Release 0.8.4 of nss-pam-ldapd
2011-09-04
This is an update for the 0.8 series that includes a number of fixes,
new features and a few backwards incompatible changes.
The 0.8 series remains in development mode and several
more bigger changes, enhancements and new features are planned.
Users that require a stable release are encouraged to stay with 0.7 until
0.8 stabilises.
A summary of the changes since 0.8.3:
- switch to using the member attribute by default instead of
uniqueMember (backwards incompatible change)
- only return "x" as a password hash when the object has the
shadowAccount objectClass and nsswitch.conf is
configured to do shadow lookups using LDAP (this avoids some problems
with pam_unix)
- fix problem with partial attribute name matches in DN (thanks Timothy
White)
- fix a problem with objectSid mappings with recent versions of
OpenLDAP (patch by Wesley Mason)
- set the socket timeout in a connection callback to avoid timeout
issues during the SSL handshake (patch by Stefan Völkel)
- check for unknown variables in
pam_authz_search
- only check password expiration when authenticating, only check account
expiration when doing authorisation
- make buffer sizes consistent and grow all buffers holding string
representations of numbers to be able to hold 64-bit numbers
- update AX_PTHREAD from autoconf-archive
- support querying DNS SRV records from a different domain than the
current one (based on a patch by James M. Leddy)
- fix a problem with uninitialised memory while parsing the
tls_ciphers
option
- implement bounds checking of numeric values read from LDAP (patch by
Jakub Hrozek)
- correctly support large uid and gid values from LDAP (patch by Jakub
Hrozek)
- improvements to the configure script (patch by Jakub Hrozek)
- Debian packaging improvements
Get this release from the downloads section.