Arthur de Jong

Open Source / Free Software developer

Release 0.8.4 of nss-pam-ldapd


This is an update for the 0.8 series that includes a number of fixes, new features and a few backwards incompatible changes. The 0.8 series remains in development mode and several more bigger changes, enhancements and new features are planned. Users that require a stable release are encouraged to stay with 0.7 until 0.8 stabilises.

A summary of the changes since 0.8.3:
  • switch to using the member attribute by default instead of uniqueMember (backwards incompatible change)
  • only return "x" as a password hash when the object has the shadowAccount objectClass and nsswitch.conf is configured to do shadow lookups using LDAP (this avoids some problems with pam_unix)
  • fix problem with partial attribute name matches in DN (thanks Timothy White)
  • fix a problem with objectSid mappings with recent versions of OpenLDAP (patch by Wesley Mason)
  • set the socket timeout in a connection callback to avoid timeout issues during the SSL handshake (patch by Stefan Völkel)
  • check for unknown variables in pam_authz_search
  • only check password expiration when authenticating, only check account expiration when doing authorisation
  • make buffer sizes consistent and grow all buffers holding string representations of numbers to be able to hold 64-bit numbers
  • update AX_PTHREAD from autoconf-archive
  • support querying DNS SRV records from a different domain than the current one (based on a patch by James M. Leddy)
  • fix a problem with uninitialised memory while parsing the tls_ciphers option
  • implement bounds checking of numeric values read from LDAP (patch by Jakub Hrozek)
  • correctly support large uid and gid values from LDAP (patch by Jakub Hrozek)
  • improvements to the configure script (patch by Jakub Hrozek)
  • Debian packaging improvements

Get this release from the downloads section.