pam-modules -- history of user-visible changes. 2015-08-04 Copyright (C) 2001, 2004-2005, 2007-2012, 2015 Sergey Poznyakoff See the end of file for copying conditions. Please send pam-modules bug reports to Version 2.1, 2015-08-04 Fix documentation. Version 2.0, 2015-02-26 * pam_ldaphome reads LDAP configuration from /etc/ldap.conf This is in addition to its regular configuration file. * pam_ldaphome runs inirc-command with user privileges To run the command with root privileges, the configuration variable initrc-root must be set to true. * New pam_ldaphome variable: user-keys-boundary User key files can contain both keys managed by pam_ldaphome and added by the user. These two groups of keys must be separated by a special comment line, which informs pam_ldaphome that all keys below it must be retained. This feature is enabled by the user-keys-boundary configuration setting. Its value defines a string which, when used after a '#' character, forms the delimiting comment. E.g. if the configuration file contains: user-keys-boundary :user then the line '#:user' can be used to delimit ldap-synchronized and user-specific keys. * audit option All modules now support 'audit' option, which is equivalent to debug=100, i.e. it enables logging maximum debugging output. * pam_fshadow is built on all systems Version 1.9, 2014-05-21 * New module pam_groupmember Tests whether the user is a member of one or more groups. * pam_ldaphome can invoke an external program An external program defined with the inirc-command keyword is run in the newly created user's home directory. It can be used for per-user customization of the files copied from the skeleton dir. The examples directory contains a perl program "usergitconfig", which, when used as inirc-command, initializes the user's .gitconfig file. * New auxiliary utilities ** ldappubkey The `ldappubkey' utility is a simple Perl program which takes user login name as its argument and produces on the standard output public ssh keys for that user, each on a separate line. The program is designed for use with `openssh' version 6.2p1 or higher. ** usergitconfig Customizes user's `.gitconfig' file using attributes from his LDAP entry. This utility can be used with the initrc-command statement in pam_ldaphome.conf file. * Bugfixes Version 1.8, 2013-07-29 * pam_ldaphome This module creates the user home directory, if it does not already exist, and updates his `.ssh/authorized_keys' file with the keys from the LDAP database. * pam_umotd Pam_umotd displays a user-specific message of the day. The text can be taken either from a disk file, or read from the standard output of a program launched for that purpose. This module is Linux-specific. * Bugfixes ** pam_fshadow made reentrant Version 1.7, 2011-04-08 * Allow for use of `CALL proc' in MySQL queries. * Minor bugfixes in pamck. Version 1.6, 2009-02-25 * pamck Pamck is a command line utility for checking PAM authentication and other management groups. E.g.: pamck -s login smith attempts to authenticate user `smith' using PAM service name `login'. Version 1.5, 2009-02-17 * Configure New command line options: --disable-fshadow --disable-log --disable-regex Improved autodetection of MySQL and PostgreSQL libraries. Missing prerequisites for any module cause disabling of that module, but the configuration process continues. Version 1.4, 2008-03-20 * pam_mysql and pam_pgsql ** Session management Session management is implemented for both modules. Session management queries are `session-start-query' and `session-stop-query'. ** Variable expansion in configuration file. Old style of variable expansion has been dropped. The `$name' notation is used instead. To convert your old configuration files, replace %u with $user, and %p with $password. ** setenv-query This new query allows to store arbitrary data in PAM environment. Version 1.3, 2008-03-15 * pam_mysql and pam_pgsql ** Configuration file syntax Long statements can be split over several lines by placing '\' character at the end of each line. ** ldap passwords Both modules understand passwords in LDAP form. A special configuration file statement `allow-ldap-pass' is provided to control this feature. By default, `allow-ldap-pass yes' is assumed. Version 1.2, 2008-03-14 * Several fixes in debugging code and pam_mysql, pam_pgsql modules. * pam_fshadow By default extended regular expressions are used. * pam_regex transform=expr New command line option `transform' allows to rewrite user names. Version 1.1, 2007-08-11 * pam_fshadow allows to use virtual domains to specify alternate password databases. New options: regex, basic, extended, ignore-case, icase and revert-index. * pam_regex: ignore-case can be used as an alias to icase. * New modules pam_log Log arbitrary data pam_mysql Authenticate using a MySQL database pam_pgsql Authenticate using a PostgreSQL database Version 1.0 Added documentation, improved configuration suite. Version 0.1 Initial release. See README for short description. ^L ========================================================================= Copyright information: Copyright (C) 2001, 2004-2005, 2007-2015 Sergey Poznyakoff Permission is granted to anyone to make or distribute verbatim copies of this document as received, in any medium, provided that the copyright notice and this permission notice are preserved, thus giving the recipient permission to redistribute in turn. Permission is granted to distribute modified versions of this document, or of portions of it, under the above conditions, provided also that they carry prominent notices stating who last changed them. Local variables: mode: outline paragraph-separate: "[ ]*$" eval: (add-hook 'write-file-hooks 'time-stamp) time-stamp-start: "changes. " time-stamp-format: "%:y-%02m-%02d" time-stamp-end: "\n" end: