Arthur de Jong

Open Source / Free Software developer

Release 0.8.1 of nss-pam-ldapd

2011-03-10 security update

This is an update for the 0.8 series that fixes a security problem that allows authentication for users not in LDAP. See the advisory and the news item for details.
The CVE project has assigned CVE-2011-0438 to this problem.

This release remains a development release and is expected to undergo more active development. Users that require a stable release are encouraged to stay with 0.7 until 0.8 stabilises.
This development release also includes some new features, FreeBSD support and more work done on the Python implementation of nslcd.

A summary of the changes since 0.8.0:
  • properly handle user-not-found errors when doing authentication
  • include a file that was missing for Solaris support
  • add FreeBSD support, partially imported from the FreeBSD port (thanks to Jacques Vidrine, Artem Kazakov and Alexander V. Chernikov)
  • document how to replace pam_check_service_attr and pam_check_host_attr options in PADL's pam_ldap with pam_authz_search in nss-pam-ldapd
  • implement a fqdn variable that can be used in pam_authz_search filters
  • create the directory to hold the socket and pidfile on startup
  • implement host, network and netgroup support in pynslcd

Get this release from the downloads section.