head	1.17;
access;
symbols;
locks; strict;
comment	@# @;


1.17
date	97.01.04.22.49.43;	author morgan;	state Exp;
branches;
next	1.16;

1.16
date	96.12.01.03.33.35;	author morgan;	state Exp;
branches;
next	1.15;

1.15
date	96.11.10.21.27.31;	author morgan;	state Exp;
branches;
next	1.14;

1.14
date	96.09.05.07.01.28;	author morgan;	state Exp;
branches;
next	1.13;

1.13
date	96.08.09.06.30.04;	author morgan;	state Exp;
branches;
next	1.12;

1.12
date	96.07.08.00.12.24;	author morgan;	state Exp;
branches;
next	1.11;

1.11
date	96.06.24.06.07.00;	author morgan;	state Exp;
branches;
next	1.10;

1.10
date	96.06.02.08.51.22;	author morgan;	state Exp;
branches;
next	1.9;

1.9
date	96.05.26.16.04.39;	author morgan;	state Exp;
branches;
next	1.8;

1.8
date	96.05.26.04.31.28;	author morgan;	state Exp;
branches;
next	1.7;

1.7
date	96.05.21.05.45.32;	author morgan;	state Exp;
branches;
next	1.6;

1.6
date	96.05.11.08.32.59;	author morgan;	state Exp;
branches;
next	1.5;

1.5
date	96.05.02.06.12.39;	author morgan;	state Exp;
branches;
next	1.4;

1.4
date	96.04.07.08.20.39;	author morgan;	state Exp;
branches;
next	1.3;

1.3
date	96.03.17.03.14.07;	author morgan;	state Exp;
branches;
next	1.2;

1.2
date	96.03.10.19.04.22;	author morgan;	state Exp;
branches;
next	1.1;

1.1
date	96.03.09.06.31.24;	author morgan;	state Exp;
branches;
next	;


desc
@list of changes to this distribution of Linux-PAM
@


1.17
log
@update for .55
@
text
@
$Id: CHANGELOG,v 1.16 1996/12/01 03:33:35 morgan Exp morgan $

-----------------------------

0.55: Sat Jan  4 14:43:02 PST 1997, Andrew Morgan <morgan@@parc.power.net>

* added "requisite" control_flag to /etc/pam.conf syntax. [See
  Sys. Admin. Guide for explanation] changes to pam_handlers.c

* completely new handling of garbled pam.conf lines. The modus
  operandi now is to assume that any errors in the line are minor.
  Errors of this sort should *most definitely* lead to the module
  failing, however, just ignoring the line (as was the case
  previously) can lead to gaping security holes(! Not foreseen by the
  RFC). The "motivation" for the RFC's comments about ignoring garbled
  lines is present in spirit in the new code: basically a garbled line
  is treated like an instance of the pam_deny.so module.
  changes to pam_handlers.c and pam_dispatch.c .

* patched libpam, to (a) call _pam_init_handlers from pam_start() and
  (b) to log a text error if there are no modules defined for a given
  service when a call to a module is requested. [pam_start() and
  pam_dispatch() were changed].

* patched pam_securetty to deal with "/dev/" prefix on PAM_TTY item.

* reorganized the modules/Makefile to include *ALL* modules. It is now
  the responsibility of the modules themselves to test whether they can
  be compiled locally or not.

* modified pam_group to add to the getgroups() list rather than overwrite
  it. [In the case of "HAVE_LIBPWDB" we use the pwdb_..() calls to
  translate the group names.]. Module now pays attention to
  PAM_CRED_.. flag(!)

* identified and removed bugs in field reading code of pam_time and
  (thus) pam_group.

* Cristian's patches to pam_listfile module, corresponding change to
  documentation.

* I've discovered &ero; for sgml!
  Added pam_time documentation to the admin guide.

* added manual pages: pam.8, pam_start.2(=pam_end.2),
  pam_authenticate.2, pam_setcred.2, pam_strerror.2,
  pam_open_session.2(=pam_close_session.2) and pam_chauthtok.2 .

* added new modules:

	- pam_mail (tells the user if they have any new mail
	  and sets their MAIL env variable)
	- pam_lastlog (reports on the last time this user called
	  this module)

* new module hooks provided.

* added a timeout feature to the conversation function in
  libpam_misc. Documented it in the application developers' guide.

* fixed bug in pam_misc_paste_env() function..

* slight modifications to wheel and rhosts writeup.

* more security issues added to module and application guides.

--
Things present but not mentioned in previous release (sorry)

* pam_pwdb module now resets the "last_change" entry before updating a
  password.
--

Sat Nov 30 19:30:20 PST 1996, Andrew Morgan <morgan@@parc.power.net>

* added environment handling to libpam. involved change to _pam_types.h
  also added supplementary functions to libpam_misc

* added pam_radius - Cristian

* slight speed up for pam_rhosts

* significantly enhanced sys-admin documentation (8 p -> 41 p in
  PostScript). Added to other documentation too.  Mostly the changes
  in the other docs concern the new PAM-environment support, there is
  also some coverage of libpam_misc in the App. Developers' guide.

* Cristian's patches to pam_limits and pam_pwdb. Fixing bugs. (MORE added)
  
* adopted Cristian's _pam_macros.h file to help with common macros and
  debugging stuff, gone through tree tidying up debugging lines to use
  this [not complete].

	- for consistency replaced DROP() with _pam_drop()

* commented memory debugging in top level makefile

* added the following modules

    - pam_warn	log information to syslog(3) about service application
    - pam_ftp	if user is 'ftp' then set PAM_RUSER/PAM_RHOST with password
    (comment about nologin added to last release's notes)

* modified the pam_listfile module. It now declares a meaningful static
  structure name.

Sun Nov 10 13:26:39 PST 1996, Andrew Morgan <morgan@@parc.power.net>

		**PLEASE *RE*AMEND YOUR PERSONAL LINKS**

  ------->  http://parc.power.net/morgan/Linux-PAM/index.html  <-------

		**PLEASE *RE*AMEND YOUR PERSONAL LINKS**

A brief summary of what has changed:

* many modules have been modified to accomodate fixing the pam_get_user()
  change. Please take note if you have a module in this distribution.

* pam_unix is now the pam_unix that Red Hat has been using and which
  should be fairly well debugged.

   - I've added some #ifdef's to make it compile for me, and also
     updated it with respect to the libpam-0.53, so have a look at the
     .../modules/pam_unix/Makefile to enable cracklib and shadow features

	** BECAUSE OF THIS, I cannot guarantee this code works as it **
	** did for Red Hat. Please test and report any problems.     **

* the pam_unix of .52 (renamed to pam_pwdb) has been enhanced and made
  more flexible with by implementing it with respect to the new
  "Password Database Library" see

	http://parc.power.net/morgan/libpwdb/index.html

  modules included in this release that require this library to
  function are the following:

	- pam_pwdb (ne pam_unix-0.52 + some enhancements)
	- pam_wheel
	- pam_limits
	- pam_nologin

* Added some optional code for memory debugging. In order to support
  this you have to enable MEMORY_DEBUG in the top level makefile and
  also #define MEMORY_DEBUG in your applications when they are compiled.
  The extra code resides in libpam (compiled if MEMORY_DEBUG is defined)
  and the macros for malloc etc. are to be found at the end of
  _pam_types.h

* used above code to locate two memory leaks in pam_unix module and two
  in libpam (pam_handlers.h)

* pam_get_user() now sets the PAM_USER item. After reading the Sun
  manual page again, it was clear that it should do this. Various
  modules have been assuming this and now I have modified most of them
  to account for this change. Additionally, pam_get_user() is now
  located in the module include file; modules are supposed to be the
  ones that use it(!) [Note, this is explicitly contrary to the Sun
  manual page, but in the spirit of the Linux distribution to date.]

* replaced -D"LINUX" with -D"LINUX_PAM" as this is more explicit and less
  likely to be confused with -D"linux".
  Also, modified the libpam #include files to behave more like the Sun
  ones #ifndef LINUX_PAM.

* removed <bf/ .. / from documentation titles. This was not giving
  politically correct html..
 
----- My vvvvvvvvvvvvvvvvvvv was a long time ago ;*] -----

Wed Sep  4 23:57:19 PDT 1996 (Andrew Morgan <morgan@@physics.ucla.edu>

0. Before I begin, Linux-PAM has a new primary distribution site (kindly
donated by Power Net Inc., Los Angeles)

		**PLEASE AMMEND YOUR PERSONAL LINKS**

      ------->  http://www.power.net/morgan/Linux-PAM  <-------

		**PLEASE AMMEND YOUR PERSONAL LINKS**

1. I'm hoping to make the next release a bug-fix release... So please find
   all the bugs(! ;^)

2. here are the changes for .52:

* minor changes to module documentation [Incidently, it is now
  available on-line from the WWW page above]. More changes to follow in
  the next two releases. PLEASE EMAIL me or the list if there is
  anything that isn't clear!

* completely changed the unix module. Now a single module for all four
  management groups (this meant that I could define all functions as
  static that were not part of the pam_sm_... scheme. AGM)

  - Shadow support added
PASSWD  - Elliot's account management included, and enhanced by Cristian Gafton.
  - MD5 password support added by Cristian Gafton.
  - maxtries for authentication now enforced.
  - Password changing function in pam_unix now works!
    Although obviously, I'm not going to *guarantee* it ;^) .
  - stole Marek's locking code from the Red Hat unix module.
    [ If you like you can #ifdef it in or out ... ]

    You can configure the module more from its Makefile in
    0.52/modules/pam_unix/

    If you are nervous that it will destroy your /etc/passwd or shadow
    files then EDIT the 0.52/modules/pam_unix/pam_unix_pass.-c file.
    Here is the warning comment from this file...

-------------8<-----------------
/*                           <WARNING>
 *
 * Uncomment the following #define if you are paranoid, and do not
 * want to risk losing your /etc/passwd or shadow files.
 * It works for me (AGM) but there are no guarantees.
 *
 *                          </WARNING>
 */
/* #define TMP__FILE */
------------->8-----------------

  *** If anyone has any trouble, please *say*. Your problem will be
      fixed in the next release. Also please feel free to scour the
      code for race conditions etc... 

[* The above change requires that you purge your /usr/lib/security
   directory of the old pam_unix_XXX.so modules: they will NOT be deleted
   with a 'make remove'.]

* the prototype for the cleanup function supplied to pam_set_data used
  to return "int". According to Sun it should be "void". CHANGED.

* added some definitions for the 'error_status' mask values that are
  passed to the cleanup function associated with each
  module-data-item. These numbers were needed to keep up with changing
  a data item (see for example the code in pam_unix/support.-c that
  manages the maximum number of retries so far). Will see what Sun says
  (current indications are positive); this may be undone before 1.0 is
  released.  Here are the definitions (from pam_modules.h).

#define PAM_DATA_SILENT    0x40000000     /* used to suppress messages... */
#define PAM_DATA_REPLACE   0x20000000     /* used when replacing a data item */

* Changed the .../conf/pam.conf file. It now points to the new
  pam_unix module for 'su' and 'passwd' [can get these as SimpleApps --
  I use them for testing. A more extensive selection of applications is
  available from Red Hat...]

* corrected a bug in pam_dispatch. Basically, the problem was that if
  all the modules were "sufficient" then the return value for this
  function was never set. The net effect was that _pam_dispatch_aux
  returned success when all the sufficient modules failed. :^( I think
  this is the correct fix to a problem that the Red Hat folks had
  found...

sopwith* Removed advisory locking from libpam (thanks for the POSIX patch
  goes to Josh Wilmes's, my apologies for not using it in the
  end.). Advisory locking did not seem sufficiently secure for libpam.
  Thanks to Werner Almesberger for identifying the corresponding "denial
  of service attack". :*(

* related to fix, have introduced a lock file /var/lock/subsys/PAM
  that can be used to indicate the system should pay attention to
  advisory locking on /etc/pam.conf file. To implement this you need to
  define PAM_LOCKING though. (see .52/libpam)

* modified pam_fail_delay() function. Couldn't find the "not working"
  problem indicated by Michael, but modified it to do pseudo-random
  delays based on the values indicated by pam_fail_delay() -- the
  function "that may eventually go away"... Although Sun is warming to
  the idea.

* new modules include:

	pam_shells    - authentication for users with a shell listed in
			/etc/shells. Erik Troan <ewt@@redhat.com>

	pam_listfile  - authentication based on the contents of files.
			Set to be more general than the above in the
			future. UNTESTED. Elliot Lee <@@redhat.com>
			[Note, this module compiles with a non-trivial
			warning: AGM]

Thu Aug  8 22:32:15 PDT 1996 (Andrew Morgan <morgan@@physics.ucla.edu>)

* modified makefiles to take more of their installation instructions
  from the top level makefile. Desired for integration into the Debian
  distribution, and generally a good idea.

* fixed memory arithmetic in pam_handlers
  -- still need to track down why failure to load modules can lead to
  authentication succeding..

* added tags for new modules (smartcards from Alex -- just a promise
  at this stage) and a new module from Elliot Lee; pam_securetty

* I have not had time to smooth out the wrinkles with it, but Alex's
  pam_unix modifications are provided in pam_unix-alex (in the modules
  directory) they will not be compiled by 'make all' and I can't even
  say if they do compile... I will try to look at them for .52 but, in
  the mean time please feel free to study/fix/discuss what is there.

* pam_rhosts module. Removed code for manually setting the ruser
  etc. This was not very secure.

* [remade .ps docs to be in letter format -- my printer complains
  about a4]

Sunday July, 7 12:45:00 PST 1996 (Andrew Morgan <morgan@@physics.ucla.edu>)

* No longer accompanying the Linux-PAM release with apps installed.
  [Will provide what was here in a separate package.. (soon)
lib   Also see http://www.redhat.com/pam for some more (in .rpm form...)]

* renamed libmisc to libpam_misc. It is currently configured to only compile
  the static library. For some strange reason (perhaps someone can
  investigate) my Linux 2.0.0 kernel with RedHat 3.0.3 system
  segfaults when I compile it to be a dynamic library. The segfault
  seems to be inside the call to the ** dl_XXX ** function...!?

  There is a simple flag in the libpam_misc/Makefile to turn on dynamic
  compiles.

* Added a little unofficial code for delay support in libpam (will probably
  disappear later..) There is some documentation for it in the pam_modules
  doc now. That will obviously go too.

* rewritten pam_time to use *logic* to specify the stringing together of
  users/times/terminals etc.. (what was there before was superficially
  logical but basically un-predictable!)

* added pam_group. Its syntax is almost identical to pam_time but it
  has another field added; a list of groups to make the user a member
  of if they pass the previous tests. It seems to not co-exist too well
  with the groups in the /etc/group but I hope to have that fixed by
  the next release...

* minor re-formatting of pam_modules documentation

* removed ...// since it wasn't being used and didn't look like it
  would be!

GCCSunday 23 22:35:00 PST 1996   (Andrew Morgan <morgan@@physics.ucla.edu>)

* The major change is the addition of a new module: pam_time for
  restricting access on terminals at given times for indicated users
  it comes with its own configuration file /etc/security/time.conf
  and the sample file simply restricts 'you' from satisfying the blank
  application if they try to use blank from any tty*

* Small changes include
- altered pam.conf to demonstrate above new module (try typing username: you)
- very minor changes to the docs (pam_appl and pam_modules)

Saturday June 2 01:40:00 PST 1996  (Andrew Morgan <morgan@@physics.ucla.edu>)

*** PLEASE READ THE README, it has changed ***

* NOTE, 'su' exhibits a "system error", when static linking is
  used. This is because the pam_unix_... module currently only has
  partial static linking support. This is likely to change on Monday
  June 3, when Alex makes his latest version availible. I will include
  the updated module in next release.

changes for .42:

* modified the way in which libpam/pam_modules.h defines prototypes for
  the pam_sm_ functions. Now the module must declare which functions it
  is to provide *before* the #include <security/pam_modules.h> line.
  (for contrasting examples, see the pam_deny and pam_rootok modules)
  This removed the ugly hack of defining functions that are never called
  to overcome  warnings... This seems much tidier.
insterted* updated the TODO list. (changed mailing list address)
* updated README in .../modules to reflect modifications to static
  compliation protocol
* modified the pam_modules documentation to describe this.
* corrected last argument of pam_get_item( ... ) in
  pam_appl/modules.sgml, to "const void **".
* altered GNU GPL's in the documentation, and various other parts of
  the distribution. *Please check* that any code you are responsible for
  is corrected.
* Added ./Copyright (please check that it is acceptable)
* updated ./README to make current and indicate the new mailing list
  address
* have completely rewritten pam_filter. It now runs modular filter
  executables (stored in /usr/sbin/pam_filter/) This should make it
  trivial for others to write their own filters.. If you want yours
  included in the distribution please email the list/me.
* changes to libpam; there was a silly bug with multiple arguments on a
  pam.conf line that was broken with a '\<LF>'.
* 'su' rearranged code (to make better use of PAM)
  *Also* now uses POSIX signals--this should help the Alpha port.
* 'passwd' now uses getlogin() to determine who's passwords to change.

Sunday May 26 9:00:00 PST 1996 (Andrew Morgan <morgan@@physics.ucla.edu>)

* fixed module makefiles to create needed dynamic/static subdirectories

Saturday May 25 20:30:27.8 PST 1996 (Andrew Morgan <morgan@@physics.ucla.edu>)

* LOTS has changed regarding how the modules/libpam are built.
*  Michael's mostly complete changes for static support--see below
  (Andrew got a little carried away and automated the static linking
  of modules---bugs are likely mine ;( )
* Thanks mostly to Michael, libpam now compiles without a single warning :^]
* made static modules/library optional.
CFLAGS* added 'make sterile' to top level makefile. This does extraclean and remove
* added Michael and Joseph to documentation credits (and a subsection for
  future documentation of static module support in pam_modules.sgml)
* libpam; many changes to makefiles and also automated the inclusion of
  static module objects in pam_static.c
* modified modules for automated static/dynamic support. Added static & 
  dynamic subdirectories, as instructed by Michael
* removed an annoying syslog message from pam_filter: "parent exited.."
* updated todo list (anyone know anything about svgalib/X? we probably should
  have some support for these...)

Friday May 24 16:30:15 EDT 1996 (Michael K. Johnson <johnsonm@@redhat.com>)

* Added first (incomplete) cut at static support.
  This includes:
   . changes in libpam, including a new file, pam_static.c
   . changes to modules including exporting struct of function pointers
   . static and dynamic linking can be combined
   . right now, the only working combinations are just dynamic
     linking and dynamic libpam.so with static modules linked
     into libpam.so.  That's on the list of things to fix...
   . modules are built differently depending on whether they
     are static or dynamic.  Therefore, there are two directories
     under each module directory, one for static, and one for
     dynamic modules.
* Fixed random brokenness in the Makefiles.  [ foo -nt bar ] is
  rather redundant in a makefile, for instance.  Also, passing
   on the command line is broken because it cannot be
  overridden in any way (even adding important parts) in lower-level
  makefiles.
* Unfortunately, fixing some of the brokenness meant that I used
  GNU-specific stuff.  However, I *think* that there was GNU-specific
  stuff already.  And I think that we should just use the GNU
  extensions, because any platform that GNU make doesn't port to
  easily will be hard to port to anyway.  It also won't be likely
passwd  to handle autoconf, which was Ted's suggestion for getting
  around limitations in standard make...
  For now, I suggest that we just use some simple GNU-specific
  extensions.

Monday May 20 22:00:00 PST 1996 (Andrew Morgan <morgan@@physics.ucla.edu>)

* added some text to pam_modules.sgml
* corrected Marek's name in all documentation
* made pam_stress conform to chauthtok conventions -- ie can now request
  old password before proceeding.
* included Alex's latest unix module
* included Al's + password strength checking module
* included pam_rootok module
* fixed too many bugs in libpam.. all subtly related to the argument lists
  or use of syslog. Added more debugging lines here too.
* fixed the pam.conf file
* deleted pam_test module. It is pretty old and basically superceeded
  by pam_stress

Friday May 9 1:00:00 PST 1996 (Andrew Morgan <morgan@@physics.ucla.edu>)

* updated documentaion, added Al Longyear to credits and corrected the
  spelling of Jeff's name(!). Most changes to pam.sgml (even added a figure!)
* new module pam_rhosts_auth (from Al Longyear)
* new apps rlogind and ftpd (a patch) from Al.
* modified 'passwd' to not call pam_authenticate (note, none of the
  modules respect this convention yet!)
* fixed bug in libpam that caused trouble if the last line of a
  pam.conf file ends with a module name and no newline character
* also made more compatable with documentation, in that bad lines in
  pam.conf are now ignored rather than causing libpam to return an
  error to the app.
* libpam now overwrites the AUTHTOKs when returning from
  pam_authenticate and pam_chauthtok calls (as per Sun/RFC too)
* libpam is now installed as libpam.so.XXX in a way that ldconfig can
  handle!


Wednesday May 1 22:00:00 PST 1996 (Andrew Morgan <morgan@@physics.ucla.edu>)

* removed .../test directory, use .../examples from now on.
* added .../apps directory for fully functional applications
  - the apps directory contains directories that actually contain the apps.
    the idea is to make application compilation conditional on the presence
    of the directory. Note, there are entries in the Makefile for
    'login' and 'ftpd' that are ready for installation... Email me if
    you want to reserve a directory name for an application you are
    working on...
* similar changes to .../modules makefile [entries for pam_skey and
  pam_kerberos created---awaiting the directories.] Email me if you
  want to register another module...
* minor changes to docs.. Not really worth reprinting them quite yet!
  [save the trees]
* added misc_conv to libmisc. it is a generic conversation function
  for text based applications. [would be nice to see someone create
  an Xlib and/or svgalib version]
* fixed ctrl-z/c bug with pam_filter module [try xsh with the default
  pam.conf file]
* added 'required' argument to 'pam_stress' module.
* added a TODO list... other suggestions to the list please.

Saturday April 7 00:00:00 PST 1996 ( Andrew Morgan <morgan@@physics.ucla.edu> )

* Alex and Marek please note I have altered _pam_auth_unix a little, to
  make it get the passwords with the "proper method" (and also fixed it
  to not have as many compiler warnings)
* updated the conf/pam.conf file
* added new example application examples/xsh.c (like blank but invokes
  /bin/sh)
* Marc's patches for examples/blank.c (and AGM's too)
* fixed stacking of modules in libpam/pam_handlers.c
* fixed RESETing in libpam/pam_item.c
* added new module modules/pam_filter/ to demonstrate the possibility
  of inserting an arbitrary filter between the terminal and the
  application that could do customized logging etc... (see use of
  bin/xsh as defined in conf/pam.conf)


Saturday March 16 19:00:00 PST 1996 ( Andrew Morgan <morgan@@physics.ucla.edu> )

These notes are for 0.3 I don't think I've left anything important
out, but I will use emacs 'C-x v a' next time! (Thanks Jeff)

	* not much has changed with the functionality of the Linux-PAM lib
	  .../libpam
		- pam_password calls module twice with different arguments
		- added const to some of the function arguments
		- added PAM_MAX_MES_ to <security/_pam_types.h>
		- was a lot over zealous about purging old passwords...
		  I have removed much of this from source to make it
		  more compatible with SUN.
		- moved some PAM_... tokens to pam_modules.h from _pam_types.h
		  (no-one should notice)

	* added three modules: pam_permit pam_deny pam_stress
	  no prizes for guessing what the first two do. The third is
	  a reasonably complete (functional) module. Is intended for testing
	  applications with.

	* fixed a few pieces of examples/blank.c so that it works (with
	  pam_stress)

	* ammended the documentation. Looking better, but suggestions/comments
	  very welcome!

Sunday March 10 10:50:00 PST 1996 ( Andrew Morgan <morgan@@physics.ucla.edu> )

These notes are for Linux-PAM release 0.21.  They cover what's changed
since I relased 0.2.

	* am now using RCS
	* substantially changed ./README
	* fixed bug reading \\\n in pam.conf file
	* small changes to documentation
	* added `blank' application to ./examples (could be viewed as
	  a `Linux-PAM aware' application template.)
	* oops. now including pam_passwd.o and pam_session.o in pamlib.so
	* compute md5 checksums for all the source when making a release
	    - added `make check' and `make RCScheck' to compute md5 checksums
	* create a second tar file with all the RCS files in.
	* removed the .html and .txt docs, supplying sgml sources instead.
	    - see README for info on where to get .ps files

Thursday March 6 0:44:?? PST 1996 ( Andrew Morgan <morgan@@physics.ucla.edu> )

These notes are for Linux-PAM release 0.2.  They cover what's changed
since Marc Ewing relased 0.1.

**** Please note. All of the directories in this release have been modified
**** slightly to conform to the new pamlib. A couple of new directories have
**** been added. As well as some documentation. If some of your code
**** was in the previous release. Feel free to update it, but please
**** try to conform to the new headers and Makefiles.

* Andrew Morgan (morgan@@physics.ucla.edu) is making this release
 availible, Marc has been busy...!

* Marc's pam-0.1/lib has been (quietly) enhanced and integrated into
 Alex Yurie's collected tree of library and module code
 (linux-pam.prop.1.tar.gz). Most of the changes are to do with error
 checking. Some more robustness in the reading of the pam.conf file
 and the addition of the pam_get_user() function.

* The pam_*.h files have been reorganized to logically enforce the
 separation of modules from applications. [Don't panic! Apart from
 changing references of the form

	#include "pam_appl.h"

 to

	#include <security/pam_appl.h>

 The reorganization should be backwardly compatable (ie. a module
 written for SUN will be as compatable as it was before with the
 previous version ;)~ ]

 (All of the source in this tree now conforms to this scheme...)

 The new reorganization means that modules can be compiled with a
 single header, <security/pam_modules.h>, and applications with
 <security/pam_appl.h>.

* I have tried to remove all the compiler warnings from the updated
 "pamlib/*.c" files. On my system, (with a slightly modified <dlfcn.h>
 email me if it interests you..) there are only two warnings that
 remain: they are that ansi does not permit void --> fn ptr
 assignment. K&Rv2 doesn't mention this....? As a matter of principle,
 if anyone knows how to get rid of that warning... please
 tell. Thanks! "-pedantic"

* you can "make all" as a plain user, but

* to "make install" you must be root. The include files are placed in
 /usr/include/security. The libpam.so library is installed in /usr/lib
 and the modules in /usr/lib/security. The two test binaries
 are installed in the Linux-PAM-0.2/bin directory and a chance is given to
 replace your /etc/pam.conf file with the one in Linux-PAM-0.2/conf.

* I have included some documentation (pretty preliminary at the
moment) which I have been working on in .../doc .

I have had a little trouble with the modules, but atleast there are no
segfaults! Please try it out and discuss your results... I actually
hope it all works for you. But, Email any bugs/suggestions to the
Linux-PAM list: linux-pam@@mit.edu .....

Regards,

Andrew Morgan
(morgan@@physics.ucla.edu)


Sat Feb 17 17:30:24 EST 1996 (Alexander O. Yuriev alex@@bach.cis.temple.edu)

	* conf directory created with example of pam_conf
	* stable code from pam_unix is added to modules/pam_unix
	* test/test.c now requests username and password and attempts
	  to perform authentication

@


1.16
log
@update for .54
@
text
@d2 1
a2 1
$Id: CHANGELOG,v 1.15 1996/11/10 21:27:31 morgan Exp morgan $
d6 69
d199 1
a199 1
  - Elliot's account management included, and enhanced by Cristian Gafton.
d223 1
a223 1
/* #define TMP_PASSWD_FILE */
d260 1
a260 1
* Removed advisory locking from libpam (thanks for the POSIX patch
d284 1
a284 1
			future. UNTESTED. Elliot Lee <sopwith@@redhat.com>
d317 1
a317 1
   Also see http://www.redhat.com/pam for some more (in .rpm form...)]
d344 1
a344 1
* removed .../lib/ since it wasn't being used and didn't look like it
d347 1
a347 1
Sunday 23 22:35:00 PST 1996   (Andrew Morgan <morgan@@physics.ucla.edu>)
d376 2
a377 2
  to overcome GCC warnings... This seems much tidier.
* updated the TODO list. (changed mailing list address)
d406 1
a406 1
* insterted Michael's mostly complete changes for static support--see below
d411 1
a411 1
* added 'make sterile' to top level makefile. This does extraclean and remove
d438 1
a438 1
  CFLAGS on the command line is broken because it cannot be
d446 1
a446 1
  to handle autoconf, which was Ted's suggestion for getting
d458 1
a458 1
* included Al's passwd+ password strength checking module
@


1.15
log
@update for .53
@
text
@d2 1
a2 1
$Id: CHANGELOG,v 1.14 1996/09/05 07:01:28 morgan Exp morgan $
d6 33
d74 1
@


1.14
log
@updated for .52 release
@
text
@d2 1
a2 1
$Id: CHANGELOG,v 1.13 1996/08/09 06:30:04 morgan Exp morgan $
d5 64
@


1.13
log
@updated for .51
@
text
@d2 118
a119 1
$Id: CHANGELOG,v 1.12 1996/07/08 00:12:24 morgan Exp morgan $
@


1.12
log
@updated for .50
@
text
@d2 26
a27 1
$Id: CHANGELOG,v 1.11 1996/06/24 06:07:00 morgan Exp morgan $
@


1.11
log
@updated for 0.43
@
text
@d2 35
a36 1
$Id: CHANGELOG,v 1.10 1996/06/02 08:51:22 morgan Exp morgan $
@


1.10
log
@update for .42
@
text
@d2 13
a14 1
$Id: CHANGELOG,v 1.10 1996/06/02 08:41:47 morgan Exp $
@


1.9
log
@updated for .41 (stupid bug fix)
@
text
@d2 41
a42 1
$Id: CHANGELOG,v 1.8 1996/05/26 04:31:28 morgan Exp morgan $
@


1.8
log
@updated for .40
@
text
@d2 5
a6 1
$Id: CHANGELOG,v 1.7 1996/05/21 05:45:32 morgan Exp morgan $
@


1.7
log
@updated for .34
@
text
@d2 49
a50 1
$Id: CHANGELOG,v 1.6 1996/05/11 08:32:59 morgan Exp morgan $
@


1.6
log
@updated for .33
@
text
@d2 16
a17 1
$Id: CHANGELOG,v 1.5 1996/05/02 06:12:39 morgan Exp morgan $
@


1.5
log
@updated for 0.32 release
@
text
@d2 20
a21 1
$Id: CHANGELOG,v 1.4 1996/04/07 08:20:39 morgan Exp morgan $
@


1.4
log
@updated file
@
text
@d2 24
a25 1
$Id: CHANGELOG,v 1.3 1996/03/17 03:14:07 morgan Exp morgan $
d40 2
a41 2
  application that could do customized encryption or logging
  etc... (see use of bin/xsh as defined in conf/pam.conf)
@


1.3
log
@updated for 0.3 release
@
text
@d2 18
a19 1
$Id: CHANGELOG,v 1.2 1996/03/10 19:04:22 morgan Exp morgan $
@


1.2
log
@listed changes for 0.21
@
text
@d2 28
a29 1
$Id$
@


1.1
log
@Initial revision
@
text
@d1 21
@
