2011-09-04: release 0.8.4 of nss-pam-ldapd
This is an update for the 0.8 series that includes a number of fixes, new features and a few backwards incompatible changes. The 0.8 series remains in development mode and several more bigger changes, enhancements and new features are planned. Users that require a stable release are encouraged to stay with 0.7 until 0.8 stabilises.
A summary of the changes since 0.8.3:- switch to using the member attribute by default instead of uniqueMember (backwards incompatible change)
- only return "x" as a password hash when the object has the shadowAccount objectClass and nsswitch.conf is configured to do shadow lookups using LDAP (this avoids some problems with pam_unix)
- fix problem with partial attribute name matches in DN (thanks Timothy White)
- fix a problem with objectSid mappings with recent versions of OpenLDAP (patch by Wesley Mason)
- set the socket timeout in a connection callback to avoid timeout issues during the SSL handshake (patch by Stefan Völkel)
- check for unknown variables in pam_authz_search
- only check password expiration when authenticating, only check account expiration when doing authorisation
- make buffer sizes consistent and grow all buffers holding string representations of numbers to be able to hold 64-bit numbers
- update AX_PTHREAD from autoconf-archive
- support querying DNS SRV records from a different domain than the current one (based on a patch by James M. Leddy)
- fix a problem with uninitialised memory while parsing the tls_ciphers option
- implement bounds checking of numeric values read from LDAP (patch by Jakub Hrozek)
- correctly support large uid and gid values from LDAP (patch by Jakub Hrozek)
- improvements to the configure script (patch by Jakub Hrozek)
- Debian packaging improvements
Get this release from the downloads section.