nss-pam-ldapd Changelog

New in version 0.8.14

January 9th, 2015
  • implement an -n switch to not daemonise (by Caleb Callaway)
  • increase password value buffer size (by Bersl)
  • fix for pwdLastSet attribute value handling (thanks Joshua Shire)
  • fix buffer overflow on interrupted read that is hard to trigger (thanks John Sullivan)
  • fix a possible crash in the NSS module when retrieving large networks entries (thanks Lukas Slebodnik)
  • avoid more broken pipe errors by using a low timeout when aborting reading requested information from nslcd (thanks John Sullivan)
  • only log broken pipe errors in debugging mode
  • ignore SIGUSR1 and SIGUSR2 for future compatibility

New in version 0.9.4 (January 9th, 2015)

  • also handle password policy information on BIND failure (this makes it possible to distinguish between a wrong password and an expired password)
  • fix mapping the member attribute to an empty string
  • any buffers that may have held passwords are cleared before the memory is released
  • increase buffer size for passwords to support extremely long passwords (thanks ushi)
  • increase buffer size for DN to support very long names or names with non-ASCII characters
  • log an error in almost all places where a defined buffer is not large enough to hold the provided data instead of just (sometimes silently) failing
  • logging improvements (start-up problems, login failures)
  • small improvement for Solaris

New in version 0.9.2 (December 10th, 2013)

  • Increase password value buffer size (by Bersl)
  • Avoid more broken pipe errors by using a low timeout when aborting reading requested Information from nslcd (thanks John Sullivan)
  • Only log broken pipe errors in debugging mode
  • Fix buffer overflow on interrupted read that is hard to trigger (thanks John Sullivan)
  • Use clock_gettime() with CLOCK_MONOTONIC for timeout calculations to avoid clock adjustments errors (thanks John Sullivan)
  • Extend test suite to test for CLOCK_MONOTONIC and timed IO timeout calculations
  • Increase the maximum number of base statements per map to 31
  • Use larger nslcd send buffers to reduce the number of write operations in nslcd and consequently the number of reads in the NSS and PAM modules (thanks John Sullivan)
  • Also run invalidators after first successful search
  • Various clean-ups, portability improvements and fixes for compiler warnings
  • Import configure checks of Python modules
  • Provide a script for setting up slapd in a test environment, automatically loaded with the required test data
  • Add script for evaluating test environment availability
  • Portability improvements in the test scripts and test environment

New in version 0.7.19 (December 9th, 2013)

  • Use the more portable EBADF instead of EBADFD (thanks Steven Chamberlain)
  • Fix buffer overflow on interrupted read that is hard to trigger (thanks John Sullivan)
  • Extra sanity check to ensure not too many file descriptors are open

New in version 0.7.18 (December 15th, 2012)

  • This update for the 0.7 series fixes two issues related to file descriptor handling.

New in version 0.8.12 (November 19th, 2012)

  • This version fixes a problem on FreeBSD, fixes a problem with the sasl_canonicalize option, and has improvements for Solaris.
  • A few other smaller improvements have been made.

New in version 0.8.11 (October 15th, 2012)

  • This version fixes a few bugs, introduces the pam_password_prohibit_message and sasl_canonicalize options, loads the nslcd user's supplementary groups, and runs correctly in processes that have a high number of file descriptors open.

New in version 0.8.10 (June 30th, 2012)

  • This version marks the 0.8 series as stable and includes a number of documentation improvements, a bugfix, and a few other smaller changes.

New in version 0.8.8 (April 28th, 2012)

  • This is a quick update to fix a regression in the handling of PAM requests in the 0.8.7 release.