2013.10.24

[uclinux-h8/uClinux-dist.git] / user / pam_ldap / ChangeLog

$Id: ChangeLog,v 1.204 2005/08/17 22:35:03 lukeh Exp $
===============================================================

180     Luke Howard <lukeh@padl.com>

        * from Peter Marschall <peter@adpm.de>:
          manual page installation fix
        * fix for BUG#210: use start_tls on referrals if
          configured to do so
        * when handling new password policy control, only
          fall through to account management module if a
          policy error was returned (CERT VU#778916)

179     Luke Howard <lukeh@padl.com>

        * more manual page updates

178     Luke Howard <lukeh@padl.com>

        * manual page updates

177     Luke Howard <lukeh@padl.com>

        * fix for BUG#188: better documentation for OpenLDAP
          SSL options
        * add manual page

176     Luke Howard <lukeh@padl.com>

        * fix for compilation with Netscape SDK

175     Luke Howard <lukeh@padl.com>

        * fix BUG#182: don't send old password in exop
          password change unless pam_password is exop_send_old

174     Luke Howard <lukeh@padl.com>

        * fix typo s/intereact/interact

173     Luke Howard <lukeh@padl.com>

        * s/pam_sasl_mechanism/pam_sasl_mech/ for
          consistency with OpenLDAP ldap.conf

172     Luke Howard <lukeh@padl.com>

        * preliminary SASL bind support

171     Luke Howard <lukeh@padl.com>

        * use correct AIX link flags even if --with-ldap-dir
          is not specified

170     Luke Howard <lukeh@padl.com>

        * sync ldap.conf with nss_ldap
        * AIX 5.2 port

169     Luke Howard <lukeh@padl.com>

        * include password policy schema file
        * preliminary support for
          draft-behera-ldap-password-policy-07.txt

168     Luke Howard <lukeh@padl.com>

        * define LDAP_DEPRECATED for compiling with
          OpenLDAP 2.2
        * send old password when calling password change
          extended operation: if the password had expired
          the user may not be bound and so relying on the
          LDAP connection to be authenticated is unwise

167     Luke Howard <lukeh@padl.com>

        * fix compilation error on Solaris 9

166     Luke Howard <lukeh@padl.com>

        * fix signed/unsigned comparison issues
        * merge in LDAP debug patch from Howard Chu
        * fix BUG#126 (updating shadowLastChange)

165     Luke Howard <lukeh@padl.com>

        * fix BUG#142
        * don't set LDAP_OPT_X_TLS_REQUIRE_CERT if not specified
          in configuration file

164     Luke Howard <lukeh@padl.com>

        * fix typo in ldapns.schema (!)

163     Luke Howard <lukeh@padl.com>

        * fix typo in authorizedService patch
        * add ldapns.schema for authorizedServiceObject and
          hostObject

162     Luke Howard <lukeh@padl.com>

        * support for service-based authorization
          (based on patch from Manon Goo)
        * add ignore_authinfo_unavail flag
        * pam_filter works again

161     Luke Howard <lukeh@padl.com>

        * fix from Thorsten Kukuk (SuSE) to handle scope-less
          nss_base_passwd configuration

160     Luke Howard <lukeh@padl.com>

        * AD password change fix
        * fix from Thorsten Kukuk (SuSE) to handle aborted
          password changes

159     Luke Howard <lukeh@padl.com>

        * updated version information

158     Luke Howard <lukeh@padl.com>

        * support for multiple service search descriptors from
          Symas

157     Luke Howard <lukeh@padl.com>

        * BUG#120 feature: pam_password_prohibit_message
        * fix for BUG#105
        * removed static function prototypes from pam_ldap.h
        * check for libnsl

156     Luke Howard <lukeh@padl.com>

        * fix for bug #119

155     Luke Howard <lukeh@padl.com>

        * proper for for non-experimental password change exop;
          broke compiling with older SDKs

154     Luke Howard <lukeh@padl.com>

        * fix for bug #115
        * PWEXPIRED fix from Howard Chu

153     Luke Howard <lukeh@padl.com>

        * support non-experimental password change exop
        * patch from Howard Chu to use linker grouping on
          Solaris

152     Luke Howard <lukeh@padl.com>

        * fix build breakage with OpenLDAP HEAD

151     Luke Howard <lukeh@padl.com>

        * HP-UX port
        * import dlfcn.h on Solaris with Netscape SDK
        * export required symbols only on Linux, HP-UX, Darwin

150     Luke Howard <lukeh@padl.com>

        * added depcomp for new automake

149     Luke Howard <lukeh@padl.com>

        * OS X build fix
        * alias for RACF password changing
        * use LDAP_MOD_ADD when changing NDS passwords rather
          than LDAP_MOD_REPLACE; NDS documentation indicates
          that this should work, and this is required for RACF.
        * BUG#101: should build with recent automake/autoconf

148     Luke Howard <lukeh@padl.com>

        * check for Netscape SDK without SSL; don't require
          pthreads for these

147     Luke Howard <lukeh@padl.com>

        * make shadow.lstchg default -1 to not force
          password change when now shadow information present

146     Luke Howard <lukeh@padl.com>

        * fix for BUG#91 / Debian Bug #144175: adhere to
          convention of the last change of the password being
          on the Unix Epoch implying a forced password change,
          and fix error propagation with expiring passwords

145     Luke Howard <lukeh@padl.com>

        * patch for building on OpenLDAP 1.x from Nalin
          at RedHat

144     Luke Howard <lukeh@padl.com>

        * avoid use of temporary variable when reporting
          non-existent configuration file; fix for local
          format string vulnerability reported at:
 http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0053.html
        * log correct configuration file name when reporting
          missing "host" directive

143     Luke Howard <lukeh@padl.com>

        * specify runtime path for LDAP library correctly to
          native Solaris linker

142     Luke Howard <lukeh@padl.com>

        * use native linker on Solaris

141     Luke Howard <lukeh@padl.com>

        * support for headers in /usr/include/pam (Darwin)
        * integrated fix for BUG#79

140     Luke Howard <lukeh@padl.com>

        * further fix for recall #8362: do not turn
          all users into template users

139     Luke Howard <lukeh@padl.com>

        * fix for recall #8362: support template users 
          when try_first_pass succeeds

138     Luke Howard <lukeh@padl.com>

        * when flushing cached session data, check to see
          whether the application has requested a different
          configuration file due to a changed service

137     Luke Howard <lukeh@padl.com>

        * treat exceeded time and size limits as a successful
          return code; we may still have a single entry back.
        * BUG#77: make configuration file paths configurable

136     Luke Howard <lukeh@padl.com>

        * module stack fixes from Thorsten Kukuk

135     Luke Howard <lukeh@padl.com>

        * revert UID check to getuid() per patch from
          Erich Schneider
        
134     Luke Howard <lukeh@padl.com>

        * per suggest from Bill Welliver, check for
          effective UID being 0, not real UID
        * added ber_free() after ber_flatten() in 
          extended operation password changing code

133     Luke Howard <lukeh@padl.com>

        * Patch from Ed Golden for group_dn: set error
          code correctly

132     Luke Howard <lukeh@padl.com>

        * Patch from Bob Guo to discard trailing whitespace
          in configuration file

131     Luke Howard <lukeh@padl.com>

        * allow "*" wildcard value to be present in host
          attribute
        * added ignore_unknown_user option to all module
          functions; if the user could not be found and this
          option is set, PAM_IGNORE will be returned instead
          of PAM_USER_UNKNOWN

130     Luke Howard <lukeh@padl.com>

        * don't return PAM_AUTH_ERR for authorization errors;
          return PAM_PERM_DENIED
        * reverted patch in pam_ldap-114: if a user doesn't
          exist in LDAP, pam_sm_acct_mgmt() returns
          PAM_IGNORE, rather than PAM_SUCCESS.
        * HEADS UP: in default configuration, disable checking
          the host attribute. This must now be manually
          enabled with pam_check_host_attr in ldap.conf.
        * HEADS UP: if checking the host attribute is
          enabled, and a user does not have any values for
          the host attribute, do not allow them to login.
          This avoids the ugly situation of having to add
          a dummy, invalid value for the host attribute for
          users that were not allowed to login to any host.

129     Luke Howard <lukeh@padl.com>

        * don't return PAM_SYSTEM_ERR for LDAP-related errors
        * return PAM_AUTHINFO_UNAVAIL for directory-related
          (but not configuration-related) errors so that
          stacking modules will work properly (thanks to
          Brian Nelson <bnelson@cis.ysu.edu> for pointing this
          out)

127     Luke Howard <lukeh@padl.com>

        * fixed segfault bug if nss_base_passwd contains
          a scope but no filter (BUG#69)

126     Luke Howard <lukeh@padl.com>

        * fixed rebind prototype in pam_ldap.h for new
          OpenLDAP client library

125     Luke Howard <lukeh@padl.com>

        * added ldap.conf stanza for AIX
        * added configurable checking host host attribute
          (pam_check_host_attr in ldap.conf)

124     Luke Howard <lukeh@padl.com>

        * note in ldap.conf that the default encryption
          scheme for changing passwords is none (let
          the server do it) (BUG#65)
        * pass NULL as session handle for SSL options;
          they are set globally

123     Luke Howard <lukeh@padl.com>

        * support for new OpenLDAP rebind procedure
        * do not try to open /etc/ldap.secret unless root
        * use LDAP_OPT_NETWORK_TIMEOUT if available

122     Luke Howard <lukeh@padl.com>

        * make buildable with Sun's C compiler

121     Luke Howard <lukeh@padl.com>

        * escape username only, not entire filter

120     Luke Howard <lukeh@padl.com>

        * escape search filter to avoid wildcards etc
        * put prototypes back in, where did they go?

119     Luke Howard <lukeh@padl.com>

        * with password change exop, use bind password not encoded
          old password for old password
        * added --disable-ssl option to configure for Debian
        * patch from Helmut Wirth <wirth@bison-soft.de> to allow
          only a URI to be specified.
        * only set SSL options if we have values for those options

118     Luke Howard <lukeh@padl.com>

        * in _set_ssl_options(), apply the options actually to
          the current session not a NULL pointer (which apparently
          worked with ldap_pvt_tls_set_option())

117     Luke Howard <lukeh@padl.com>

        * do not strdup a NULL pointer if we are root
          when changing passwords

116     Luke Howard <lukeh@padl.com>

        * make sure old authentication token is zeroed
          out before freeing (now that we are storing the
          old authentication token privately)

115     Luke Howard <lukeh@padl.com>

        * fix for updating passwords (consistent for Linux/Solaris)

114     Luke Howard <lukeh@padl.com>

        * patch from Brian Nelson <bnelson@cis.ysu.edu>; if
          a user doesn't exist in LDAP, then make pam_sm_acct_mgmt()
          return PAM_SUCCESS
        * another patch for correctly updating passwords on
          Solaris (which doesn't do preliminary password changing
          the same was as Linux-PAM)

113     Luke Howard <lukeh@padl.com>

        * don't use ldap_pvt_tls_set_option(); it is private API

112     Luke Howard <lukeh@padl.com>

        * SSL fix

111     Luke Howard <lukeh@padl.com>

        * further patch from Tero to fix chfn/chsh
        * further patch from Jarkko for TLS/SSL using
          OpenLDAP: support for LDAPS, cipher suite
          selection, client key/cert authentication

110     Luke Howard <lukeh@padl.com>

        * build on Mac OS X FCS; configure --libdir=/Library
          (this will only work properly on HFS+ volumes)

109     Luke Howard <lukeh@padl.com>

        * patch from Tero Pelander <tpeland@tkukoulu.fi> for
          testing scope in nss_base_passwd
        * patch from Jarkko Turkulainen <jt@wapit.com> for client
          side certificate support

108     Luke Howard <lukeh@padl.com>

        * patch from Thorsten Kukuk <kukuk@suse.de>:
          The problem: pam_ldap does not abort in the second
          pam_sm_chauthtok call, if we really change the password
          and the user does not exist in the LDAP database (tested
          with pam_ldap-105 and pam_ldap-107).

107     Luke Howard <lukeh@padl.com>

        * s/HAVE_LDAP_SET_REBIND_PROC_ARGS/LDAP_SET_REBIND_PROC_ARGS/
          (typo causing prototype mismatch)

106     Luke Howard <lukeh@padl.com>

        * URI support
        * cleaned up some warnings with older client 
          libraries

105     Luke Howard <lukeh@padl.com>

        * check for HAVE_LDAP_{SET,GET}_OPTION always

104     Luke Howard <lukeh@padl.com>

        * check for ldap_set_option(), as LDAP_OPT_REFERRALS
          is defined for OpenLDAP 1.x but without the
          ldap_set_option() function

103     Luke Howard <lukeh@padl.com>

        * patch from Thomas Noel to handle shadow
          expiry properly

102     Luke Howard <lukeh@padl.com>

        * define macros LDAP_OPT_{OFF,ON} if
          not defined
        * make SECSPERDAY 86400LL

101     Luke Howard <lukeh@padl.com>

        * fix uninitialized variable
        * retrieve password policy on actual password
          change, may not have been done if we were root.

100     Luke Howard <lukeh@padl.com>

        * use -rpath on all platforms except Solaris,
          not just Linux

99      Luke Howard <lukeh@padl.com>

        * use -shared not --shared
        * compile with -DPIC on FreeBSD

98      Luke Howard <lukeh@padl.com>

        * merged ldap.conf

97      Luke Howard <lukeh@padl.com>

        * %configure -> ./configure

96      Luke Howard <lukeh@padl.com>

        * put some meaningful content in AUTHORS
        * new spec file from Joe Little

95      Luke Howard <lukeh@padl.com>

        * add files for automake happiness

94      Luke Howard <lukeh@padl.com>

        * default to LDAP protocol version 3
        * documented exop in README
        * link on Solaris with -M mapfile
        * Solaris link with -Wl; will work with
          gcc only, I think
        * use sysconfdir, not etcdir

93      Luke Howard <lukeh@padl.com>

        * made PAM_CLEAR the default for pam_password,
          as was originally the case. Don't break
          existing configurations!

92      Luke Howard <lukeh@padl.com>

        * support for OpenLDAP password change extended
          operation, if available. Enable with 

                pam_password exop

          in ldap.conf

91      Luke Howard <lukeh@padl.com>

        * centralized authtok update code. The pam_crypt,
          pam_ad_passwd, and pam_nds_passwd configuration
          file keys are deprecated; instead the following
          configuration file key will be used:

                pam_password [clear|crypt|md5|nds|ad]

          See README for more information. (NB: The
          pam_crypt will continue to work so as to not
          compromise existing deployments.)

90      Luke Howard <lukeh@padl.com>

        * support for correct rebind function prototype
          with OpenLDAP SDK

89      Luke Howard <lukeh@padl.com>

        * support for connection timeout in Netscape SDK

88      Luke Howard <lukeh@padl.com>

        * support for "referrals" and "restart" in
          ldap.conf
        * don't use ldap_perror() for logging TLS errors
        * optionally get scope/filter from 
          "nss_base_passwd" value
        * accept on/yes/true for boolean configuration
          keys

87      Luke Howard <lukeh@padl.com>

        * support for "timelimit" and "bind_timelimit" in 
          ldap.conf
        * use "nss_base_passwd" for search base preferentially
          to "base"
        * fixed code order bug in setting TLS option;
          introduced by patch in pam_ldap-86

86      Luke Howard <lukeh@padl.com>

        * patches from Norbert Klasen:
        * activate either Start TLS or LDAPS with
          OpenLDAP 2.x using "ssl start_tls" or
          "ssl yes" respectively in ldap.conf
        * Active Directory password changing

85      Luke Howard <lukeh@padl.com>

        * patches from David Begley:
        * note about using --with-ldap-lib=netscape4
        * patch to configure (regenerated from configure.in)
        * note about using gnumake
        * linking with lib{plc,plds,nspr}3 libraries for
          4.1x Netscape SDK
        * use -G not --shared when building shared
          libraries on Solaris

84      Luke Howard <lukeh@padl.com>

        * fixed typo in pam_ldap.c

83      Luke Howard <lukeh@padl.com>

        * patch from nalin@redhat.com for StartTLS,
          enforce V3
        * fixed up indenting
        * patch from David Begley to check for netscape4.1 lib

82      Luke Howard <lukeh@padl.com>

        * s/conffile/config; forgot to patch properly

81      Luke Howard <lukeh@padl.com>

        * use MAXPATHLEN instead of PATH_MAX; pam_ldap-80
          failed on Solaris

80      Luke Howard <lukeh@padl.com>

        * added support for configurable configuration files;
          you can now specify an alternate configuration file
          using the config= parameter in pam.conf. This patch
          was provided by scremer@dohle.com
        * added Solaris-specific linker flag patch from
          David Begley

79      Luke Howard <lukeh@padl.com>

        * updated shipables for RC

78      Luke Howard <lukeh@padl.com>

        * updated prebuild step for RC

77      Luke Howard <lukeh@padl.com>
        
        * renamed _authenticate() to _do_authentication()
          to avoid name conflict with ONC RPC headers

76      Luke Howard <lukeh@padl.com>

        * fixes to configure from David Begley;
          detect LDAP client libraries properly
        * fix to Makefile.am from David Begley;
          don't delete nss_ldap library on uninstall

75      Luke Howard <lukeh@padl.com>

        * updated README with Solaris crypt(3) FAQ

74      Luke Howard <lukeh@padl.com>

        * fixed support for NDS password changing,
          from Petr Olivka <Petr.Olivka@vsb.cz>

73      Luke Howard <lukeh@padl.com>

        * added support for OpenLDAP start TLS, from
          Alex Schlessinger <alex@hq.workspot.com>

72      Luke Howard <lukeh@padl.com>

        * added nasty_ssl_hack() constructor; this
          dlopens ourself so that we always remain
          loaded, and ssl_initialized is set across
          invocations of PAM. Probably the path should
          not be hardcoded but sourced from config.h.

71      Luke Howard <lukeh@padl.com>

        * call ldapssl_client_init() once only (this doesn't
          have the desired effect because PAM unloads the
          library after pam_end() is called)

70      Luke Howard <lukeh@padl.com>

        * in rebind proc, check session->info != NULL
        * in rebind proc, check {user,bind}{dn,pw} != NULL

68      Luke Howard <lukeh@padl.com>

        * initialize tmplattr/tmpluser fields

67      Luke Howard <lukeh@padl.com>

        * check _authenticate() return code before setting
          template user

66      Luke Howard <lukeh@padl.com>

        * ypldapd locator support is now a configure option

65      Luke Howard <lukeh@padl.com>

        * set shadowLastChange silently (allow it to fail)

64      Luke Howard <lukeh@padl.com>

        * more consistent log messages (removed brackets)
        * set uid to nobody if unreadable from directory
        * support template users so users can login with
          a name without a local POSIX account.
        * PAM_AUTHTOK_RECOVERY_ERR (not ...RECOVER_ERR) 
          on Soalris

63      Luke Howard <lukeh@padl.com>

        * return PAM_MAXTRIES if number of tries exceeded

62      Luke Howard <lukeh@padl.com>

        * new spec file from Dan Berry

61      Luke Howard <lukeh@padl.com>

        * patch from norbert.klasen@zdv.uni-tuebingen.de (bug);
          was logging plaintext password in pam_ldap.c
        * log pam_strerror() not integer status code

60      Luke Howard <lukeh@padl.com>

        * patch from Jungle Lin@judicial.gov.tw to fix
          logic bug in pam_sm_chauthtok()

59      Luke Howard <lukeh@padl.com>

        * fixed some assumptions in chsh/chfn, need to look
          further at this though

58      Tom Lear <tom@trap.mtview.ca.us>

        * Debian bug #64217: remove redunant code in pam_ldap.c
        * Debian bug #64220: add minuid and maxuid parameters
        * Debian bug #65295: chsh/chfn implementation

55      Doug Nazar <nazard@dragoninc.on.ca>

        * md5 crypt support
        * rootbinddn support
        * rebind support for openldap
        * async ldap calls for bind
        * use_authtok support
        * autoconf/automake support

51      Luke Howard <lukeh@padl.com>

        * updated spec file

50      Luke Howard <lukeh@padl.com>

        * more patches from Scott Balneaves
        * use PAM_NEW_AUTHTOK_REQD instead of PAM_AUTHTOK_REQD
        * return PAM_SUCCESS for pam_sm_open_session()
        * reorganization of shadow code

49      Luke Howard <lukeh@padl.com>

        * more patches from Scott Balneaves; now just check
          for shadow expiry date rather than shadowAccount
          object class
        * added deref parameter to ldap.conf for parity with
          OpenLDAP

48      Luke Howard <lukeh@padl.com>

        * added patch from Scott Balneaves <sbalneav@legalaid.mb.ca>
          to read shadowAccount attributes

47      Luke Howard <lukeh@padl.com>

        * removed _connect_anonymously() clause when updating
          shadowLastChange

46      Luke Howard <lukeh@padl.com>

        * incorporated new spec file

44      Luke Howard <lukeh@padl.com>

        * incorporated patch for shadowLastChange attribute

40      Luke Howard <lukeh@padl.com>

        * added support for NDSv8 password changing
          (this is experimental)

39      Luke Howard <lukeh@padl.com>

        * added some comments in Make.defs about different
          SDKs

38      Luke Howard <lukeh@padl.com>

        * fixed typo in pam.d/ssh

37      Luke Howard <lukeh@padl.com>

        * merged in BUG#37 branch
        * added Makefile.freebsd

36.BZ37.6       Luke Howard <lukeh@padl.com>

        * updated ChangeLog (this file)

36.BZ37.5       Luke Howard <lukeh@padl.com>

        * included FreeBSD porting fixes

36.BZ37.4       Luke Howard <lukeh@padl.com>

        * send user credentials of bound_as_user is
          set, rather than if userpw != NULL

36.BZ37.3       Luke Howard <lukeh@padl.com>

        * drop userpw if it is already set

36.BZ37.2       Luke Howard <lukeh@padl.com>

        * fixed reordered include to compile properly

36.BZ37.1       Luke Howard <lukeh@padl.com>

        * patch release with possible fix for BUG#37, where
          user credentials were not being forwarded to
          referred servers (whilst password changing)

36   Luke Howard <lukeh@padl.com>

        * added -lresolv to library search path
        * incorporated stein@terminator.net's patches for RPM
          builds

35   Luke Howard <lukeh@padl.com>

        * put /usr/ucblib back in linker search path on Solaris

33   Luke Howard <lukeh@padl.com>

        * fixed pam_ldap.c to support compiling against an API
          which conforms to draft-ietf-ldapext-ldap-c-api-02.txt.
          Should make it easier to work with OpenLDAP 2. Netscape
          specific extensions are guarded with NETSCAPE_API_EXTENSIONS.

30   Luke Howard <lukeh@padl.com>

        * fixed Make.defs for linking against OpenLDAP libldap
          (recall #279)
        * more SSL stuff

28   Luke Howard <lukeh@padl.com>

        * added patch from gero@faveve.uni-stuttgart.de for
          parsing of ldap.conf with tabs
        * various patches hopefully to get SSL to work

27   Luke Howard <lukeh@padl.com>

        * fix for recall 256: free() smasher 

26   Luke Howard <lukeh@padl.com>

        * added commented out flags for non-V3 SDKs

25   Luke Howard <lukeh@padl.com>

        * removed ucblib search path

24   Luke Howard <lukeh@padl.com>

        * compile with -D_REENTRANT and link against -lpthread
          to satisfy dependancies in libldapssl30. (BUG#7)

23   Luke Howard <lukeh@padl.com>

        * no longer use LDAP_VERSION3 to select API
          (BUG#6)

21   Luke Howard <lukeh@padl.com>

        * added rebind function
        * various stuff for RC added
        * broke out makefiles
        * ldap.conf keys case-insensitive for compat with
          OpenLDAP

17   Luke Howard <lukeh@padl.com>

        * force users to change passwords if their account has
          expired
        * updated mapfile for Solaris

14   Luke Howard <lukeh@padl.com>

        * fall back to /etc/ldap.conf if ypldapd is configured
          for configuration lookup
        * fixed up pam.conf

13   Luke Howard <lukeh@padl.com>

        * added -lcrypt for Linux

12   Luke Howard <lukeh@padl.com>

        * Use ldap_open() for V2 as ldap_init() doesn't work
        * Support hashing passwords locally for UMich crypt
          patched server
        * Tested against Microsoft Exchange Server
        * Fixed some errors in ldap.conf and mapfile

11   Luke Howard <lukeh@padl.com>

        * Added support for group membership as in Chris'
          pam_ldap_auth module; see the pam_groupdn and
          pam_group_attribute configuration keys.
        * Changed pam_attribute to pam_login_attribute to
          avoid confusion with pam_group_attribute.
        * Support Netscape password expiration controls
        * Avoid authenticating users with empty passwords,
          even if the directory server does
        * Fill in pam_sm_{open,close}_session for completeness
          (they return PAM_IGNORE)

10   Luke Howard <lukeh@padl.com>

        * tested with Linux-PAM 0.57
        * made all functions static
        * added prototypes
        * LDAP connections can be persistent over an entire PAM
          session through the use of pam_set_data() and
          pam_get_data()
        * fixed some bugs
        
9   Luke Howard <lukeh@padl.com>

        * first publically available version.