1 $Id: ChangeLog,v 1.204 2005/08/17 22:35:03 lukeh Exp $
2 ===============================================================
4 180 Luke Howard <lukeh@padl.com>
6 * from Peter Marschall <peter@adpm.de>:
7 manual page installation fix
8 * fix for BUG#210: use start_tls on referrals if
10 * when handling new password policy control, only
11 fall through to account management module if a
12 policy error was returned (CERT VU#778916)
14 179 Luke Howard <lukeh@padl.com>
16 * more manual page updates
18 178 Luke Howard <lukeh@padl.com>
22 177 Luke Howard <lukeh@padl.com>
24 * fix for BUG#188: better documentation for OpenLDAP
28 176 Luke Howard <lukeh@padl.com>
30 * fix for compilation with Netscape SDK
32 175 Luke Howard <lukeh@padl.com>
34 * fix BUG#182: don't send old password in exop
35 password change unless pam_password is exop_send_old
37 174 Luke Howard <lukeh@padl.com>
39 * fix typo s/intereact/interact
41 173 Luke Howard <lukeh@padl.com>
43 * s/pam_sasl_mechanism/pam_sasl_mech/ for
44 consistency with OpenLDAP ldap.conf
46 172 Luke Howard <lukeh@padl.com>
48 * preliminary SASL bind support
50 171 Luke Howard <lukeh@padl.com>
52 * use correct AIX link flags even if --with-ldap-dir
55 170 Luke Howard <lukeh@padl.com>
57 * sync ldap.conf with nss_ldap
60 169 Luke Howard <lukeh@padl.com>
62 * include password policy schema file
63 * preliminary support for
64 draft-behera-ldap-password-policy-07.txt
66 168 Luke Howard <lukeh@padl.com>
68 * define LDAP_DEPRECATED for compiling with
70 * send old password when calling password change
71 extended operation: if the password had expired
72 the user may not be bound and so relying on the
73 LDAP connection to be authenticated is unwise
75 167 Luke Howard <lukeh@padl.com>
77 * fix compilation error on Solaris 9
79 166 Luke Howard <lukeh@padl.com>
81 * fix signed/unsigned comparison issues
82 * merge in LDAP debug patch from Howard Chu
83 * fix BUG#126 (updating shadowLastChange)
85 165 Luke Howard <lukeh@padl.com>
88 * don't set LDAP_OPT_X_TLS_REQUIRE_CERT if not specified
91 164 Luke Howard <lukeh@padl.com>
93 * fix typo in ldapns.schema (!)
95 163 Luke Howard <lukeh@padl.com>
97 * fix typo in authorizedService patch
98 * add ldapns.schema for authorizedServiceObject and
101 162 Luke Howard <lukeh@padl.com>
103 * support for service-based authorization
104 (based on patch from Manon Goo)
105 * add ignore_authinfo_unavail flag
106 * pam_filter works again
108 161 Luke Howard <lukeh@padl.com>
110 * fix from Thorsten Kukuk (SuSE) to handle scope-less
111 nss_base_passwd configuration
113 160 Luke Howard <lukeh@padl.com>
115 * AD password change fix
116 * fix from Thorsten Kukuk (SuSE) to handle aborted
119 159 Luke Howard <lukeh@padl.com>
121 * updated version information
123 158 Luke Howard <lukeh@padl.com>
125 * support for multiple service search descriptors from
128 157 Luke Howard <lukeh@padl.com>
130 * BUG#120 feature: pam_password_prohibit_message
132 * removed static function prototypes from pam_ldap.h
135 156 Luke Howard <lukeh@padl.com>
139 155 Luke Howard <lukeh@padl.com>
141 * proper for for non-experimental password change exop;
142 broke compiling with older SDKs
144 154 Luke Howard <lukeh@padl.com>
147 * PWEXPIRED fix from Howard Chu
149 153 Luke Howard <lukeh@padl.com>
151 * support non-experimental password change exop
152 * patch from Howard Chu to use linker grouping on
155 152 Luke Howard <lukeh@padl.com>
157 * fix build breakage with OpenLDAP HEAD
159 151 Luke Howard <lukeh@padl.com>
162 * import dlfcn.h on Solaris with Netscape SDK
163 * export required symbols only on Linux, HP-UX, Darwin
165 150 Luke Howard <lukeh@padl.com>
167 * added depcomp for new automake
169 149 Luke Howard <lukeh@padl.com>
172 * alias for RACF password changing
173 * use LDAP_MOD_ADD when changing NDS passwords rather
174 than LDAP_MOD_REPLACE; NDS documentation indicates
175 that this should work, and this is required for RACF.
176 * BUG#101: should build with recent automake/autoconf
178 148 Luke Howard <lukeh@padl.com>
180 * check for Netscape SDK without SSL; don't require
183 147 Luke Howard <lukeh@padl.com>
185 * make shadow.lstchg default -1 to not force
186 password change when now shadow information present
188 146 Luke Howard <lukeh@padl.com>
190 * fix for BUG#91 / Debian Bug #144175: adhere to
191 convention of the last change of the password being
192 on the Unix Epoch implying a forced password change,
193 and fix error propagation with expiring passwords
195 145 Luke Howard <lukeh@padl.com>
197 * patch for building on OpenLDAP 1.x from Nalin
200 144 Luke Howard <lukeh@padl.com>
202 * avoid use of temporary variable when reporting
203 non-existent configuration file; fix for local
204 format string vulnerability reported at:
205 http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0053.html
206 * log correct configuration file name when reporting
207 missing "host" directive
209 143 Luke Howard <lukeh@padl.com>
211 * specify runtime path for LDAP library correctly to
212 native Solaris linker
214 142 Luke Howard <lukeh@padl.com>
216 * use native linker on Solaris
218 141 Luke Howard <lukeh@padl.com>
220 * support for headers in /usr/include/pam (Darwin)
221 * integrated fix for BUG#79
223 140 Luke Howard <lukeh@padl.com>
225 * further fix for recall #8362: do not turn
226 all users into template users
228 139 Luke Howard <lukeh@padl.com>
230 * fix for recall #8362: support template users
231 when try_first_pass succeeds
233 138 Luke Howard <lukeh@padl.com>
235 * when flushing cached session data, check to see
236 whether the application has requested a different
237 configuration file due to a changed service
239 137 Luke Howard <lukeh@padl.com>
241 * treat exceeded time and size limits as a successful
242 return code; we may still have a single entry back.
243 * BUG#77: make configuration file paths configurable
245 136 Luke Howard <lukeh@padl.com>
247 * module stack fixes from Thorsten Kukuk
249 135 Luke Howard <lukeh@padl.com>
251 * revert UID check to getuid() per patch from
254 134 Luke Howard <lukeh@padl.com>
256 * per suggest from Bill Welliver, check for
257 effective UID being 0, not real UID
258 * added ber_free() after ber_flatten() in
259 extended operation password changing code
261 133 Luke Howard <lukeh@padl.com>
263 * Patch from Ed Golden for group_dn: set error
266 132 Luke Howard <lukeh@padl.com>
268 * Patch from Bob Guo to discard trailing whitespace
269 in configuration file
271 131 Luke Howard <lukeh@padl.com>
273 * allow "*" wildcard value to be present in host
275 * added ignore_unknown_user option to all module
276 functions; if the user could not be found and this
277 option is set, PAM_IGNORE will be returned instead
280 130 Luke Howard <lukeh@padl.com>
282 * don't return PAM_AUTH_ERR for authorization errors;
283 return PAM_PERM_DENIED
284 * reverted patch in pam_ldap-114: if a user doesn't
285 exist in LDAP, pam_sm_acct_mgmt() returns
286 PAM_IGNORE, rather than PAM_SUCCESS.
287 * HEADS UP: in default configuration, disable checking
288 the host attribute. This must now be manually
289 enabled with pam_check_host_attr in ldap.conf.
290 * HEADS UP: if checking the host attribute is
291 enabled, and a user does not have any values for
292 the host attribute, do not allow them to login.
293 This avoids the ugly situation of having to add
294 a dummy, invalid value for the host attribute for
295 users that were not allowed to login to any host.
297 129 Luke Howard <lukeh@padl.com>
299 * don't return PAM_SYSTEM_ERR for LDAP-related errors
300 * return PAM_AUTHINFO_UNAVAIL for directory-related
301 (but not configuration-related) errors so that
302 stacking modules will work properly (thanks to
303 Brian Nelson <bnelson@cis.ysu.edu> for pointing this
306 127 Luke Howard <lukeh@padl.com>
308 * fixed segfault bug if nss_base_passwd contains
309 a scope but no filter (BUG#69)
311 126 Luke Howard <lukeh@padl.com>
313 * fixed rebind prototype in pam_ldap.h for new
314 OpenLDAP client library
316 125 Luke Howard <lukeh@padl.com>
318 * added ldap.conf stanza for AIX
319 * added configurable checking host host attribute
320 (pam_check_host_attr in ldap.conf)
322 124 Luke Howard <lukeh@padl.com>
324 * note in ldap.conf that the default encryption
325 scheme for changing passwords is none (let
326 the server do it) (BUG#65)
327 * pass NULL as session handle for SSL options;
328 they are set globally
330 123 Luke Howard <lukeh@padl.com>
332 * support for new OpenLDAP rebind procedure
333 * do not try to open /etc/ldap.secret unless root
334 * use LDAP_OPT_NETWORK_TIMEOUT if available
336 122 Luke Howard <lukeh@padl.com>
338 * make buildable with Sun's C compiler
340 121 Luke Howard <lukeh@padl.com>
342 * escape username only, not entire filter
344 120 Luke Howard <lukeh@padl.com>
346 * escape search filter to avoid wildcards etc
347 * put prototypes back in, where did they go?
349 119 Luke Howard <lukeh@padl.com>
351 * with password change exop, use bind password not encoded
352 old password for old password
353 * added --disable-ssl option to configure for Debian
354 * patch from Helmut Wirth <wirth@bison-soft.de> to allow
355 only a URI to be specified.
356 * only set SSL options if we have values for those options
358 118 Luke Howard <lukeh@padl.com>
360 * in _set_ssl_options(), apply the options actually to
361 the current session not a NULL pointer (which apparently
362 worked with ldap_pvt_tls_set_option())
364 117 Luke Howard <lukeh@padl.com>
366 * do not strdup a NULL pointer if we are root
367 when changing passwords
369 116 Luke Howard <lukeh@padl.com>
371 * make sure old authentication token is zeroed
372 out before freeing (now that we are storing the
373 old authentication token privately)
375 115 Luke Howard <lukeh@padl.com>
377 * fix for updating passwords (consistent for Linux/Solaris)
379 114 Luke Howard <lukeh@padl.com>
381 * patch from Brian Nelson <bnelson@cis.ysu.edu>; if
382 a user doesn't exist in LDAP, then make pam_sm_acct_mgmt()
384 * another patch for correctly updating passwords on
385 Solaris (which doesn't do preliminary password changing
386 the same was as Linux-PAM)
388 113 Luke Howard <lukeh@padl.com>
390 * don't use ldap_pvt_tls_set_option(); it is private API
392 112 Luke Howard <lukeh@padl.com>
396 111 Luke Howard <lukeh@padl.com>
398 * further patch from Tero to fix chfn/chsh
399 * further patch from Jarkko for TLS/SSL using
400 OpenLDAP: support for LDAPS, cipher suite
401 selection, client key/cert authentication
403 110 Luke Howard <lukeh@padl.com>
405 * build on Mac OS X FCS; configure --libdir=/Library
406 (this will only work properly on HFS+ volumes)
408 109 Luke Howard <lukeh@padl.com>
410 * patch from Tero Pelander <tpeland@tkukoulu.fi> for
411 testing scope in nss_base_passwd
412 * patch from Jarkko Turkulainen <jt@wapit.com> for client
413 side certificate support
415 108 Luke Howard <lukeh@padl.com>
417 * patch from Thorsten Kukuk <kukuk@suse.de>:
418 The problem: pam_ldap does not abort in the second
419 pam_sm_chauthtok call, if we really change the password
420 and the user does not exist in the LDAP database (tested
421 with pam_ldap-105 and pam_ldap-107).
423 107 Luke Howard <lukeh@padl.com>
425 * s/HAVE_LDAP_SET_REBIND_PROC_ARGS/LDAP_SET_REBIND_PROC_ARGS/
426 (typo causing prototype mismatch)
428 106 Luke Howard <lukeh@padl.com>
431 * cleaned up some warnings with older client
434 105 Luke Howard <lukeh@padl.com>
436 * check for HAVE_LDAP_{SET,GET}_OPTION always
438 104 Luke Howard <lukeh@padl.com>
440 * check for ldap_set_option(), as LDAP_OPT_REFERRALS
441 is defined for OpenLDAP 1.x but without the
442 ldap_set_option() function
444 103 Luke Howard <lukeh@padl.com>
446 * patch from Thomas Noel to handle shadow
449 102 Luke Howard <lukeh@padl.com>
451 * define macros LDAP_OPT_{OFF,ON} if
453 * make SECSPERDAY 86400LL
455 101 Luke Howard <lukeh@padl.com>
457 * fix uninitialized variable
458 * retrieve password policy on actual password
459 change, may not have been done if we were root.
461 100 Luke Howard <lukeh@padl.com>
463 * use -rpath on all platforms except Solaris,
466 99 Luke Howard <lukeh@padl.com>
468 * use -shared not --shared
469 * compile with -DPIC on FreeBSD
471 98 Luke Howard <lukeh@padl.com>
475 97 Luke Howard <lukeh@padl.com>
477 * %configure -> ./configure
479 96 Luke Howard <lukeh@padl.com>
481 * put some meaningful content in AUTHORS
482 * new spec file from Joe Little
484 95 Luke Howard <lukeh@padl.com>
486 * add files for automake happiness
488 94 Luke Howard <lukeh@padl.com>
490 * default to LDAP protocol version 3
491 * documented exop in README
492 * link on Solaris with -M mapfile
493 * Solaris link with -Wl; will work with
495 * use sysconfdir, not etcdir
497 93 Luke Howard <lukeh@padl.com>
499 * made PAM_CLEAR the default for pam_password,
500 as was originally the case. Don't break
501 existing configurations!
503 92 Luke Howard <lukeh@padl.com>
505 * support for OpenLDAP password change extended
506 operation, if available. Enable with
512 91 Luke Howard <lukeh@padl.com>
514 * centralized authtok update code. The pam_crypt,
515 pam_ad_passwd, and pam_nds_passwd configuration
516 file keys are deprecated; instead the following
517 configuration file key will be used:
519 pam_password [clear|crypt|md5|nds|ad]
521 See README for more information. (NB: The
522 pam_crypt will continue to work so as to not
523 compromise existing deployments.)
525 90 Luke Howard <lukeh@padl.com>
527 * support for correct rebind function prototype
530 89 Luke Howard <lukeh@padl.com>
532 * support for connection timeout in Netscape SDK
534 88 Luke Howard <lukeh@padl.com>
536 * support for "referrals" and "restart" in
538 * don't use ldap_perror() for logging TLS errors
539 * optionally get scope/filter from
540 "nss_base_passwd" value
541 * accept on/yes/true for boolean configuration
544 87 Luke Howard <lukeh@padl.com>
546 * support for "timelimit" and "bind_timelimit" in
548 * use "nss_base_passwd" for search base preferentially
550 * fixed code order bug in setting TLS option;
551 introduced by patch in pam_ldap-86
553 86 Luke Howard <lukeh@padl.com>
555 * patches from Norbert Klasen:
556 * activate either Start TLS or LDAPS with
557 OpenLDAP 2.x using "ssl start_tls" or
558 "ssl yes" respectively in ldap.conf
559 * Active Directory password changing
561 85 Luke Howard <lukeh@padl.com>
563 * patches from David Begley:
564 * note about using --with-ldap-lib=netscape4
565 * patch to configure (regenerated from configure.in)
566 * note about using gnumake
567 * linking with lib{plc,plds,nspr}3 libraries for
569 * use -G not --shared when building shared
572 84 Luke Howard <lukeh@padl.com>
574 * fixed typo in pam_ldap.c
576 83 Luke Howard <lukeh@padl.com>
578 * patch from nalin@redhat.com for StartTLS,
581 * patch from David Begley to check for netscape4.1 lib
583 82 Luke Howard <lukeh@padl.com>
585 * s/conffile/config; forgot to patch properly
587 81 Luke Howard <lukeh@padl.com>
589 * use MAXPATHLEN instead of PATH_MAX; pam_ldap-80
592 80 Luke Howard <lukeh@padl.com>
594 * added support for configurable configuration files;
595 you can now specify an alternate configuration file
596 using the config= parameter in pam.conf. This patch
597 was provided by scremer@dohle.com
598 * added Solaris-specific linker flag patch from
601 79 Luke Howard <lukeh@padl.com>
603 * updated shipables for RC
605 78 Luke Howard <lukeh@padl.com>
607 * updated prebuild step for RC
609 77 Luke Howard <lukeh@padl.com>
611 * renamed _authenticate() to _do_authentication()
612 to avoid name conflict with ONC RPC headers
614 76 Luke Howard <lukeh@padl.com>
616 * fixes to configure from David Begley;
617 detect LDAP client libraries properly
618 * fix to Makefile.am from David Begley;
619 don't delete nss_ldap library on uninstall
621 75 Luke Howard <lukeh@padl.com>
623 * updated README with Solaris crypt(3) FAQ
625 74 Luke Howard <lukeh@padl.com>
627 * fixed support for NDS password changing,
628 from Petr Olivka <Petr.Olivka@vsb.cz>
630 73 Luke Howard <lukeh@padl.com>
632 * added support for OpenLDAP start TLS, from
633 Alex Schlessinger <alex@hq.workspot.com>
635 72 Luke Howard <lukeh@padl.com>
637 * added nasty_ssl_hack() constructor; this
638 dlopens ourself so that we always remain
639 loaded, and ssl_initialized is set across
640 invocations of PAM. Probably the path should
641 not be hardcoded but sourced from config.h.
643 71 Luke Howard <lukeh@padl.com>
645 * call ldapssl_client_init() once only (this doesn't
646 have the desired effect because PAM unloads the
647 library after pam_end() is called)
649 70 Luke Howard <lukeh@padl.com>
651 * in rebind proc, check session->info != NULL
652 * in rebind proc, check {user,bind}{dn,pw} != NULL
654 68 Luke Howard <lukeh@padl.com>
656 * initialize tmplattr/tmpluser fields
658 67 Luke Howard <lukeh@padl.com>
660 * check _authenticate() return code before setting
663 66 Luke Howard <lukeh@padl.com>
665 * ypldapd locator support is now a configure option
667 65 Luke Howard <lukeh@padl.com>
669 * set shadowLastChange silently (allow it to fail)
671 64 Luke Howard <lukeh@padl.com>
673 * more consistent log messages (removed brackets)
674 * set uid to nobody if unreadable from directory
675 * support template users so users can login with
676 a name without a local POSIX account.
677 * PAM_AUTHTOK_RECOVERY_ERR (not ...RECOVER_ERR)
680 63 Luke Howard <lukeh@padl.com>
682 * return PAM_MAXTRIES if number of tries exceeded
684 62 Luke Howard <lukeh@padl.com>
686 * new spec file from Dan Berry
688 61 Luke Howard <lukeh@padl.com>
690 * patch from norbert.klasen@zdv.uni-tuebingen.de (bug);
691 was logging plaintext password in pam_ldap.c
692 * log pam_strerror() not integer status code
694 60 Luke Howard <lukeh@padl.com>
696 * patch from Jungle Lin@judicial.gov.tw to fix
697 logic bug in pam_sm_chauthtok()
699 59 Luke Howard <lukeh@padl.com>
701 * fixed some assumptions in chsh/chfn, need to look
702 further at this though
704 58 Tom Lear <tom@trap.mtview.ca.us>
706 * Debian bug #64217: remove redunant code in pam_ldap.c
707 * Debian bug #64220: add minuid and maxuid parameters
708 * Debian bug #65295: chsh/chfn implementation
710 55 Doug Nazar <nazard@dragoninc.on.ca>
714 * rebind support for openldap
715 * async ldap calls for bind
716 * use_authtok support
717 * autoconf/automake support
719 51 Luke Howard <lukeh@padl.com>
723 50 Luke Howard <lukeh@padl.com>
725 * more patches from Scott Balneaves
726 * use PAM_NEW_AUTHTOK_REQD instead of PAM_AUTHTOK_REQD
727 * return PAM_SUCCESS for pam_sm_open_session()
728 * reorganization of shadow code
730 49 Luke Howard <lukeh@padl.com>
732 * more patches from Scott Balneaves; now just check
733 for shadow expiry date rather than shadowAccount
735 * added deref parameter to ldap.conf for parity with
738 48 Luke Howard <lukeh@padl.com>
740 * added patch from Scott Balneaves <sbalneav@legalaid.mb.ca>
741 to read shadowAccount attributes
743 47 Luke Howard <lukeh@padl.com>
745 * removed _connect_anonymously() clause when updating
748 46 Luke Howard <lukeh@padl.com>
750 * incorporated new spec file
752 44 Luke Howard <lukeh@padl.com>
754 * incorporated patch for shadowLastChange attribute
756 40 Luke Howard <lukeh@padl.com>
758 * added support for NDSv8 password changing
759 (this is experimental)
761 39 Luke Howard <lukeh@padl.com>
763 * added some comments in Make.defs about different
766 38 Luke Howard <lukeh@padl.com>
768 * fixed typo in pam.d/ssh
770 37 Luke Howard <lukeh@padl.com>
772 * merged in BUG#37 branch
773 * added Makefile.freebsd
775 36.BZ37.6 Luke Howard <lukeh@padl.com>
777 * updated ChangeLog (this file)
779 36.BZ37.5 Luke Howard <lukeh@padl.com>
781 * included FreeBSD porting fixes
783 36.BZ37.4 Luke Howard <lukeh@padl.com>
785 * send user credentials of bound_as_user is
786 set, rather than if userpw != NULL
788 36.BZ37.3 Luke Howard <lukeh@padl.com>
790 * drop userpw if it is already set
792 36.BZ37.2 Luke Howard <lukeh@padl.com>
794 * fixed reordered include to compile properly
796 36.BZ37.1 Luke Howard <lukeh@padl.com>
798 * patch release with possible fix for BUG#37, where
799 user credentials were not being forwarded to
800 referred servers (whilst password changing)
802 36 Luke Howard <lukeh@padl.com>
804 * added -lresolv to library search path
805 * incorporated stein@terminator.net's patches for RPM
808 35 Luke Howard <lukeh@padl.com>
810 * put /usr/ucblib back in linker search path on Solaris
812 33 Luke Howard <lukeh@padl.com>
814 * fixed pam_ldap.c to support compiling against an API
815 which conforms to draft-ietf-ldapext-ldap-c-api-02.txt.
816 Should make it easier to work with OpenLDAP 2. Netscape
817 specific extensions are guarded with NETSCAPE_API_EXTENSIONS.
819 30 Luke Howard <lukeh@padl.com>
821 * fixed Make.defs for linking against OpenLDAP libldap
825 28 Luke Howard <lukeh@padl.com>
827 * added patch from gero@faveve.uni-stuttgart.de for
828 parsing of ldap.conf with tabs
829 * various patches hopefully to get SSL to work
831 27 Luke Howard <lukeh@padl.com>
833 * fix for recall 256: free() smasher
835 26 Luke Howard <lukeh@padl.com>
837 * added commented out flags for non-V3 SDKs
839 25 Luke Howard <lukeh@padl.com>
841 * removed ucblib search path
843 24 Luke Howard <lukeh@padl.com>
845 * compile with -D_REENTRANT and link against -lpthread
846 to satisfy dependancies in libldapssl30. (BUG#7)
848 23 Luke Howard <lukeh@padl.com>
850 * no longer use LDAP_VERSION3 to select API
853 21 Luke Howard <lukeh@padl.com>
855 * added rebind function
856 * various stuff for RC added
857 * broke out makefiles
858 * ldap.conf keys case-insensitive for compat with
861 17 Luke Howard <lukeh@padl.com>
863 * force users to change passwords if their account has
865 * updated mapfile for Solaris
867 14 Luke Howard <lukeh@padl.com>
869 * fall back to /etc/ldap.conf if ypldapd is configured
870 for configuration lookup
873 13 Luke Howard <lukeh@padl.com>
875 * added -lcrypt for Linux
877 12 Luke Howard <lukeh@padl.com>
879 * Use ldap_open() for V2 as ldap_init() doesn't work
880 * Support hashing passwords locally for UMich crypt
882 * Tested against Microsoft Exchange Server
883 * Fixed some errors in ldap.conf and mapfile
885 11 Luke Howard <lukeh@padl.com>
887 * Added support for group membership as in Chris'
888 pam_ldap_auth module; see the pam_groupdn and
889 pam_group_attribute configuration keys.
890 * Changed pam_attribute to pam_login_attribute to
891 avoid confusion with pam_group_attribute.
892 * Support Netscape password expiration controls
893 * Avoid authenticating users with empty passwords,
894 even if the directory server does
895 * Fill in pam_sm_{open,close}_session for completeness
896 (they return PAM_IGNORE)
898 10 Luke Howard <lukeh@padl.com>
900 * tested with Linux-PAM 0.57
901 * made all functions static
903 * LDAP connections can be persistent over an entire PAM
904 session through the use of pam_set_data() and
908 9 Luke Howard <lukeh@padl.com>
910 * first publically available version.