lp:ubuntu/oneiric/nss-pam-ldapd
- Get this branch:
- bzr branch lp:ubuntu/oneiric/nss-pam-ldapd
Branch merges
Branch information
- Owner:
- Ubuntu branches
- Status:
- Mature
Recent revisions
- 14. By Arthur de Jong
-
* fix handling of idle_timelimit option
* fix error code for problem while doing password modification - 13. By Arthur de Jong
-
set a short socket timeout when shutting down the connection to the LDAP
server to avoid disconnect problems when using TLS
(addresses part of #596983) - 12. By Arthur de Jong
-
* updated Vietnamese debconf translation by Clytie Siddall (closes: #598500)
* grow the buffer for the PAM ruser to not reject logins for users with
a ruser including a domain part (closes: #600065) - 11. By Arthur de Jong
-
handle errors from ldap_result() better and disconnect (and reconnect)
in more cases (closes: #596983) - 10. By Arthur de Jong
-
* fix for --with-
nss-ldap- soname configure option by Julien Cristau
* fix double "be" in English template thanks to Christian Perrier
(closes: #593646)
* updated Czech debconf translation by Miroslav Kure (closes: #593510)
* updated Simplified Chinese debconf translation by zym
* updated Italian debconf translation by Vincenzo Campanella
* updated Japanese debconf translation by Kenshi Muto (closes: #593692)
* updated Danish debconf translation by Joe Hansen (closes: #594205)
* updated French debconf translation by Christian Perrier (closes: #594311)
* updated German debconf translation by Chris Leick (closes: #594456)
* updated Catalan debconf translation by Agusti Grau
* updated Swedish debconf translation by Martin Ågren (closes: #594679)
* updated Spanish debconf translation by Francisco Javier Cuadrado
(closes: #594723) - 9. By Arthur de Jong
-
* minor portability improvements and clean-ups (thanks Alexander V.
Chernikov and Ted C. Cheng)
* don't expand variables in rest of ${var:-rest} and ${var:+rest}
expressions if it is not needed (closes: #592320)
* libpam-ldapd.postinst: offer to add ldap to shadow in nsswitch.conf if
a potential broken configuration is found (closes: #592104)
(thanks to Justin B Rye for the template review)
* merge the suggests of libnss-ldapd and libpam-ldapd into those of the
nslcd package to have a single consistent list of PAM alternatives
(closes: #591773)
* add libpam-sss as an alternative to libpam-ldapd (closes: #591773)
* upgrade to standards-version 3.9.1 (no changes needed)
* updated Portuguese debconf translation by Américo Monteir
(closes: #593404)
* updated Russian debconf translation by Yuri Kozlov (closes: #593491)
* added Norwegian Bokmål debconf translation by Bjørn Steensrud
(closes: #593501) - 8. By Arthur de Jong
-
* don't use use_authtok for password modification by default
* fine-tune pam-auth-update configuration after discussion with Steve
Langasek (see: #583492)
Note that this currently requires that shadow information is also provided
by LDAP (in /etc/nsswitch.conf).
* ensure that nslcd is started after hostname lookups are available so
getting to the LDAP server via DNS will work (patch by Petter
Reinholdtsen) (closes: #585968)
* start k5start from the init script to keep the Kerberos ticket active if
nslcd is configured for SASL GSSAPI Kerberos authentication, based on a
patch by Daniel Dehennin (closes: #585639)
* upgrade to standards-version 3.9.0 (switch to Breaks/Replaces instead of
Conflicts)
* refactoring and simplification of PAM module which also improves logging
* implement a nullok PAM option and disable empty passwords by default
* portability improvements and other minor code improvements
* the mechanism to disable name lookups through LDAP from within the nslcd
process has been improved
* the undocumented use_sasl option has been removed (specifying sasl_mech
now implies use_sasl)
* the sasl_mech, sasl_realm, sasl_authcid, sasl_authzid and sasl_secprops
configuration options are now documented - 7. By Arthur de Jong
-
* include libpam-heimdal in libnss-ldapd recommends list of PAM
implementations (closes: #582407)
* fix a problem with empty attributes if expression-based attribute
mapping is used (patch by Nalin Dahyabhai)
* make debug logging for pam_authz_search option a little more informative
* documentation improvements
* update pam-auth-update configuration to always perform LDAP autorisation
for LDAP users - 6. By Arthur de Jong
-
* fix a problem in the session handling of the PAM module if the minimum_uid
option was used (Debian package default)
* refactor the PAM module code to be simpler and better maintainable
* perform logging from PAM module to syslog and support the debug option to
log more information
* Switch to "3.0 (native)" format. - 5. By Arthur de Jong
-
* fix a buffer overflow that should have no security consequences
* perform proper fail-over when authenticating in the PAM module
(closes: #577593)
* add an nss_initgroups_ignoreusers option to ignore user name to group
lookups for the specified users
* add an pam_authz_search option to perform a flexible authorisation check
on login (e.g. to restrict which users can login to which hosts, etc)
* implement a minimum_uid option for the PAM module to ignore users that
have a lower numeric user id and make 1000 the default value for Debian
(closes: #579574)
* change the way retries are done to error out quicker if the LDAP server
is down for some time (this should make the system more responsive when
the LDAP server is unavailable) and rename the reconnect_maxsleeptime
option to reconnect_retrytime to better describe the behaviour
* only log "connected to LDAP server" if the previous connection failed
(closes: #483795)
* documentation improvements
* debian/nslcd.config: also parse /etc/ldap.conf for systems that put NSS
and PAM configuration there
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/precise/nss-pam-ldapd