Created by James Westby on 2009-06-27 and last modified on 2009-06-27
Get this branch:
bzr branch lp:ubuntu/intrepid-proposed/pam
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

46. By Steve Langasek on 2009-03-09

pam-auth-update: trim leading whitespace from multiline fields when
parsing PAM profiles. LP: #295441.

45. By Steve Langasek on 2008-11-05

No-change rebuild because the archive admin (me) copied the package
to jaunty too soon.

44. By Kees Cook on 2008-11-05

Allow passwords to change on expired accounts, by passing
new_authtok_reqd return codes immediately (LP: #291091).

43. By Steve Langasek on 2008-10-15

* debian/libpam0g.postinst: change 'cupsys' to 'cups' in the list of
  default desktop services that are ignored in deciding whether to prompt
  for service restarts on upgrade. Partially addresses LP #278117.
* debian/libpam0g.postinst: also filter out samba, which may be installed
  on the desktop to enable filesharing.
* debian/libpam-cracklib.prerm, debian/libpam-runtime.prerm: add the
  ubiquitous debhelper tokens (currently a no-op)
* pam-auth-update: Use -Initial only for the first profile, even when
  there's no explicit -Initial config for that first profile
* fix common-session/common-password to use the same overall stack
  structure as auth/account, so that we get the correct behavior when
  all password modules fail. LP: #272232.

42. By Steve Langasek on 2008-09-23

Fix a bug in the parser that caused spewing of errors when there
were more lines in the config file following the managed block.
LP: #270328.

41. By Steve Langasek on 2008-09-16

Fix up the code that saves state to /var/lib/pam, so that it matches
what's expected by the code which later compares the saved and active
profiles in the case that there are both primary and additional
modules present.

40. By Steve Langasek on 2008-09-13

Brown paper bag bug: fix a missing comma in pam-auth-update.

39. By Steve Langasek on 2008-09-13

* Merge from Debian unstable
* Remaining changes:
  - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not
    present there or in /etc/security/pam_env.conf. (should send to Debian).
  - debian/libpam0g.postinst: only ask questions during update-manager when
    there are non-default services running.
  - debian/patches-applied/series: Ubuntu patches are as below ...
  - debian/patches-applied/ubuntu-fix_standard_types: Use standard u_int8_t
    type rather than __u8.
  - debian/patches-applied/ubuntu-no-error-if-missingok: add a new, magic
    module option 'missingok' which will suppress logging of errors by
    libpam if the module is not found.
  - debian/patches-applied/ubuntu-regression_fix_securetty: prompt for
    password on bad username.
  - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly
    initialise RLIMIT_NICE rather than relying on the kernel limits.
  - debian/patches-applied/ubuntu-user_defined_environment: Look at
    ~/.pam_environment too, with the same format as
    /etc/security/pam_env.conf. (Originally patch 100; converted to quilt.)
  - Change Vcs-Bzr to point at the Ubuntu branch.
  - debian/local/pam-auth-update (et al): new interface for managing
    /etc/pam.d/common-*, using drop-in config snippets provided by module
  - debian/local/common-password, debian/pam-configs/unix: switch from
    "md5" to "sha512" as password crypt default.
* Bump the version numbers referenced in the config files, again, as pam
  has revved in Debian and moved the bar.
* debian/pam-config/*: refine the password profiles to use a 'primary'
  block, to better parallel the auth structure.
* Drop '-Final' from the field names in /usr/share/pam-configs, supporting
  these field names for backwards compatibility only
* Bump the dependency version requirement to 1.0.1-4ubuntu1 for the above

38. By Steve Langasek on 2008-08-26

[ Steve Langasek ]
* Never remove the .pam-old files; just avoid creating them if --force isn't
* Add a manpage for pam-auth-update.
* Automatically upgrade the boilerplate for /etc/pam.d/common-* if we
  detect that they have not been locally modified.

[ Kees Cook ]
* debian/local/common-password, debian/pam-configs/unix: switch from "md5"
  to "sha512" as password crypt default.

37. By Steve Langasek on 2008-08-22

If two profiles have the same Priority, sort by the profile name to
ensure a complete sort so we can filter out all the duplicates from the
list and not write out broken configs. LP: #260371.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.