|
|
|
8a453fc |
- update gmo files as we patch some po files (#218271)
|
|
|
8a453fc |
- add use_current_range option to pam_selinux (#220487)
|
|
|
8a453fc |
- improve the role selection in pam_selinux
|
|
|
8a453fc |
- remove shortcut on Password: in ja locale (#218271)
|
|
|
8a453fc |
- revert to old euid and not ruid when setting euid in pam_keyinit (#219486)
|
|
|
8a453fc |
- rename selinux-namespace patch to namespace-level
|
|
|
8a453fc |
|
|
 |
7ce306a |
* Thu Dec 1 2006 Dan Walsh <dwalsh@redhat.com> 0.99.6.2-7
|
|
|
8a453fc |
- fix selection of role
|
|
|
7ce306a |
|
|
|
7ce306a |
* Thu Dec 1 2006 Dan Walsh <dwalsh@redhat.com> 0.99.6.2-6
|
|
|
8a453fc |
- add possibility to pam_namespace to only change MLS component
|
|
|
8a453fc |
- Resolves: Bug #216184
|
|
|
7ce306a |
|
|
|
19a8f79 |
* Thu Nov 30 2006 Tomas Mraz <tmraz@redhat.com> 0.99.6.2-5
|
|
|
19a8f79 |
- add select-context option to pam_selinux (#213812)
|
|
|
03d7f35 |
- autoreconf won't work with autoconf-2.61 as configure.in is not yet adjusted
|
|
|
03d7f35 |
for it
|
|
|
19a8f79 |
|
|
|
4f2fe36 |
* Mon Nov 13 2006 Tomas Mraz <tmraz@redhat.com> 0.99.6.2-4
|
|
|
4f2fe36 |
- update internal db4 to 4.5.20 version
|
|
|
4f2fe36 |
- move setgid before setuid in pam_keyinit (#212329)
|
|
|
4f2fe36 |
- make username check in pam_unix consistent with useradd (#212153)
|
|
|
4f2fe36 |
|
|
|
4f2fe36 |
* Tue Oct 24 2006 Tomas Mraz <tmraz@redhat.com> 0.99.6.2-3.3
|
|
|
4f2fe36 |
- don't overflow a buffer in pam_namespace (#211989)
|
|
|
4f2fe36 |
|
|
|
4f2fe36 |
* Mon Oct 16 2006 Tomas Mraz <tmraz@redhat.com> 0.99.6.2-3.2
|
|
|
0b9c1ba |
- /var/log/faillog and tallylog must be config(noreplace)
|
|
|
4f2fe36 |
|
|
|
4f2fe36 |
* Fri Oct 13 2006 Tomas Mraz <tmraz@redhat.com> 0.99.6.2-3.1
|
|
|
4f2fe36 |
- preserve effective uid in namespace.init script (LSPP for newrole)
|
|
|
4f2fe36 |
- include /var/log/faillog and tallylog to filelist (#209646)
|
|
|
4f2fe36 |
- add ids to .xml docs so the generated html is always the same (#210569)
|
|
|
4f2fe36 |
|
|
|
ab60a42 |
* Thu Sep 28 2006 Tomas Mraz <tmraz@redhat.com> 0.99.6.2-3
|
|
|
ab60a42 |
- add pam_namespace option no_unmount_on_close, required for newrole
|
|
|
ab60a42 |
|
|
|
355576d |
* Mon Sep 4 2006 Tomas Mraz <tmraz@redhat.com> 0.99.6.2-2
|
|
|
355576d |
- silence pam_succeed_if in default system-auth (#205067)
|
|
|
355576d |
- round the pam_timestamp_check sleep up to wake up at the start of the
|
|
|
355576d |
wallclock second (#205068)
|
|
|
355576d |
|
|
|
10ddab4 |
* Thu Aug 31 2006 Tomas Mraz <tmraz@redhat.com> 0.99.6.2-1
|
|
|
10ddab4 |
- upgrade to new upstream version, as there are mostly bugfixes except
|
|
|
10ddab4 |
improved documentation
|
|
|
10ddab4 |
- add support for session and password service for pam_access and
|
|
|
10ddab4 |
pam_succeed_if
|
|
|
10ddab4 |
- system-auth: skip session pam_unix for crond service
|
|
|
10ddab4 |
|
|
|
e3f2d52 |
* Thu Aug 10 2006 Dan Walsh <dwalsh@redhat.com> 0.99.5.0-8
|
|
|
e3f2d52 |
- Add new setkeycreatecon call to pam_selinux to make sure keyring has correct context
|
|
|
e3f2d52 |
|
|
|
685a189 |
* Thu Aug 10 2006 Tomas Mraz <tmraz@redhat.com> 0.99.5.0-7
|
|
|
685a189 |
- revoke keyrings properly when pam_keyinit called as root (#201048)
|
|
|
685a189 |
- pam_succeed_if should return PAM_USER_UNKNOWN when getpwnam fails (#197748)
|
|
|
685a189 |
|
|
|
0b27f99 |
* Wed Aug 2 2006 Tomas Mraz <tmraz@redhat.com> 0.99.5.0-6
|
|
|
0b27f99 |
- revoke keyrings properly when pam_keyinit called more than once (#201048)
|
|
|
0b27f99 |
patch by David Howells
|
|
|
0b27f99 |
|
|
|
3e0c7af |
* Fri Jul 21 2006 Tomas Mraz <tmraz@redhat.com> 0.99.5.0-5
|
|
|
3e0c7af |
- don't log pam_keyinit debug messages by default (#199783)
|
|
|
3e0c7af |
|
|
|
2851cbe |
* Fri Jul 21 2006 Tomas Mraz <tmraz@redhat.com> 0.99.5.0-4
|
|
|
2851cbe |
- drop ainit from console.handlers (#199561)
|
|
|
2851cbe |
|
|
|
fce253b |
* Mon Jul 17 2006 Tomas Mraz <tmraz@redhat.com> 0.99.5.0-3
|
|
|
fce253b |
- don't report error in pam_selinux for nonexistent tty (#188722)
|
|
|
fce253b |
- add pam_keyinit to the default system-auth file (#198623)
|
|
|
fce253b |
|
|
 |
d649923 |
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 0.99.5.0-2.1
|
|
|
d649923 |
- rebuild
|
|
|
d649923 |
|
|
|
e019bcd |
* Mon Jul 3 2006 Tomas Mraz <tmraz@redhat.com> 0.99.5.0-2
|
|
|
e019bcd |
- fixed network match in pam_access (patch by Dan Yefimov)
|
|
|
e019bcd |
|
|
|
00eddc0 |
* Fri Jun 30 2006 Tomas Mraz <tmraz@redhat.com> 0.99.5.0-1
|
|
|
00eddc0 |
- updated to a new upstream release
|
|
|
00eddc0 |
- added service as value to be matched and list matching to
|
|
|
00eddc0 |
pam_succeed_if
|
|
|
4fea4c9 |
- namespace.init was missing from EXTRA_DIST
|
|
|
00eddc0 |
|
|
|
7dffd3f |
* Thu Jun 8 2006 Tomas Mraz <tmraz@redhat.com> 0.99.4.0-5
|
|
|
7dffd3f |
- updated pam_namespace with latest patch by Janak Desai
|
|
|
7dffd3f |
- merged pam_namespace patches
|
|
|
da4d7fa |
- added buildrequires libtool
|
|
|
da4d7fa |
- fixed a few rpmlint warnings
|
|
|
7dffd3f |
|
|
|
e99dd39 |
* Wed May 24 2006 Tomas Mraz <tmraz@redhat.com> 0.99.4.0-4
|
|
|
e99dd39 |
- actually don't link to libssl as it is not used (#191915)
|
|
|
e99dd39 |
|
|
|
fa8c14f |
* Wed May 17 2006 Tomas Mraz <tmraz@redhat.com> 0.99.4.0-3
|
|
|
fa8c14f |
- use md5 implementation from pam_unix in pam_namespace
|
|
|
fa8c14f |
- pam_namespace should call setexeccon only when selinux is enabled
|
|
|
fa8c14f |
|
|
|
0730695 |
* Tue May 16 2006 Tomas Mraz <tmraz@redhat.com> 0.99.4.0-2
|
|
|
0730695 |
- pam_console_apply shouldn't access /var when called with -r (#191401)
|
|
|
0730695 |
- actually apply the large-uid patch
|
|
|
63f5c77 |
- don't build hmactest in pam_timestamp so openssl-devel is not required
|
|
|
63f5c77 |
- add missing buildrequires (#191915)
|
|
|
0730695 |
|
|
|
fbfca35 |
* Wed May 10 2006 Tomas Mraz <tmraz@redhat.com> 0.99.4.0-1
|
|
|
fbfca35 |
- upgrade to new upstream version
|
|
|
fbfca35 |
- make pam_console_apply not dependent on glib
|
|
|
fbfca35 |
- support large uids in pam_tally, pam_tally2
|
|
|
fbfca35 |
|
|
|
94d78f5 |
* Thu May 4 2006 Tomas Mraz <tmraz@redhat.com> 0.99.3.0-5
|
|
|
94d78f5 |
- the namespace instance init script is now in /etc/security (#190148)
|
|
|
94d78f5 |
- pam_namespace: added missing braces (#190026)
|
|
|
94d78f5 |
- pam_tally(2): never call fclose twice on the same FILE (from upstream)
|
|
|
94d78f5 |
|
|
|
4f1df63 |
* Wed Apr 26 2006 Tomas Mraz <tmraz@redhat.com> 0.99.3.0-4
|
|
|
4f1df63 |
- fixed console device class for irda (#189966)
|
|
|
4f1df63 |
- make pam_console_apply fail gracefully when a class is missing
|
|
|
4f1df63 |
|
|
|
54e490e |
* Tue Apr 25 2006 Tomas Mraz <tmraz@redhat.com> 0.99.3.0-3
|
|
|
54e490e |
- added pam_namespace module written by Janak Desai (per-user /tmp
|
|
|
54e490e |
support)
|
|
|
54e490e |
- new pam-redhat modules version
|
|
|
54e490e |
|
|
|
48968f9 |
* Fri Feb 24 2006 Tomas Mraz <tmraz@redhat.com> 0.99.3.0-2
|
|
|
48968f9 |
- added try_first_pass option to pam_cracklib
|
|
|
48968f9 |
- use try_first_pass for pam_unix and pam_cracklib in
|
|
|
48968f9 |
system-auth (#182350)
|
|
|
48968f9 |
|
|
|
222bbd4 |
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 0.99.3.0-1.2
|
|
|
222bbd4 |
- bump again for double-long bug on ppc(64)
|
|
|
222bbd4 |
|
|
|
65811c5 |
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 0.99.3.0-1.1
|
|
|
65811c5 |
- rebuilt for new gcc4.1 snapshot and glibc changes
|
|
|
65811c5 |
|
|
|
46d6d05 |
* Fri Feb 3 2006 Tomas Mraz <tmraz@redhat.com> 0.99.3.0-1
|
|
|
46d6d05 |
- new upstream version
|
|
|
46d6d05 |
- updated db4 to 4.3.29
|
|
|
46d6d05 |
- added module pam_tally2 with auditing support
|
|
|
46d6d05 |
- added manual pages for system-auth and config-util (#179584)
|
|
|
46d6d05 |
|
|
|
05cc723 |
* Tue Jan 3 2006 Tomas Mraz <tmraz@redhat.com> 0.99.2.1-3
|
|
|
05cc723 |
- remove 'initscripts' dependency (#176508)
|
|
|
05cc723 |
- update pam-redhat modules, merged patches
|
|
|
05cc723 |
|
|
|
9c00b5d |
* Fri Dec 16 2005 Tomas Mraz <tmraz@redhat.com> 0.99.2.1-2
|
|
|
9c00b5d |
- fix dangling symlinks in -devel (#175929)
|
|
|
9c00b5d |
- link libaudit only where necessary
|
|
|
9c00b5d |
- actually compile in audit support
|
|
|
9c00b5d |
|
|
|
f06eb03 |
* Thu Dec 15 2005 Tomas Mraz <tmraz@redhat.com> 0.99.2.1-1
|
|
|
f06eb03 |
- support netgroup matching in pam_succeed_if
|
|
|
f06eb03 |
- upgrade to new release
|
|
|
f06eb03 |
- drop pam_pwdb as it was obsolete long ago
|
|
|
f06eb03 |
- we don't build static libraries anymore
|
|
|
f06eb03 |
|
|
|
9b4988b |
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
|
|
|
9b4988b |
- rebuilt
|
|
|
9b4988b |
|
|
|
a74a5d2 |
* Tue Nov 15 2005 Tomas Mraz <tmraz@redhat.com> 0.80-14
|
|
|
a74a5d2 |
- pam_stack is deprecated - log its usage
|
|
|
a74a5d2 |
|
|
|
30c2fd8 |
* Wed Oct 26 2005 Tomas Mraz <tmraz@redhat.com> 0.80-13
|
|
|
30c2fd8 |
- fixed CAN-2005-2977 unix_chkpwd should skip user verification only if
|
|
|
30c2fd8 |
run as root (#168181)
|
|
|
30c2fd8 |
- link pam_loginuid to libaudit
|
|
|
30c2fd8 |
- support no tty in pam_access (#170467)
|
|
|
30c2fd8 |
- updated audit patch (by Steve Grubb)
|
|
|
30c2fd8 |
- the previous pam_selinux change was not applied properly
|
|
|
30c2fd8 |
- pam_xauth: look for the xauth binary in multiple directories (#171164)
|
|
|
30c2fd8 |
|
|
|
c678c06 |
* Wed Oct 26 2005 Dan Walsh <dwalsh@redhat.com> 0.80-12
|
|
|
c678c06 |
- Eliminate multiple in pam_selinux
|
|
|
c678c06 |
|
|
|
dc2e11c |
* Fri Oct 14 2005 Dan Walsh <dwalsh@redhat.com> 0.80-11
|
|
|
dc2e11c |
- Eliminate fail over for getseuserbyname call
|
|
|
dc2e11c |
|
|
|
dc2e11c |
* Thu Oct 13 2005 Dan Walsh <dwalsh@redhat.com> 0.80-10
|
|
|
97c6e8f |
- Add getseuserbyname call for SELinux MCS/MLS policy
|
|
|
97c6e8f |
|
|
|
9f1545e |
* Tue Oct 4 2005 Tomas Mraz <tmraz@redhat.com>
|
|
|
9f1545e |
- pam_console manpage fixes (#169373)
|
|
|
9f1545e |
|
|
|
84f70fb |
* Fri Sep 30 2005 Tomas Mraz <tmraz@redhat.com> 0.80-9
|
|
|
84f70fb |
- don't include ps and pdf docs (#168823)
|
|
|
84f70fb |
- new common config file for configuration utilities
|
|
|
84f70fb |
- remove glib2 dependency (#166979)
|
|
|
84f70fb |
|
|
|
6f66f1e |
* Tue Sep 20 2005 Tomas Mraz <tmraz@redhat.com> 0.80-8
|
|
|
6f66f1e |
- process limit values other than RLIMIT_NICE correctly (#168790)
|
|
|
5cac4c8 |
- pam_unix: always honor nis flag on password change (by Aaron Hope)
|
|
|
6f66f1e |
|
|
|
efa997e |
* Wed Aug 24 2005 Tomas Mraz <tmraz@redhat.com> 0.80-7
|
|
|
efa997e |
- don't fail in audit code when audit is not compiled in
|
|
|
efa997e |
on the newest kernels (#166422)
|
|
|
efa997e |
|
|
|
bc4cc2d |
* Mon Aug 01 2005 Tomas Mraz <tmraz@redhat.com> 0.80-6
|
|
|
bc4cc2d |
- add option to pam_loginuid to require auditd
|
|
|
bc4cc2d |
|
|
|
bc4cc2d |
* Fri Jul 29 2005 Tomas Mraz <tmraz@redhat.com> 0.80-5
|
|
|
a92b0ed |
- fix NULL dereference in pam_userdb (#164418)
|
|
|
a92b0ed |
|
|
|
4c014b4 |
* Tue Jul 26 2005 Tomas Mraz <tmraz@redhat.com> 0.80-4
|
|
|
4c014b4 |
- fix 64bit bug in pam_pwdb
|
|
|
4c014b4 |
- don't crash in pam_unix if pam_get_data fail
|
|
|
4c014b4 |
|
|
|
009a4f4 |
* Fri Jul 22 2005 Tomas Mraz <tmraz@redhat.com> 0.80-3
|
|
|
009a4f4 |
- more pam_selinux permissive fixes (Dan Walsh)
|
|
|
009a4f4 |
- make binaries PIE (#158938)
|
|
|
009a4f4 |
|
|
|
21ad6a0 |
* Mon Jul 18 2005 Tomas Mraz <tmraz@redhat.com> 0.80-2
|
|
|
21ad6a0 |
- fixed module tests so the pam doesn't require itself to build (#163502)
|
|
|
21ad6a0 |
- added buildprereq for building the documentation (#163503)
|
|
|
21ad6a0 |
- relaxed permissions of binaries (u+w)
|
|
|
21ad6a0 |
|
|
|
f7c051a |
* Thu Jul 14 2005 Tomas Mraz <tmraz@redhat.com> 0.80-1
|
|
|
f7c051a |
- upgrade to new upstream sources
|
|
|
f7c051a |
- removed obsolete patches
|
|
|
f7c051a |
- pam_selinux module shouldn't fail on broken configs unless
|
|
|
f7c051a |
policy is set to enforcing (Dan Walsh)
|
|
|
f7c051a |
|
|
|
24d731a |
* Tue Jun 21 2005 Tomas Mraz <tmraz@redhat.com> 0.79-11
|
|
|
24d731a |
- update pam audit patch
|
|
|
24d731a |
- add support for new limits in kernel-2.6.12 (#157050)
|
|
|
24d731a |
|
|
|
8e736ed |
* Thu Jun 9 2005 Tomas Mraz <tmraz@redhat.com> 0.79-10
|
|
|
7457524 |
- add the Requires dependency on audit-libs (#159885)
|
|
|
8e736ed |
- pam_loginuid shouldn't report error when /proc/self/loginuid
|
|
|
8e736ed |
is missing (#159974)
|
|
|
7457524 |
|
|
|
eecc66a |
* Fri May 20 2005 Tomas Mraz <tmraz@redhat.com> 0.79-9
|
|
|
eecc66a |
- update the pam audit patch to support newest audit library,
|
|
|
eecc66a |
audit also pam_setcred calls (Steve Grubb)
|
|
|
eecc66a |
- don't use the audit_fd as global static variable
|
|
|
eecc66a |
- don't unset the XAUTHORITY when target user is root
|
|
|
6eb3fc0 |
|
|
|
fd39e73 |
* Mon May 2 2005 Tomas Mraz <tmraz@redhat.com> 0.79-8
|
|
|
fd39e73 |
- pam_console: support loading .perms files in the console.perms.d (#156069)
|
|
|
fd39e73 |
|
|
|
d0ec5ba |
* Tue Apr 26 2005 Tomas Mraz <tmraz@redhat.com> 0.79-7
|
|
|
d0ec5ba |
- pam_xauth: unset the XAUTHORITY variable on error, fix
|
|
|
d0ec5ba |
potential memory leaks
|
|
|
d0ec5ba |
- modify path to IDE floppy devices in console.perms (#155560)
|
|
|
d0ec5ba |
|
|
 |
8543c3b |
* Sat Apr 16 2005 Steve Grubb <sgrubb@redhat.com> 0.79-6
|
|
|
8543c3b |
- Adjusted pam audit patch to make exception for ECONNREFUSED
|
|
|
8543c3b |
|
|
|
f1b09e9 |
* Tue Apr 12 2005 Tomas Mraz <tmraz@redhat.com> 0.79-5
|
|
|
f1b09e9 |
- added auditing patch by Steve Grubb
|
|
|
f1b09e9 |
- added cleanup patches for bugs found by Steve Grubb
|
|
|
f1b09e9 |
- don't clear the shadow option of pam_unix if nis option used
|
|
|
f1b09e9 |
|
|
|
2f26011 |
* Fri Apr 8 2005 Tomas Mraz <tmraz@redhat.com> 0.79-4
|
|
|
2f26011 |
- #150537 - flush input first then write the prompt
|
|
|
2f26011 |
|
|
|
2d246d8 |
* Thu Apr 7 2005 Tomas Mraz <tmraz@redhat.com> 0.79-3
|
|
|
2d246d8 |
- make pam_unix LSB 2.0 compliant even when SELinux enabled
|
|
|
2d246d8 |
- #88127 - change both local and NIS passwords to keep them in sync,
|
|
|
2d246d8 |
also fix a regression in passwd functionality on NIS master server
|
|
|
2d246d8 |
|
|
|
ea4ac73 |
* Tue Apr 5 2005 Tomas Mraz <tmraz@redhat.com>
|
|
|
ea4ac73 |
- #153711 fix wrong logging in pam_selinux when restoring tty label
|
|
|
ea4ac73 |
|
|
|
a6a9f4a |
* Sun Apr 3 2005 Tomas Mraz <tmraz@redhat.com> 0.79-2
|
|
|
a6a9f4a |
- fix NULL deref in pam_tally when it's used in account phase
|
|
|
a6a9f4a |
|
|
|
f405278 |
* Thu Mar 31 2005 Tomas Mraz <tmraz@redhat.com> 0.79-1
|
|
|
f405278 |
- upgrade to the new upstream release
|
|
|
f405278 |
- moved pam_loginuid to pam-redhat repository
|
|
|
f405278 |
|
|
|
953e2b6 |
* Wed Mar 23 2005 Tomas Mraz <tmraz@redhat.com> 0.78-9
|
|
|
953e2b6 |
- fix wrong logging in pam_console handlers
|
|
|
953e2b6 |
- add executing ainit handler for alsa sound dmix
|
|
|
953e2b6 |
- #147879, #112777 - change permissions for dri devices
|
|
|
953e2b6 |
|
|
|
cba291f |
* Fri Mar 18 2005 Tomas Mraz <tmraz@redhat.com> 0.78-8
|
|
|
cba291f |
- remove ownership and permissions handling from pam_console call
|
|
|
cba291f |
pam_console_apply as a handler instead
|
|
|
cba291f |
|
|
|
6513c12 |
* Mon Mar 14 2005 Tomas Mraz <tmraz@redhat.com> 0.78-7
|
|
|
6513c12 |
- add pam_loginuid module for setting the the login uid for auditing purposes
|
|
|
6513c12 |
(by Steve Grubb)
|
|
|
6513c12 |
|
|
|
57f66ca |
* Thu Mar 10 2005 Tomas Mraz <tmraz@redhat.com> 0.78-6
|
|
|
57f66ca |
- add functionality for running handler executables from pam_console
|
|
|
57f66ca |
when console lock was obtained/lost
|
|
|
57f66ca |
- removed patches merged to pam-redhat
|
|
|
57f66ca |
|
|
|
c337b8b |
* Tue Mar 1 2005 Tomas Mraz <tmraz@redhat.com> 0.78-5
|
|
|
c337b8b |
- echo why tests failed when rebuilding
|
|
|
36ee704 |
- fixed some warnings and errors in pam_console for gcc4 build
|
|
|
36ee704 |
- improved parsing pam_console config file
|
|
|
c337b8b |
|
|
|
889643b |
* Mon Feb 21 2005 Tomas Mraz <tmraz@redhat.com>
|
|
|
889643b |
- don't log garbage in pam_console_apply (#147879)
|
|
|
889643b |
|
|
|
889643b |
* Tue Jan 18 2005 Tomas Mraz <tmraz@redhat.com>
|
|
|
889643b |
- don't require exact db4 version only conflict with incompatible one
|
|
|
889643b |
|
|
|
6e7f9c6 |
* Wed Jan 12 2005 Tomas Mraz <tmraz@redhat.com> 0.78-4
|
|
|
6e7f9c6 |
- updated pam-redhat from elvis CVS
|
|
|
6e7f9c6 |
- removed obsolete patches
|
|
|
6e7f9c6 |
|
|
jbj |
02ac0dc |
* Mon Jan 3 2005 Jeff Johnson <jbj@redhat.com> 0.78-3
|
|
jbj |
02ac0dc |
- depend on db-4.3.27, not db-4.3.21.
|
|
jbj |
02ac0dc |
|
|
|
b0baf41 |
* Thu Nov 25 2004 Tomas Mraz <tmraz@redhat.com> 0.78-2
|
|
|
b0baf41 |
- add argument to pam_console_apply to restrict its work to specified files
|
|
|
b0baf41 |
|
|
|
056a40e |
* Tue Nov 23 2004 Tomas Mraz <tmraz@redhat.com> 0.78-1
|
|
|
056a40e |
- update to Linux-PAM-0.78
|
|
|
056a40e |
- #140451 parse passwd entries correctly and test for failure
|
|
|
36d4eef |
- #137802 allow using pam_console for authentication
|
|
|
056a40e |
|
|
jbj |
0da465a |
* Fri Nov 12 2004 Jeff Johnson <jbj@jbj.org> 0.77-67
|
|
jbj |
0da465a |
- rebuild against db-4.3.21.
|
|
jbj |
0da465a |
|
|
|
1916d7a |
* Thu Nov 11 2004 Tomas Mraz <tmraz@redhat.com> 0.77-66
|
|
|
1916d7a |
- #77646 log failures when renaming the files when changing password
|
|
|
1916d7a |
- Log failure on missing /etc/security/opasswd when remember option is present
|
|
|
1916d7a |
|
|
|
91347f0 |
* Wed Nov 10 2004 Tomas Mraz <tmraz@redhat.com>
|
|
|
91347f0 |
- #87628 pam_timestamp remembers authorization after logout
|
|
|
91347f0 |
- #116956 fixed memory leaks in pam_stack
|
|
|
91347f0 |
|
|
|
6c581a0 |
* Wed Oct 20 2004 Tomas Mraz <tmraz@redhat.com> 0.77-65
|
|
|
6c581a0 |
- #74062 modify the pwd-lock patch to remove NIS passwd changing deadlock
|
|
|
6c581a0 |
|
|
|
68feec3 |
* Wed Oct 20 2004 Tomas Mraz <tmraz@redhat.com> 0.77-64
|
|
|
68feec3 |
- #134941 pam_console should check X11 socket only on login
|
|
|
68feec3 |
|
|
|
3eef649 |
* Tue Oct 19 2004 Tomas Mraz <tmraz@redhat.com> 0.77-63
|
|
|
0b9c1ba |
- Fix checking of group %%group syntax in pam_limits
|
|
|
3eef649 |
- Drop fencepost patch as it was already fixed
|
|
|
3eef649 |
by upstream change from 0.75 to 0.77
|
|
|
3eef649 |
- Fix brokenshadow patch
|
|
|
3eef649 |
|
|
|
9abd7cf |
* Mon Oct 11 2004 Tomas Mraz <tmraz@redhat.com> 0.77-62
|
|
|
9abd7cf |
- Added bluetooth, raw1394 and flash to console.perms
|
|
|
9abd7cf |
- pam_console manpage fix
|
|
|
9abd7cf |
|
|
|
149b939 |
* Mon Oct 11 2004 Tomas Mraz <tmraz@redhat.com> 0.77-61
|
|
|
149b939 |
- #129328 pam_env shouldn't abort on missing /etc/environment
|
|
|
149b939 |
- #126985 pam_stack should always copy the conversation function
|
|
|
149b939 |
- #127524 add /etc/security/opasswd to files
|
|
|
89f73ad |
|
|
 |
6dc6125 |
* Tue Sep 28 2004 Phil Knirsch <pknirsch@redhat.com> 0.77-60
|
|
|
6dc6125 |
- Drop last patch again, fixed now correctly elsewhere
|
|
|
6dc6125 |
|
|
|
0886c16 |
* Thu Sep 23 2004 Phil Knirsch <pknirsch@redhat.com> 0.77-59
|
|
|
0886c16 |
- Fixed bug in pam_env where wrong initializer was used
|
|
|
0886c16 |
|
|
|
632558e |
* Fri Sep 17 2004 Dan Walsh <dwalsh@redhat.com> 0.77-58
|
|
|
632558e |
- rebuild selinux patch using checkPasswdAccess
|
|
|
632558e |
|
|
 |
d52fe82 |
* Mon Sep 13 2004 Jindrich Novy <jnovy@redhat.com>
|
|
|
d52fe82 |
- rebuilt
|
|
|
d52fe82 |
|
|
|
89f73ad |
* Mon Sep 13 2004 Tomas Mraz <tmraz@redhat.com> 0.77-56
|
|
|
d52fe82 |
- #75454 fixed locking when changing password
|
|
|
d52fe82 |
- #127054
|
|
|
d52fe82 |
- #125653 removed unnecessary getgrouplist call
|
|
|
d52fe82 |
- #124979 added quiet option to pam_succeed_if
|
|
|
d52fe82 |
|
|
cvsdist |
6e7e8cb |
* Mon Aug 30 2004 Warren Togami <wtogami@redhat.com> 0.77-55
|
|
cvsdist |
6e7e8cb |
- #126024 /dev/pmu console perms
|
|
cvsdist |
6e7e8cb |
|
|
cvsdist |
89c884f |
* Wed Aug 4 2004 Dan Walsh <dwalsh@redhat.com> 0.77-54
|
|
cvsdist |
89c884f |
- Move pam_console.lock to /var/run/console/
|
|
cvsdist |
89c884f |
|
|
cvsdist |
0095dae |
* Thu Jul 29 2004 Dan Walsh <dwalsh@redhat.com> 0.77-53
|
|
cvsdist |
0095dae |
- Close fd[1] before pam_modutilread so that unix_verify will complete
|
|
cvsdist |
0095dae |
|
|
cvsdist |
a9bb82b |
* Tue Jul 27 2004 Alan Cox <alan@redhat.com> 0.77-52
|
|
cvsdist |
a9bb82b |
- First chunk of Steve Grubb's resource leak and other fixes
|
|
cvsdist |
a9bb82b |
|
|
cvsdist |
a9bb82b |
* Tue Jul 27 2004 Alan Cox <alan@redhat.com> 0.77-51
|
|
cvsdist |
a9bb82b |
- Fixed build testing of modules
|
|
cvsdist |
a9bb82b |
- Fixed dependancies
|
|
cvsdist |
a9bb82b |
|
|
cvsdist |
c7e9550 |
* Tue Jul 20 2004 Dan Walsh <dwalsh@redhat.com> 0.77-50
|
|
cvsdist |
c7e9550 |
- Change unix_chkpwd to return pam error codes
|
|
cvsdist |
c7e9550 |
|
|
cvsdist |
21937dd |
* Sat Jul 10 2004 Alan Cox <alan@redhat.com>
|
|
cvsdist |
21937dd |
- Fixed the pam glib2 dependancy issue
|
|
cvsdist |
21937dd |
|
|
cvsdist |
ae27812 |
* Mon Jun 21 2004 Alan Cox <alan@redhat.com>
|
|
cvsdist |
ae27812 |
- Fixed the pam_limits fencepost error (#79989) since nobody seems to
|
|
cvsdist |
ae27812 |
be doing it
|
|
cvsdist |
ae27812 |
|
|
cvsdist |
ae27812 |
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
|
|
cvsdist |
ae27812 |
- rebuilt
|
|
cvsdist |
ae27812 |
|
|
cvsdist |
ae27812 |
* Wed Jun 9 2004 Dan Walsh <dwalsh@redhat.com> 0.77-45
|
|
cvsdist |
ae27812 |
- Add requires libselinux > 1.8
|
|
cvsdist |
ae27812 |
|
|
cvsdist |
ccf51ee |
* Thu Jun 3 2004 Dan Walsh <dwalsh@redhat.com> 0.77-44
|
|
cvsdist |
ccf51ee |
- Add MLS Support to selinux patch
|
|
cvsdist |
ccf51ee |
|
|
cvsdist |
ccf51ee |
* Wed Jun 2 2004 Dan Walsh <dwalsh@redhat.com> 0.77-43
|
|
cvsdist |
ccf51ee |
- Modify pam_selinux to use open and close param
|
|
cvsdist |
ccf51ee |
|
|
cvsdist |
4d16522 |
* Fri May 28 2004 Dan Walsh <dwalsh@redhat.com> 0.77-42
|
|
cvsdist |
4d16522 |
- Split pam module into two parts open and close
|
|
cvsdist |
4d16522 |
|
|
cvsdist |
aad5335 |
* Tue May 18 2004 Phil Knirsch <pknirsch@redhat.com> 0.77-41
|
|
cvsdist |
aad5335 |
- Fixed 64bit segfault in pam_succeed_if module.
|
|
cvsdist |
aad5335 |
|
|
cvsdist |
aad5335 |
* Thu Apr 14 2004 Dan Walsh <dwalsh@redhat.com> 0.77-40
|
|
cvsdist |
aad5335 |
- Apply changes from audit.
|
|
cvsdist |
aad5335 |
|
|
cvsdist |
aad5335 |
* Tue Apr 12 2004 Dan Walsh <dwalsh@redhat.com> 0.77-39
|
|
cvsdist |
aad5335 |
- Change to only report failure on relabel if debug
|
|
cvsdist |
aad5335 |
|
|
cvsdist |
147d85b |
* Wed Mar 3 2004 Dan Walsh <dwalsh@redhat.com> 0.77-38
|
|
cvsdist |
147d85b |
- Fix error handling of pam_unix
|
|
cvsdist |
147d85b |
|
|
cvsdist |
147d85b |
* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
|
|
cvsdist |
147d85b |
- rebuilt
|
|
cvsdist |
147d85b |
|
|
cvsdist |
147d85b |
* Thu Feb 26 2004 Dan Walsh <dwalsh@redhat.com> 0.77-36
|
|
cvsdist |
147d85b |
- fix tty handling
|
|
cvsdist |
147d85b |
|
|
cvsdist |
147d85b |
* Thu Feb 26 2004 Dan Walsh <dwalsh@redhat.com> 0.77-35
|
|
cvsdist |
147d85b |
- remove tty closing and opening from pam_selinux, it does not work.
|
|
cvsdist |
147d85b |
|
|
cvsdist |
147d85b |
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
|
|
cvsdist |
147d85b |
- rebuilt
|
|
cvsdist |
147d85b |
|
|
cvsdist |
147d85b |
* Tue Feb 12 2004 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
147d85b |
- pam_unix: also log successful password changes when using shadowed passwords
|
|
cvsdist |
147d85b |
|
|
cvsdist |
147d85b |
* Tue Feb 10 2004 Dan Walsh <dwalsh@redhat.com> 0.77-33
|
|
cvsdist |
147d85b |
- close and reopen terminal after changing context.
|
|
cvsdist |
147d85b |
|
|
cvsdist |
147d85b |
* Thu Feb 5 2004 Dan Walsh <dwalsh@redhat.com> 0.77-32
|
|
cvsdist |
147d85b |
- Check for valid tty
|
|
cvsdist |
147d85b |
|
|
cvsdist |
147d85b |
* Tue Feb 3 2004 Dan Walsh <dwalsh@redhat.com> 0.77-31
|
|
cvsdist |
147d85b |
- Check for multiple > 1
|
|
cvsdist |
147d85b |
|
|
cvsdist |
05a94aa |
* Mon Feb 2 2004 Dan Walsh <dwalsh@redhat.com> 0.77-30
|
|
cvsdist |
05a94aa |
- fix is_selinux_enabled call for pam_rootok
|
|
cvsdist |
05a94aa |
|
|
cvsdist |
05a94aa |
* Wed Jan 28 2004 Dan Walsh <dwalsh@redhat.com> 0.77-29
|
|
cvsdist |
05a94aa |
- More fixes to pam_selinux,pam_rootok
|
|
cvsdist |
05a94aa |
|
|
cvsdist |
05a94aa |
* Wed Jan 28 2004 Dan Walsh <dwalsh@redhat.com> 0.77-28
|
|
cvsdist |
05a94aa |
- turn on selinux
|
|
cvsdist |
05a94aa |
|
|
cvsdist |
05a94aa |
* Wed Jan 28 2004 Dan Walsh <dwalsh@redhat.com> 0.77-27
|
|
cvsdist |
05a94aa |
- Fix rootok check.
|
|
cvsdist |
05a94aa |
|
|
cvsdist |
05a94aa |
* Mon Jan 26 2004 Dan Walsh <dwalsh@redhat.com> 0.77-26
|
|
cvsdist |
05a94aa |
- fix is_selinux_enabled call
|
|
cvsdist |
05a94aa |
|
|
cvsdist |
05a94aa |
* Sun Jan 25 2004 Dan Walsh <dwalsh@redhat.com> 0.77-25
|
|
cvsdist |
05a94aa |
- Check if ROOTOK for SELinux
|
|
cvsdist |
05a94aa |
|
|
cvsdist |
05a94aa |
* Thu Jan 15 2004 Dan Walsh <dwalsh@redhat.com> 0.77-24
|
|
cvsdist |
05a94aa |
- Fix tty handling for pts in pam_selinux
|
|
cvsdist |
05a94aa |
|
|
cvsdist |
05a94aa |
* Thu Jan 15 2004 Dan Walsh <dwalsh@redhat.com> 0.77-23
|
|
cvsdist |
05a94aa |
- Need to add qualifier context for sudo situation
|
|
cvsdist |
05a94aa |
|
|
cvsdist |
05a94aa |
* Thu Jan 15 2004 Dan Walsh <dwalsh@redhat.com> 0.77-22
|
|
cvsdist |
05a94aa |
- Fix pam_selinux to use prevcon instead of pam_user so it will work for su.
|
|
cvsdist |
05a94aa |
|
|
cvsdist |
05a94aa |
* Fri Dec 12 2003 Bill Nottingham <notting@redhat.com> 0.77-21.sel
|
|
cvsdist |
05a94aa |
- add alsa devs to console.perms
|
|
cvsdist |
05a94aa |
|
|
cvsdist |
05a94aa |
* Thu Dec 11 2003 Jeff Johnson <jbj@jbj.org> 0.77-20.sel
|
|
cvsdist |
05a94aa |
- rebuild with db-4.2.52.
|
|
cvsdist |
05a94aa |
- build db4 in build_unix, not dist.
|
|
cvsdist |
05a94aa |
|
|
cvsdist |
05a94aa |
* Wed Nov 26 2003 Dan Walsh <dwalsh@redhat.com> 0.77-19.sel
|
|
cvsdist |
05a94aa |
- Change unix_chkpwd to handle unix_passwd and unix_acct
|
|
cvsdist |
05a94aa |
- This eliminates the need for pam modules to have read/write access to /etc/shadow.
|
|
cvsdist |
05a94aa |
|
|
cvsdist |
05a94aa |
* Thu Nov 20 2003 Dan Walsh <dwalsh@redhat.com> 0.77-18.sel
|
|
cvsdist |
05a94aa |
- Cleanup unix_chkpwd
|
|
cvsdist |
05a94aa |
|
|
cvsdist |
05a94aa |
* Mon Nov 03 2003 Dan Walsh <dwalsh@redhat.com> 0.77-17.sel
|
|
cvsdist |
05a94aa |
- Fix tty handling
|
|
cvsdist |
05a94aa |
- Add back multiple handling
|
|
cvsdist |
05a94aa |
|
|
cvsdist |
05a94aa |
* Mon Oct 27 2003 Dan Walsh <dwalsh@redhat.com> 0.77-16.sel
|
|
cvsdist |
05a94aa |
- Remove Multiple from man page of pam_selinux
|
|
cvsdist |
05a94aa |
|
|
cvsdist |
d577226 |
* Thu Oct 23 2003 Nalin Dahyabhai <nalin@redhat.com> 0.77-15
|
|
cvsdist |
d577226 |
- don't install _pam_aconf.h -- apps don't use it, other PAM headers which
|
|
cvsdist |
d577226 |
are installed don't use it, and its contents may be different for arches
|
|
cvsdist |
d577226 |
on a multilib system
|
|
cvsdist |
d577226 |
- check for linkage problems in modules at %%install-time (kill #107093 dead)
|
|
cvsdist |
d577226 |
- add buildprereq on flex (#101563)
|
|
cvsdist |
d577226 |
|
|
cvsdist |
d577226 |
* Wed Oct 22 2003 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
d577226 |
- make pam_pwdb.so link with libnsl again so that it loads (#107093)
|
|
cvsdist |
d577226 |
- remove now-bogus buildprereq on db4-devel (we use a bundled copy for
|
|
cvsdist |
d577226 |
pam_userdb to avoid symbol collisions with other db libraries in apps)
|
|
cvsdist |
d577226 |
|
|
cvsdist |
d577226 |
* Mon Oct 20 2003 Dan Walsh <dwalsh@redhat.com> 0.77-14.sel
|
|
cvsdist |
d577226 |
- Add Russell Coker patch to handle /dev/pty
|
|
cvsdist |
d577226 |
|
|
cvsdist |
d577226 |
* Fri Oct 17 2003 Dan Walsh <dwalsh@redhat.com> 0.77-13.sel
|
|
cvsdist |
d577226 |
- Turn on Selinux
|
|
cvsdist |
d577226 |
|
|
cvsdist |
d577226 |
* Fri Oct 17 2003 Dan Walsh <dwalsh@redhat.com> 0.77-12
|
|
cvsdist |
d577226 |
- Fix pam_timestamp to work when 0 seconds have elapsed
|
|
cvsdist |
d577226 |
|
|
cvsdist |
d577226 |
* Mon Oct 6 2003 Dan Walsh <dwalsh@redhat.com> 0.77-11
|
|
cvsdist |
d577226 |
- Turn off selinux
|
|
cvsdist |
d577226 |
|
|
cvsdist |
d577226 |
* Thu Sep 25 2003 Dan Walsh <dwalsh@redhat.com> 0.77-10.sel
|
|
cvsdist |
d577226 |
- Turn on Selinux and remove multiple choice of context.
|
|
cvsdist |
d577226 |
|
|
cvsdist |
d577226 |
* Wed Sep 24 2003 Dan Walsh <dwalsh@redhat.com> 0.77-10
|
|
cvsdist |
d577226 |
- Turn off selinux
|
|
cvsdist |
d577226 |
|
|
cvsdist |
d577226 |
* Wed Sep 24 2003 Dan Walsh <dwalsh@redhat.com> 0.77-9.sel
|
|
cvsdist |
d577226 |
- Add Russell's patch to check password
|
|
cvsdist |
d577226 |
|
|
cvsdist |
d577226 |
* Wed Sep 17 2003 Dan Walsh <dwalsh@redhat.com> 0.77-8.sel
|
|
cvsdist |
d577226 |
- handle ttys correctly in pam_selinux
|
|
cvsdist |
d577226 |
|
|
cvsdist |
d577226 |
* Fri Sep 05 2003 Dan Walsh <dwalsh@redhat.com> 0.77-7.sel
|
|
cvsdist |
d577226 |
- Clean up memory problems and fix tty handling.
|
|
cvsdist |
d577226 |
|
|
cvsdist |
d577226 |
* Mon Jul 28 2003 Dan Walsh <dwalsh@redhat.com> 0.77-6
|
|
cvsdist |
d577226 |
- Add manual context selection to pam_selinux
|
|
cvsdist |
d577226 |
|
|
cvsdist |
d577226 |
* Mon Jul 28 2003 Dan Walsh <dwalsh@redhat.com> 0.77-5
|
|
cvsdist |
d577226 |
- Add pam_selinux
|
|
cvsdist |
d577226 |
|
|
cvsdist |
d577226 |
* Mon Jul 28 2003 Dan Walsh <dwalsh@redhat.com> 0.77-4
|
|
cvsdist |
d577226 |
- Add SELinux support
|
|
cvsdist |
d577226 |
|
|
cvsdist |
d577226 |
* Thu Jul 24 2003 Nalin Dahyabhai <nalin@redhat.com> 0.77-3
|
|
cvsdist |
325000d |
- pam_postgresok: add
|
|
cvsdist |
d577226 |
- pam_xauth: add "targetuser" argument
|
|
cvsdist |
d577226 |
|
|
cvsdist |
d577226 |
* Tue Jul 22 2003 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
d577226 |
- pam_succeed_if: fix thinko in argument parsing which would walk past the
|
|
cvsdist |
d577226 |
end of the argument list
|
|
cvsdist |
d577226 |
|
|
cvsdist |
d577226 |
* Wed Jul 9 2003 Nalin Dahyabhai <nalin@redhat.com> 0.77-2
|
|
cvsdist |
d577226 |
- reapply:
|
|
cvsdist |
d577226 |
- set handler for SIGCHLD to SIG_DFL around *_chkpwd, not SIG_IGN
|
|
cvsdist |
d577226 |
|
|
cvsdist |
d577226 |
* Mon Jul 7 2003 Nalin Dahyabhai <nalin@redhat.com> 0.77-1
|
|
cvsdist |
d577226 |
- pam_timestamp: fail if the key file doesn't contain enough data
|
|
cvsdist |
d577226 |
|
|
cvsdist |
d577226 |
* Thu Jul 3 2003 Nalin Dahyabhai <nalin@redhat.com> 0.77-0
|
|
cvsdist |
d577226 |
- update to 0.77 upstream release
|
|
cvsdist |
d577226 |
- pam_limits: limits now affect root as well
|
|
cvsdist |
d577226 |
- pam_nologin: returns PAM_IGNORE instead of PAM_SUCCESS unless "successok"
|
|
cvsdist |
d577226 |
is given as an argument
|
|
cvsdist |
d577226 |
- pam_userdb: correctly return PAM_AUTH_ERR instead of PAM_USER_UNKNOWN when
|
|
cvsdist |
d577226 |
invoked with the "key_only" argument and the database has an entry of the
|
|
cvsdist |
d577226 |
form "user-<wrongpassword>"
|
|
cvsdist |
d577226 |
- use a bundled libdb for pam_userdb.so because the system copy uses threads,
|
|
cvsdist |
d577226 |
and demand-loading a shared library which uses threads into an application
|
|
cvsdist |
d577226 |
which doesn't is a Very Bad Idea
|
|
cvsdist |
325000d |
|
|
cvsdist |
325000d |
* Thu Jul 3 2003 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
325000d |
- pam_timestamp: use a message authentication code to validate timestamp files
|
|
cvsdist |
325000d |
|
|
cvsdist |
325000d |
* Mon Jun 30 2003 Nalin Dahyabhai <nalin@redhat.com> 0.75-48.1
|
|
cvsdist |
325000d |
- rebuild
|
|
cvsdist |
325000d |
|
|
cvsdist |
325000d |
* Mon Jun 9 2003 Nalin Dahyabhai <nalin@redhat.com> 0.75-49
|
|
cvsdist |
325000d |
- modify calls to getlogin() to check the directory of the current TTY before
|
|
cvsdist |
05a94aa |
searching for an entry in the utmp/utmpx file (#98020, #98826, CAN-2003-0388)
|
|
cvsdist |
325000d |
|
|
cvsdist |
325000d |
* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
|
|
cvsdist |
325000d |
- rebuilt
|
|
cvsdist |
325000d |
|
|
cvsdist |
2cf2651 |
* Mon Feb 10 2003 Bill Nottingham <notting@redhat.com> 0.75-48
|
|
cvsdist |
2cf2651 |
- set handler for SIGCHLD to SIG_DFL around *_chkpwd, not SIG_IGN
|
|
cvsdist |
cb2381b |
|
|
cvsdist |
2cf2651 |
* Wed Jan 22 2003 Tim Powers <timp@redhat.com> 0.75-47
|
|
cvsdist |
2cf2651 |
- rebuilt
|
|
cvsdist |
cb2381b |
|
|
cvsdist |
cb2381b |
* Tue Dec 17 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-46
|
|
cvsdist |
cb2381b |
- pam_xauth: reintroduce ACL support, per the original white paper
|
|
cvsdist |
2cf2651 |
- pam_xauth: default root's export ACL to none instead of everyone
|
|
cvsdist |
cb2381b |
|
|
cvsdist |
cb2381b |
* Mon Dec 2 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-45
|
|
cvsdist |
cb2381b |
- create /lib/security, even if it isn't /%%{_lib}/security, because we
|
|
cvsdist |
cb2381b |
can't locate /lib/security/$ISA without it (noted by Arnd Bergmann)
|
|
cvsdist |
cb2381b |
- clear out the duplicate docs directory created during %%install
|
|
cvsdist |
cb2381b |
|
|
cvsdist |
cb2381b |
* Thu Nov 21 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-44
|
|
cvsdist |
cb2381b |
- fix syntax errors in pam_console's yacc parser which newer bison chokes on
|
|
cvsdist |
cb2381b |
- forcibly set FAKEROOT at make install time
|
|
cvsdist |
cb2381b |
|
|
cvsdist |
cb2381b |
* Tue Oct 22 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-43
|
|
cvsdist |
cb2381b |
- patch to interpret $ISA in case the fist module load attempt fails
|
|
cvsdist |
cb2381b |
- use $ISA in default configs
|
|
cvsdist |
cb2381b |
|
|
cvsdist |
cb2381b |
* Fri Oct 04 2002 Elliot Lee <sopwith@redhat.com> 0.75-42
|
|
cvsdist |
cb2381b |
- Since cracklib-dicts location will not be correctly detected without
|
|
cvsdist |
cb2381b |
that package being installed, add buildreq for cracklib-dicts.
|
|
cvsdist |
cb2381b |
- Add patch57: makes configure use $LIBNAME when searching for cracklib
|
|
cvsdist |
cb2381b |
dicts, and error out if not found.
|
|
cvsdist |
cb2381b |
|
|
cvsdist |
cb2381b |
* Thu Sep 12 2002 Than Ngo <than@redhat.com> 0.75-41.1
|
|
cvsdist |
cb2381b |
- Fixed pam config files
|
|
cvsdist |
cb2381b |
|
|
cvsdist |
cb2381b |
* Wed Sep 11 2002 Than Ngo <than@redhat.com> 0.75-41
|
|
cvsdist |
cb2381b |
- Added fix to install libs in correct directory on 64bit machine
|
|
cvsdist |
cb2381b |
|
|
cvsdist |
7414c33 |
* Fri Aug 2 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-40
|
|
cvsdist |
7414c33 |
- pam_timestamp_check: check that stdio descriptors are open before we're
|
|
cvsdist |
7414c33 |
invoked
|
|
cvsdist |
7414c33 |
- add missing chroot.conf
|
|
cvsdist |
7414c33 |
|
|
cvsdist |
215cd1a |
* Mon Jul 29 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-39
|
|
cvsdist |
215cd1a |
- pam_timestamp: sundry fixes, use "unknown" as the tty when none is found
|
|
cvsdist |
215cd1a |
|
|
cvsdist |
215cd1a |
* Thu Jun 27 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-38
|
|
cvsdist |
215cd1a |
- pam_timestamp_check: be as smart about figuring out the tty as the module is
|
|
cvsdist |
215cd1a |
|
|
cvsdist |
215cd1a |
* Wed Jun 19 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-37
|
|
cvsdist |
215cd1a |
- pam_timestamp_check: remove extra unlink() call spotted by Havoc
|
|
cvsdist |
215cd1a |
|
|
cvsdist |
215cd1a |
* Mon Jun 17 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-36
|
|
cvsdist |
215cd1a |
- pam_timestamp: chown intermediate directories when creating them
|
|
cvsdist |
215cd1a |
- pam_timestamp_check: add -d flag to poll
|
|
cvsdist |
215cd1a |
|
|
cvsdist |
215cd1a |
* Thu May 23 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-35
|
|
cvsdist |
215cd1a |
- pam_timestamp: add some sanity checks
|
|
cvsdist |
215cd1a |
- pam_timestamp_check: add
|
|
cvsdist |
215cd1a |
|
|
cvsdist |
215cd1a |
* Wed May 22 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-34
|
|
cvsdist |
215cd1a |
- pam_timestamp: add a 'verbose' option
|
|
cvsdist |
215cd1a |
|
|
cvsdist |
215cd1a |
* Thu May 16 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-33
|
|
cvsdist |
215cd1a |
- rebuild with db4
|
|
cvsdist |
215cd1a |
- just bundle install-sh into the source package
|
|
cvsdist |
215cd1a |
|
|
cvsdist |
19389eb |
* Tue Apr 9 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-32
|
|
cvsdist |
19389eb |
- pam_unix: be more compatible with AIX-style shadowing (#19236)
|
|
cvsdist |
19389eb |
|
|
cvsdist |
0313d50 |
* Thu Mar 28 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-31
|
|
cvsdist |
0313d50 |
- libpam_misc: fix possible infinite loop in misc_conv (#62195)
|
|
cvsdist |
0313d50 |
- pam_xauth: fix cases where DISPLAY is "localhost:screen" and the xauth
|
|
cvsdist |
0313d50 |
key is actually stored using the system's hostname (#61524)
|
|
cvsdist |
0313d50 |
|
|
cvsdist |
0313d50 |
* Mon Mar 25 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-30
|
|
cvsdist |
0313d50 |
- rebuild
|
|
cvsdist |
0313d50 |
|
|
cvsdist |
035542f |
* Mon Mar 25 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-29
|
|
cvsdist |
035542f |
- rebuild
|
|
cvsdist |
035542f |
|
|
cvsdist |
035542f |
* Mon Mar 11 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-28
|
|
cvsdist |
035542f |
- include the pwdb config file
|
|
cvsdist |
035542f |
|
|
cvsdist |
035542f |
* Fri Mar 1 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-27
|
|
cvsdist |
035542f |
- adjust the pwdb-static patch to build pam_radius correctly (#59408)
|
|
cvsdist |
035542f |
|
|
cvsdist |
035542f |
* Fri Mar 1 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-26
|
|
cvsdist |
035542f |
- change the db4-devel build dependency to db3-devel
|
|
cvsdist |
035542f |
|
|
cvsdist |
035542f |
* Thu Feb 21 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-25
|
|
cvsdist |
035542f |
- rebuild
|
|
cvsdist |
035542f |
|
|
cvsdist |
035542f |
* Fri Feb 8 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-24
|
|
cvsdist |
035542f |
- pam_unix: log successful password changes
|
|
cvsdist |
035542f |
- remove pam_timestamp
|
|
cvsdist |
035542f |
|
|
cvsdist |
035542f |
* Thu Feb 7 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-23
|
|
cvsdist |
035542f |
- fix pwdb embedding
|
|
cvsdist |
035542f |
- add pam_timestamp
|
|
cvsdist |
035542f |
|
|
cvsdist |
035542f |
* Thu Jan 31 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-22
|
|
cvsdist |
035542f |
- swallow up pwdb 0.61.1 for building pam_pwdb
|
|
cvsdist |
035542f |
|
|
cvsdist |
035542f |
* Wed Jan 23 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-21
|
|
cvsdist |
035542f |
- pam_userdb: build with db4 instead of db3
|
|
cvsdist |
035542f |
|
|
cvsdist |
035542f |
* Wed Nov 22 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-20
|
|
cvsdist |
035542f |
- pam_stack: fix some memory leaks (reported by Fernando Trias)
|
|
cvsdist |
035542f |
- pam_chroot: integrate Owl patch to report the more common causes of failures
|
|
cvsdist |
a3662b1 |
|
|
cvsdist |
ee87b1b |
* Fri Nov 9 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-19
|
|
cvsdist |
ee87b1b |
- fix a bug in the getpwnam_r wrapper which sometimes resulted in false
|
|
cvsdist |
ee87b1b |
positives for non-existent users
|
|
cvsdist |
ee87b1b |
|
|
cvsdist |
ee87b1b |
* Wed Nov 7 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-18
|
|
cvsdist |
ee87b1b |
- include libpamc in the pam package (#55651)
|
|
cvsdist |
ee87b1b |
|
|
cvsdist |
ee87b1b |
* Fri Nov 2 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-17
|
|
cvsdist |
ee87b1b |
- pam_xauth: don't free a string after passing it to putenv()
|
|
cvsdist |
ee87b1b |
|
|
cvsdist |
cd929cb |
* Wed Oct 24 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-16
|
|
cvsdist |
cd929cb |
- pam_xauth: always return PAM_SUCCESS or PAM_SESSION_ERR instead of PAM_IGNORE,
|
|
cvsdist |
cd929cb |
matching the previous behavior (libpam treats PAM_IGNORE from a single module
|
|
cvsdist |
cd929cb |
in a stack as a session error, leading to false error messages if we just
|
|
cvsdist |
cd929cb |
return PAM_IGNORE for all cases)
|
|
cvsdist |
cd929cb |
|
|
cvsdist |
cd929cb |
* Mon Oct 22 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-15
|
|
cvsdist |
cd929cb |
- reorder patches so that the reentrancy patch is applied last -- we never
|
|
cvsdist |
cd929cb |
came to a consensus on how to guard against the bugs in calling applications
|
|
cvsdist |
cd929cb |
which this sort of change addresses, and having them last allows for dropping
|
|
cvsdist |
cd929cb |
in a better strategy for addressing this later on
|
|
cvsdist |
cd929cb |
|
|
cvsdist |
cd929cb |
* Mon Oct 15 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
cd929cb |
- pam_rhosts: allow "+hostname" as a synonym for "hostname" to jive better
|
|
cvsdist |
cd929cb |
with the hosts.equiv(5) man page
|
|
cvsdist |
cd929cb |
- use the automake install-sh instead of the autoconf install-sh, which
|
|
cvsdist |
cd929cb |
disappeared somewhere between 2.50 and now
|
|
cvsdist |
cd929cb |
|
|
cvsdist |
cd929cb |
* Mon Oct 8 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
cd929cb |
- add pwdb as a buildprereq
|
|
cvsdist |
cd929cb |
|
|
cvsdist |
cd929cb |
* Fri Oct 5 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
cd929cb |
- pam_tally: don't try to read past the end of faillog -- it probably contains
|
|
cvsdist |
cd929cb |
garbage, which if written into the file later on will confuse /usr/bin/faillog
|
|
cvsdist |
cd929cb |
|
|
cvsdist |
cd929cb |
* Thu Oct 4 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
cd929cb |
- pam_limits: don't just return if the user is root -- we'll want to set the
|
|
cvsdist |
cd929cb |
priority (it could be negative to elevate root's sessions)
|
|
cvsdist |
cd929cb |
- pam_issue: fix off-by-one error allocating space for the prompt string
|
|
cvsdist |
cd929cb |
|
|
cvsdist |
cd929cb |
* Wed Oct 3 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
cd929cb |
- pam_mkhomedir: recurse into subdirectories properly
|
|
cvsdist |
cd929cb |
- pam_mkhomedir: handle symlinks
|
|
cvsdist |
cd929cb |
- pam_mkhomedir: skip over special items in the skeleton directory
|
|
cvsdist |
cd929cb |
|
|
cvsdist |
cd929cb |
* Tue Oct 2 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
cd929cb |
- add cracklib as a buildprereq
|
|
cvsdist |
cd929cb |
- pam_wheel: don't ignore out if the user is attempting to switch to a
|
|
cvsdist |
cd929cb |
unprivileged user (this lets pam_wheel do its thing when users attempt
|
|
cvsdist |
cd929cb |
to get to system accounts or accounts of other unprivileged users)
|
|
cvsdist |
cd929cb |
|
|
cvsdist |
cd929cb |
* Fri Sep 28 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
cd929cb |
- pam_xauth: close a possible DoS due to use of dotlock-style locking in
|
|
cvsdist |
cd929cb |
world-writable directories by relocating the temporary file to the target
|
|
cvsdist |
cd929cb |
user's home directory
|
|
cvsdist |
cd929cb |
- general: include headers local to this tree using relative paths so that
|
|
cvsdist |
cd929cb |
system headers for PAM won't be pulled in, in case include paths don't
|
|
cvsdist |
cd929cb |
take care of it
|
|
cvsdist |
cd929cb |
|
|
cvsdist |
cd929cb |
* Thu Sep 27 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
cd929cb |
- pam_xauth: rewrite to skip refcounting and just use a temporary file
|
|
cvsdist |
cd929cb |
created using mkstemp() in /tmp
|
|
cvsdist |
cd929cb |
|
|
cvsdist |
cd929cb |
* Tue Sep 25 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
cd929cb |
- pam_userdb: fix the key_only flag so that the null-terminator of the
|
|
cvsdist |
cd929cb |
user-password string isn't expected to be part of the key in the db file,
|
|
cvsdist |
cd929cb |
matching the behavior of db_load 3.2.9
|
|
cvsdist |
cd929cb |
|
|
cvsdist |
cd929cb |
* Mon Sep 24 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
cd929cb |
- pam_unix: use crypt() instead of bigcrypt() when salted field is less than
|
|
cvsdist |
cd929cb |
the critical size which lets us know it was generated with bigcrypt()
|
|
cvsdist |
cd929cb |
- use a wrapper to handle ERANGE errors when calling get....._r functions:
|
|
cvsdist |
cd929cb |
defining PAM_GETPWNAM_R and such (for getpwnam, getpwuid, getgrnam,
|
|
cvsdist |
cd929cb |
getgrgid, and getspnam) before including _pam_macros.h will cause them
|
|
cvsdist |
cd929cb |
to be implemented as static functions, similar to how defining PAM_SM_xxx
|
|
cvsdist |
cd929cb |
is used to control whether or not PAM declares prototypes for certain
|
|
cvsdist |
cd929cb |
functions
|
|
cvsdist |
cd929cb |
|
|
cvsdist |
41a3ab7 |
* Mon Sep 24 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-14
|
|
cvsdist |
cd929cb |
- pam_unix: argh, compare entire pruned salt string with crypted result, always
|
|
cvsdist |
41a3ab7 |
|
|
cvsdist |
43335dc |
* Sat Sep 8 2001 Bill Nottingham <notting@redhat.com> 0.75-13
|
|
cvsdist |
43335dc |
- ship /lib/lib{pam,pam_misc}.so for legacy package builds
|
|
cvsdist |
43335dc |
|
|
cvsdist |
0798a27 |
* Thu Sep 6 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-12
|
|
cvsdist |
0798a27 |
- noreplace configuration files in /etc/security
|
|
cvsdist |
0798a27 |
- pam_console: update pam_console_apply and man pages to reflect
|
|
cvsdist |
0798a27 |
/var/lock -> /var/run move
|
|
cvsdist |
0798a27 |
|
|
cvsdist |
e0a9764 |
* Wed Sep 5 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-11
|
|
cvsdist |
e0a9764 |
- pam_unix: fix the fix for #42394
|
|
cvsdist |
e0a9764 |
|
|
cvsdist |
e0a9764 |
* Tue Sep 4 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
e0a9764 |
- modules: use getpwnam_r and friends instead of non-reentrant versions
|
|
cvsdist |
e0a9764 |
- pam_console: clear generated .c and .h files in "clean" makefile target
|
|
cvsdist |
e0a9764 |
|
|
cvsdist |
e0a9764 |
* Thu Aug 30 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
e0a9764 |
- pam_stack: perform deep copy of conversation structures
|
|
cvsdist |
e0a9764 |
- include the static libpam in the -devel subpackage (#52321)
|
|
cvsdist |
e0a9764 |
- move development .so and .a files to %%{_libdir}
|
|
cvsdist |
e0a9764 |
- pam_unix: don't barf on empty passwords (#51846)
|
|
cvsdist |
e0a9764 |
- pam_unix: redo compatibility with "hash,age" data wrt bigcrypt (#42394)
|
|
cvsdist |
e0a9764 |
- console.perms: add usb camera, scanner, and rio devices (#15528)
|
|
cvsdist |
e0a9764 |
- pam_cracklib: initialize all options properly (#49613)
|
|
cvsdist |
e0a9764 |
|
|
cvsdist |
e0a9764 |
* Wed Aug 22 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
e0a9764 |
- pam_limits: don't rule out negative priorities
|
|
cvsdist |
e0a9764 |
|
|
cvsdist |
e0a9764 |
* Mon Aug 13 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-10
|
|
cvsdist |
a06b5aa |
- pam_xauth: fix errors due to uninitialized data structure (fix from Tse Huong
|
|
cvsdist |
a06b5aa |
Choo)
|
|
cvsdist |
a06b5aa |
- pam_xauth: random cleanups
|
|
cvsdist |
a06b5aa |
- pam_console: use /var/run/console instead of /var/lock/console at install-time
|
|
cvsdist |
a06b5aa |
- pam_unix: fix preserving of permissions on files which are manipulated
|
|
cvsdist |
a06b5aa |
|
|
cvsdist |
2e03b4f |
* Fri Aug 10 2001 Bill Nottingham <notting@redhat.com>
|
|
cvsdist |
2e03b4f |
- fix segfault in pam_securetty
|
|
cvsdist |
2e03b4f |
|
|
cvsdist |
2e03b4f |
* Thu Aug 9 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
2e03b4f |
- pam_console: use /var/run/console instead of /var/lock/console for lock files
|
|
cvsdist |
2e03b4f |
- pam_issue: read the right number of bytes from the file
|
|
cvsdist |
2e03b4f |
|
|
cvsdist |
2e03b4f |
* Mon Jul 9 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
2e03b4f |
- pam_wheel: don't error out if the group has no members, but is the user's
|
|
cvsdist |
2e03b4f |
primary GID (reported by David Vos)
|
|
cvsdist |
2e03b4f |
- pam_unix: preserve permissions on files which are manipulated (#43706)
|
|
cvsdist |
2e03b4f |
- pam_securetty: check if the user is the superuser before checking the tty,
|
|
cvsdist |
2e03b4f |
thereby allowing regular users access to services which don't set the
|
|
cvsdist |
2e03b4f |
PAM_TTY item (#39247)
|
|
cvsdist |
2e03b4f |
- pam_access: define NIS and link with libnsl (#36864)
|
|
cvsdist |
2e03b4f |
|
|
cvsdist |
2e03b4f |
* Thu Jul 5 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
2e03b4f |
- link libpam_misc against libpam
|
|
cvsdist |
2e03b4f |
|
|
cvsdist |
2e03b4f |
* Tue Jul 3 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
2e03b4f |
- pam_chroot: chdir() before chroot()
|
|
cvsdist |
2e03b4f |
|
|
cvsdist |
2e03b4f |
* Fri Jun 29 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
2e03b4f |
- pam_console: fix logic bug when changing permissions on single
|
|
cvsdist |
2e03b4f |
file and/or lists of files
|
|
cvsdist |
2e03b4f |
- pam_console: return the proper error code (reported and patches
|
|
cvsdist |
2e03b4f |
for both from Frederic Crozat)
|
|
cvsdist |
2e03b4f |
- change deprecated Copyright: tag in .spec file to License:
|
|
cvsdist |
2e03b4f |
|
|
cvsdist |
2e03b4f |
* Mon Jun 25 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
2e03b4f |
- console.perms: change js* to js[0-9]*
|
|
cvsdist |
2e03b4f |
- include pam_aconf.h in more modules (patches from Harald Welte)
|
|
cvsdist |
2e03b4f |
|
|
cvsdist |
2e03b4f |
* Thu May 24 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
2e03b4f |
- console.perms: add apm_bios to the list of devices the console owner can use
|
|
cvsdist |
2e03b4f |
- console.perms: add beep to the list of sound devices
|
|
cvsdist |
2e03b4f |
|
|
cvsdist |
2e03b4f |
* Mon May 7 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
2e03b4f |
- link pam_console_apply statically with libglib (#38891)
|
|
cvsdist |
2e03b4f |
|
|
cvsdist |
2e03b4f |
* Mon Apr 30 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
2e03b4f |
- pam_access: compare IP addresses with the terminating ".", as documented
|
|
cvsdist |
2e03b4f |
(patch from Carlo Marcelo Arenas Belon, I think) (#16505)
|
|
cvsdist |
2e03b4f |
|
|
cvsdist |
2e03b4f |
* Mon Apr 23 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
2e03b4f |
- merge up to 0.75
|
|
cvsdist |
2e03b4f |
- pam_unix: temporarily ignore SIGCHLD while running the helper
|
|
cvsdist |
2e03b4f |
- pam_pwdb: temporarily ignore SIGCHLD while running the helper
|
|
cvsdist |
2e03b4f |
- pam_dispatch: default to uncached behavior if the cached chain is empty
|
|
cvsdist |
2e03b4f |
|
|
cvsdist |
5a39518 |
* Fri Apr 6 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
5a39518 |
- correct speling errors in various debug messages and doc files (#33494)
|
|
cvsdist |
5a39518 |
|
|
cvsdist |
5a39518 |
* Thu Apr 5 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
5a39518 |
- prereq sed, fileutils (used in %%post)
|
|
cvsdist |
5a39518 |
|
|
cvsdist |
5a39518 |
* Wed Apr 4 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
5a39518 |
- remove /dev/dri from console.perms -- XFree86 munges it, so it's outside of
|
|
cvsdist |
5a39518 |
our control (reminder from Daryll Strauss)
|
|
cvsdist |
5a39518 |
- add /dev/3dfx to console.perms
|
|
cvsdist |
5a39518 |
|
|
cvsdist |
5a39518 |
* Fri Mar 23 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
5a39518 |
- pam_wheel: make 'trust' and 'deny' work together correctly
|
|
cvsdist |
5a39518 |
- pam_wheel: also check the user's primary gid
|
|
cvsdist |
5a39518 |
- pam_group: also initialize groups when called with PAM_REINITIALIZE_CRED
|
|
cvsdist |
5a39518 |
|
|
cvsdist |
5a39518 |
* Tue Mar 20 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
5a39518 |
- mention pam_console_apply in the see also section of the pam_console man pages
|
|
cvsdist |
5a39518 |
|
|
cvsdist |
5a39518 |
* Fri Mar 16 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
5a39518 |
- console.perms: /dev/vc/* should be a regexp, not a glob (thanks to
|
|
cvsdist |
5a39518 |
Charles Lopes)
|
|
cvsdist |
5a39518 |
|
|
cvsdist |
5a39518 |
* Mon Mar 12 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
5a39518 |
- console.perms: /dev/cdroms/* should belong to the user, from Douglas
|
|
cvsdist |
5a39518 |
Gilbert via Tim Waugh
|
|
cvsdist |
5a39518 |
|
|
cvsdist |
5a39518 |
* Thu Mar 8 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
5a39518 |
- pam_console_apply: muck with devices even if the mount point doesn't exist
|
|
cvsdist |
5a39518 |
|
|
cvsdist |
5a39518 |
* Wed Mar 7 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
5a39518 |
- pam_console: error out on undefined classes in pam_console config file
|
|
cvsdist |
5a39518 |
- console.perms: actually change the permissions on the new device classes
|
|
cvsdist |
5a39518 |
- pam_console: add an fstab= argument, and -f and -c flags to pam_console_apply
|
|
cvsdist |
5a39518 |
- pam_console: use g_log instead of g_critical when bailing out
|
|
cvsdist |
5a39518 |
- console.perms: logins on /dev/vc/* are also console logins, from Douglas
|
|
cvsdist |
5a39518 |
Gilbert via Tim Waugh
|
|
cvsdist |
5a39518 |
|
|
cvsdist |
5a39518 |
* Tue Mar 6 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
5a39518 |
- add pam_console_apply
|
|
cvsdist |
5a39518 |
- /dev/pilot's usually a serial port (or a USB serial port), so revert its
|
|
cvsdist |
5a39518 |
group to 'uucp' instead of 'tty' in console.perms
|
|
cvsdist |
5a39518 |
- change pam_console's behavior wrt directories -- directories which are
|
|
cvsdist |
5a39518 |
mount points according to /etc/fstab are taken to be synonymous with
|
|
cvsdist |
5a39518 |
their device special nodes, and directories which are not mount points
|
|
cvsdist |
5a39518 |
are ignored
|
|
cvsdist |
5a39518 |
|
|
cvsdist |
5a39518 |
* Tue Feb 27 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
5a39518 |
- handle errors fork()ing in pam_xauth
|
|
cvsdist |
5a39518 |
- make the "other" config noreplace
|
|
cvsdist |
5a39518 |
|
|
cvsdist |
5a39518 |
* Mon Feb 26 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
5a39518 |
- user should own the /dev/video directory, not the non-existent /dev/v4l
|
|
cvsdist |
5a39518 |
- tweak pam_limits doc
|
|
cvsdist |
5a39518 |
|
|
cvsdist |
5a39518 |
* Wed Feb 21 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
5a39518 |
- own /etc/security
|
|
cvsdist |
5a39518 |
- be more descriptive when logging messages from pam_limits
|
|
cvsdist |
5a39518 |
- pam_listfile: remove some debugging code (#28346)
|
|
cvsdist |
5a39518 |
|
|
cvsdist |
5a39518 |
* Mon Feb 19 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
5a39518 |
- pam_lastlog: don't pass NULL to logwtmp()
|
|
cvsdist |
5a39518 |
|
|
cvsdist |
5a39518 |
* Fri Feb 16 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
5a39518 |
- pam_listfile: fix argument parser (#27773)
|
|
cvsdist |
5a39518 |
- pam_lastlog: link to libutil
|
|
cvsdist |
5a39518 |
|
|
cvsdist |
5a39518 |
* Tue Feb 13 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
5a39518 |
- pam_limits: change the documented default config file to reflect the defaults
|
|
cvsdist |
5a39518 |
- pam_limits: you should be able to log in a total of maxlogins times, not
|
|
cvsdist |
5a39518 |
(maxlogins - 1)
|
|
cvsdist |
5a39518 |
- handle group limits on maxlogins correctly (#25690)
|
|
cvsdist |
5a39518 |
|
|
cvsdist |
5a39518 |
* Mon Feb 12 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
5a39518 |
- change the pam_xauth default maximum "system user" ID from 499 to 99 (#26343)
|
|
cvsdist |
5a39518 |
|
|
cvsdist |
5a39518 |
* Wed Feb 7 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
5a39518 |
- refresh the default system-auth file, pam_access is out
|
|
cvsdist |
5a39518 |
|
|
cvsdist |
5a39518 |
* Mon Feb 5 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
5a39518 |
- actually time out when attempting to lckpwdf() (#25889)
|
|
cvsdist |
5a39518 |
- include time.h in pam_issue (#25923)
|
|
cvsdist |
5a39518 |
- update the default system-auth to the one generated by authconfig 4.1.1
|
|
cvsdist |
5a39518 |
- handle getpw??? and getgr??? failures more gracefully (#26115)
|
|
cvsdist |
5a39518 |
- get rid of some extraneous {set,end}{pw,gr}ent() calls
|
|
cvsdist |
5a39518 |
|
|
cvsdist |
5a39518 |
* Tue Jan 30 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
5a39518 |
- overhaul pam_stack to account for abstraction libpam now provides
|
|
cvsdist |
5a39518 |
|
|
cvsdist |
5a39518 |
* Tue Jan 23 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
2e03b4f |
- remove pam_radius at request of author
|
|
cvsdist |
5a39518 |
|
|
cvsdist |
5a39518 |
* Mon Jan 22 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
5a39518 |
- merge to 0.74
|
|
cvsdist |
5a39518 |
- make console.perms match perms set by MAKEDEV, and add some devfs device names
|
|
cvsdist |
5a39518 |
- add 'sed' to the buildprereq list (#24666)
|
|
cvsdist |
5a39518 |
|
|
cvsdist |
5a39518 |
* Sun Jan 21 2001 Matt Wilson <msw@redhat.com>
|
|
|
0b9c1ba |
- added "exit 0" to the end of the pre script
|
|
cvsdist |
5a39518 |
|
|
cvsdist |
5a39518 |
* Fri Jan 19 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
5a39518 |
- self-hosting fix from Guy Streeter
|
|
cvsdist |
5a39518 |
|
|
cvsdist |
5a39518 |
* Wed Jan 17 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
5a39518 |
- use gcc for LD_L to pull in intrinsic stuff on ia64
|
|
cvsdist |
5a39518 |
|
|
cvsdist |
5a39518 |
* Fri Jan 12 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
5a39518 |
- take another whack at compatibility with "hash,age" data in pam_unix (#21603)
|
|
cvsdist |
5a39518 |
|
|
cvsdist |
5a39518 |
* Wed Jan 10 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
5a39518 |
- make the -devel subpackage unconditional
|
|
cvsdist |
5a39518 |
|
|
cvsdist |
5a39518 |
* Tue Jan 9 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
5a39518 |
- merge/update to 0.73
|
|
cvsdist |
5a39518 |
|
|
cvsdist |
5a39518 |
* Mon Dec 18 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
5a39518 |
- refresh from CVS -- some weird stuff crept into pam_unix
|
|
cvsdist |
5a39518 |
|
|
cvsdist |
5a39518 |
* Wed Dec 12 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
5a39518 |
- fix handling of "nis" when changing passwords by adding the checks for the
|
|
cvsdist |
5a39518 |
data source to the password-updating module in pam_unix
|
|
cvsdist |
5a39518 |
- add the original copyright for pam_access (fix from Michael Gerdts)
|
|
cvsdist |
5a39518 |
|
|
cvsdist |
69b5f73 |
* Thu Nov 30 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
69b5f73 |
- redo similar() using a distance algorithm and drop the default dif_ok to 5
|
|
cvsdist |
5a39518 |
- readd -devel
|
|
cvsdist |
69b5f73 |
|
|
cvsdist |
69b5f73 |
* Wed Nov 29 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
69b5f73 |
- fix similar() function in pam_cracklib (#14740)
|
|
cvsdist |
69b5f73 |
- fix example in access.conf (#21467)
|
|
cvsdist |
69b5f73 |
- add conditional compilation for building for 6.2 (for pam_userdb)
|
|
cvsdist |
69b5f73 |
- tweak post to not use USESHADOW any more
|
|
cvsdist |
69b5f73 |
|
|
cvsdist |
69b5f73 |
* Tue Nov 28 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
69b5f73 |
- make EINVAL setting lock limits in pam_limits non-fatal, because it's a 2.4ism
|
|
cvsdist |
69b5f73 |
|
|
cvsdist |
69b5f73 |
* Tue Nov 21 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
69b5f73 |
- revert to DB 3.1, which is what we were supposed to be using from the get-go
|
|
cvsdist |
69b5f73 |
|
|
cvsdist |
69b5f73 |
* Mon Nov 20 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
69b5f73 |
- add RLIMIT_LOCKS to pam_limits (patch from Jes Sorensen) (#20542)
|
|
cvsdist |
69b5f73 |
- link pam_userdb to Berkeley DB 2.x to match 6.2's setup correctly
|
|
cvsdist |
69b5f73 |
|
|
cvsdist |
69b5f73 |
* Mon Nov 6 2000 Matt Wilson <msw@redhat.com>
|
|
cvsdist |
69b5f73 |
- remove prereq on sh-utils, test ([) is built in to bash
|
|
cvsdist |
69b5f73 |
|
|
cvsdist |
69b5f73 |
* Thu Oct 19 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
69b5f73 |
- fix the pam_userdb module breaking
|
|
cvsdist |
69b5f73 |
|
|
cvsdist |
69b5f73 |
* Wed Oct 18 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
69b5f73 |
- fix pam_unix likeauth argument for authenticate(),setcred(),setcred()
|
|
cvsdist |
69b5f73 |
|
|
cvsdist |
69b5f73 |
* Tue Oct 17 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
69b5f73 |
- tweak pre script to be called in all upgrade cases
|
|
cvsdist |
69b5f73 |
- get pam_unix to only care about the significant pieces of passwords it checks
|
|
cvsdist |
69b5f73 |
- add /usr/include/db1/db.h as a build prereq to pull in the right include
|
|
cvsdist |
69b5f73 |
files, no matter whether they're in glibc-devel or db1-devel
|
|
cvsdist |
69b5f73 |
- pam_userdb.c: include db1/db.h instead of db.h
|
|
cvsdist |
69b5f73 |
|
|
cvsdist |
69b5f73 |
* Wed Oct 11 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
69b5f73 |
- add BuildPrereq for bison (suggested by Bryan Stillwell)
|
|
cvsdist |
69b5f73 |
|
|
cvsdist |
69b5f73 |
* Fri Oct 6 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
69b5f73 |
- patch from Dmitry V. Levin to have pam_stack propagate the PAM fail_delay
|
|
cvsdist |
69b5f73 |
- roll back the README for pam_xauth to actually be the right one
|
|
cvsdist |
69b5f73 |
- tweak pam_stack to use the parent's service name when calling the substack
|
|
cvsdist |
69b5f73 |
|
|
cvsdist |
69b5f73 |
* Wed Oct 4 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
69b5f73 |
- create /etc/sysconfig/authconfig at install-time if upgrading
|
|
cvsdist |
69b5f73 |
|
|
cvsdist |
69b5f73 |
* Mon Oct 2 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
69b5f73 |
- modify the files list to make sure #16456 stays fixed
|
|
cvsdist |
69b5f73 |
- make pam_stack track PAM_AUTHTOK and PAM_OLDAUTHTOK items
|
|
cvsdist |
69b5f73 |
- add pam_chroot module
|
|
cvsdist |
69b5f73 |
- self-hosting fixes from the -devel split
|
|
cvsdist |
69b5f73 |
- update generated docs in the tree
|
|
cvsdist |
69b5f73 |
|
|
cvsdist |
69b5f73 |
* Tue Sep 12 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
69b5f73 |
- split off a -devel subpackage
|
|
cvsdist |
69b5f73 |
- install the developer man pages
|
|
cvsdist |
69b5f73 |
|
|
cvsdist |
69b5f73 |
* Sun Sep 10 2000 Bill Nottingham <notting@redhat.com>
|
|
cvsdist |
69b5f73 |
- build libraries before modules
|
|
cvsdist |
69b5f73 |
|
|
cvsdist |
69b5f73 |
* Wed Sep 6 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
69b5f73 |
- fix problems when looking for headers in /usr/include (#17236)
|
|
cvsdist |
69b5f73 |
- clean up a couple of compile warnings
|
|
cvsdist |
69b5f73 |
|
|
cvsdist |
d1a852a |
* Tue Aug 22 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
d1a852a |
- give users /dev/cdrom* instead of /dev/cdrom in console.perms (#16768)
|
|
cvsdist |
d1a852a |
- add nvidia control files to console.perms
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Tue Aug 22 2000 Bill Nottingham <notting@redhat.com>
|
|
cvsdist |
d1a852a |
- add DRI devices to console.perms (#16731)
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Thu Aug 17 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
d1a852a |
- move pam_filter modules to /lib/security/pam_filter (#16111)
|
|
cvsdist |
d1a852a |
- add pam_tally's application to allow counts to be reset (#16456)
|
|
cvsdist |
d1a852a |
- move README files to the txts subdirectory
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Mon Aug 14 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
d1a852a |
- add a postun that runs ldconfig
|
|
cvsdist |
d1a852a |
- clean up logging in pam_xauth
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Fri Aug 4 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
d1a852a |
- make the tarball include the release number in its name
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Mon Jul 31 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
d1a852a |
- add a broken_shadow option to pam_unix
|
|
cvsdist |
d1a852a |
- add all module README files to the documentation list (#16456)
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Wed Jul 25 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
d1a852a |
- fix pam_stack debug and losing-track-of-the-result bug
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Tue Jul 24 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
d1a852a |
- rework pam_console's usage of syslog to actually be sane (#14646)
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Sat Jul 22 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
d1a852a |
- take the LOG_ERR flag off of some of pam_console's new messages
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Fri Jul 21 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
d1a852a |
- add pam_localuser
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Wed Jul 12 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
d1a852a |
- need to make pam_console's checking a little stronger
|
|
cvsdist |
d1a852a |
- only pass data up from pam_stack if the parent didn't already define it
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Wed Jul 12 2000 Prospector <bugzilla@redhat.com>
|
|
cvsdist |
d1a852a |
- automatic rebuild
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Tue Jul 11 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
d1a852a |
- make pam_console's extra checks disableable
|
|
cvsdist |
d1a852a |
- simplify extra check to just check if the device owner is root
|
|
cvsdist |
d1a852a |
- add a debug log when pam_stack comes across a NULL item
|
|
cvsdist |
d1a852a |
- have pam_stack hand items up to the parent from the child
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Mon Jul 3 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
d1a852a |
- fix installation of pam_xauth man pages (#12417)
|
|
cvsdist |
d1a852a |
- forcibly strip helpers (#12430)
|
|
cvsdist |
d1a852a |
- try to make pam_console a little more discriminating
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Mon Jun 19 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
0b9c1ba |
- symlink libpam.so to libpam.so.%%{version}, and likewise for libpam_misc
|
|
cvsdist |
d1a852a |
- reverse order of checks in _unix_getpwnam for pam_unix
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Wed Jun 14 2000 Preston Brown <pbrown@redhat.com>
|
|
cvsdist |
d1a852a |
- include gpmctl in pam_console
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Mon Jun 05 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
d1a852a |
- add MANDIR definition and use it when installing man pages
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Mon Jun 05 2000 Preston Brown <pbrown@redhat.com>
|
|
cvsdist |
d1a852a |
- handle scanner and cdwriter devices in pam_console
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Sat Jun 3 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
d1a852a |
- add account management wrappers for pam_listfile, pam_nologin, pam_securetty,
|
|
cvsdist |
d1a852a |
pam_shells, and pam_wheel
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Thu Jun 1 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
d1a852a |
- add system-auth control file
|
|
cvsdist |
d1a852a |
- let gethostname() call in pam_access.c be implicitly declared to avoid
|
|
cvsdist |
d1a852a |
conflicting types if unistd.c declares it
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Mon May 15 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
d1a852a |
- fix problems compiling on Red Hat Linux 5.x (bug #11005)
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Wed Apr 26 2000 Bill Nottingham <notting@redhat.com>
|
|
cvsdist |
d1a852a |
- fix size assumptions in pam_(pwdb|unix) md5 code
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Mon Mar 20 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
d1a852a |
- Add new pam_stack module.
|
|
cvsdist |
d1a852a |
- Install pwdb_chkpwd and unix_chkpwd as the current user for non-root builds
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Sat Feb 05 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
d1a852a |
- Fix pam_xauth bug #6191.
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Thu Feb 03 2000 Elliot Lee <sopwith@redhat.com>
|
|
cvsdist |
d1a852a |
- Add a patch to accept 'pts/N' in /etc/securetty as a match for tty '5'
|
|
cvsdist |
d1a852a |
(which is what other pieces of the system think it is). Fixes bug #7641.
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Mon Jan 31 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
d1a852a |
- argh, turn off gratuitous debugging
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Wed Jan 19 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
cvsdist |
d1a852a |
- update to 0.72
|
|
cvsdist |
d1a852a |
- fix pam_unix password-changing bug
|
|
cvsdist |
d1a852a |
- fix pam_unix's cracklib support
|
|
cvsdist |
d1a852a |
- change package URL
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Mon Jan 03 2000 Cristian Gafton <gafton@redhat.com>
|
|
cvsdist |
d1a852a |
- don't allow '/' on service_name
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Thu Oct 21 1999 Cristian Gafton <gafton@redhat.com>
|
|
cvsdist |
d1a852a |
- enhance the pam_userdb module some more
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Fri Sep 24 1999 Cristian Gafton <gafton@redhat.com>
|
|
cvsdist |
d1a852a |
- add documenatation
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Tue Sep 21 1999 Michael K. Johnson <johnsonm@redhat.com>
|
|
cvsdist |
d1a852a |
- a tiny change to pam_console to make it not loose track of console users
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Mon Sep 20 1999 Michael K. Johnson <johnsonm@redhat.com>
|
|
cvsdist |
d1a852a |
- a few fixes to pam_xauth to make it more robust
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Wed Jul 14 1999 Michael K. Johnson <johnsonm@redhat.com>
|
|
cvsdist |
d1a852a |
- pam_console: added <xconsole> to manage /dev/console
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Thu Jul 01 1999 Michael K. Johnson <johnsonm@redhat.com>
|
|
cvsdist |
d1a852a |
- pam_xauth: New refcounting implementation based on idea from Stephen Tweedie
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Sat Apr 17 1999 Michael K. Johnson <johnsonm@redhat.com>
|
|
cvsdist |
d1a852a |
- added video4linux devices to /etc/security/console.perms
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Fri Apr 16 1999 Michael K. Johnson <johnsonm@redhat.com>
|
|
cvsdist |
d1a852a |
- added joystick lines to /etc/security/console.perms
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Thu Apr 15 1999 Michael K. Johnson <johnsonm@redhat.com>
|
|
cvsdist |
d1a852a |
- fixed a couple segfaults in pam_xauth uncovered by yesterday's fix...
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Wed Apr 14 1999 Cristian Gafton <gafton@redhat.com>
|
|
cvsdist |
d1a852a |
- use gcc -shared to link the shared libs
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Wed Apr 14 1999 Michael K. Johnson <johnsonm@redhat.com>
|
|
cvsdist |
d1a852a |
- many bug fixes in pam_xauth
|
|
cvsdist |
d1a852a |
- pam_console can now handle broken applications that do not set
|
|
cvsdist |
d1a852a |
the PAM_TTY item.
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Tue Apr 13 1999 Michael K. Johnson <johnsonm@redhat.com>
|
|
cvsdist |
d1a852a |
- fixed glob/regexp confusion in pam_console, added kbd and fixed fb devices
|
|
cvsdist |
d1a852a |
- added pam_xauth module
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Sat Apr 10 1999 Cristian Gafton <gafton@redhat.com>
|
|
cvsdist |
d1a852a |
- pam_lastlog does wtmp handling now
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Thu Apr 08 1999 Michael K. Johnson <johnsonm@redhat.com>
|
|
cvsdist |
d1a852a |
- added option parsing to pam_console
|
|
cvsdist |
d1a852a |
- added framebuffer devices to default console.perms settings
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Wed Apr 07 1999 Cristian Gafton <gafton@redhat.com>
|
|
cvsdist |
d1a852a |
- fixed empty passwd handling in pam_pwdb
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Mon Mar 29 1999 Michael K. Johnson <johnsonm@redhat.com>
|
|
cvsdist |
d1a852a |
- changed /dev/cdrom default user permissions back to 0600 in console.perms
|
|
cvsdist |
d1a852a |
because some cdrom players open O_RDWR.
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Fri Mar 26 1999 Michael K. Johnson <johnsonm@redhat.com>
|
|
cvsdist |
d1a852a |
- added /dev/jaz and /dev/zip to console.perms
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Thu Mar 25 1999 Michael K. Johnson <johnsonm@redhat.com>
|
|
cvsdist |
d1a852a |
- changed the default user permissions for /dev/cdrom to 0400 in console.perms
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Fri Mar 19 1999 Michael K. Johnson <johnsonm@redhat.com>
|
|
cvsdist |
d1a852a |
- fixed a few bugs in pam_console
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Thu Mar 18 1999 Michael K. Johnson <johnsonm@redhat.com>
|
|
cvsdist |
d1a852a |
- pam_console authentication working
|
|
cvsdist |
d1a852a |
- added /etc/security/console.apps directory
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Mon Mar 15 1999 Michael K. Johnson <johnsonm@redhat.com>
|
|
cvsdist |
d1a852a |
- added pam_console files to filelist
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Fri Feb 12 1999 Cristian Gafton <gafton@redhat.com>
|
|
cvsdist |
d1a852a |
- upgraded to 0.66, some source cleanups
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Mon Dec 28 1998 Cristian Gafton <gafton@redhat.com>
|
|
cvsdist |
d1a852a |
- add patch from Savochkin Andrey Vladimirovich <saw@msu.ru> for umask
|
|
cvsdist |
d1a852a |
security risk
|
|
cvsdist |
d1a852a |
|
|
cvsdist |
d1a852a |
* Fri Dec 18 1998 Cristian Gafton <gafton@redhat.com>
|
|
cvsdist |
d1a852a |
- upgrade to ver 0.65
|
|
cvsdist |
d1a852a |
- build the package out of internal CVS server
|