This bug was fixed in the package pam - 1.0.1-1ubuntu1
---------------
pam (1.0.1-1ubuntu1) intrepid; urgency=low
* Merge from Debian unstable
* Dropped changes:
- Linux-PAM/modules/pam_selinux/pam_selinux.8: Ubuntu pam_selinux manpage
is 2 years newer than Debian's, contains a number of character escaping
fixes plus content updates
- debian/patches-applied/ubuntu-pam_selinux_seusers: patch pam_selinux to
correctly support seusers (backported from changes in PAM 0.99.8).
- debian/rules: install unix_chkpwd setgid shadow instead of setuid root.
The nis package handles overriding this as necessary.
- debian/patches-applied/ubuntu-rlimit_nice_correction: Bound RLIMIT_NICE
from below as well as from above. Fix off-by-one error when converting
RLIMIT_NICE to the range of values used by the kernel.
* Remaining changes:
- debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not
present there or in /etc/security/pam_env.conf. (should send to Debian).
- debian/libpam-runtime.postinst,
debian/local/common-{auth,password}{,.md5sums}:
Use the new 'missingok' option by default for pam_smbpass in case
libpam-smbpass is not installed (LP: #216990); must use "requisite"
rather than "required" to prevent "pam_smbpass migrate" from firing in
the event of an auth failure; md5sums updated accordingly.
- debian/libpam0g.postinst: only ask questions during update-manager when
there are non-default services running.
- debian/patches-applied/series: Ubuntu patches are as below ...
- debian/patches-applied/ubuntu-fix_standard_types: Use standard u_int8_t
type rather than __u8.
- debian/patches-applied/ubuntu-no-error-if-missingok: add a new, magic
module option 'missingok' which will suppress logging of errors by
libpam if the module is not found.
- debian/patches-applied/ubuntu-regression_fix_securetty: prompt for
password on bad username.
- debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly
initialise RLIMIT_NICE rather than relying on the kernel limits.
- debian/patches-applied/ubuntu-user_defined_environment: Look at
~/.pam_environment too, with the same format as
/etc/security/pam_env.conf. (Originally patch 100; converted to quilt.)
* Refresh patch ubuntu-no-error-if-missingok for the new upstream version.
* Change Vcs-Bzr to point at the new Ubuntu branch.
pam (1.0.1-1) unstable; urgency=low
* New upstream version.
- pam_limits: bound RLIMIT_NICE from below. Closes: #403718.
- pam_mail: set the MAIL variable even when .hushlogin is set.
Closes: #421010.
- new minclass option introduced for pam_cracklib. Closes: #454237.
- fix a failure to check the string length when matching usernames in
pam_group. Closes: #444427.
- fix setting shell security context in pam_selinux. Closes: #451722.
- use --disable-audit, to avoid libaudit being linked in
accidentally
- pam_unix now supports SHA-256 and SHA-512 password hashes.
Closes: #484249, LP: #245786.
- pam_rhosts_auth is dropped upstream (closes: #382987); add a compat
symlink to pam_rhosts to support upgrades for a release, and give a
warning in NEWS.Debian.
- new symbol in libpam.so.0, pam_modutil_audit_write; shlibs bump, and
do another round of service restarts on upgrade.
- pam_unix helper is now called whenever an unprivileged process
tries and fails to query a user's account status. Closes: #367834.
* Drop patches 006_docs_cleanup, 015_hurd_portability,
019_pam_listfile_quiet, 024_debian_cracklib_dict_path, 038_support_hurd,
043_pam_unix_unknown_user_not_alert, 046_pam_group_example,
no_pthread_mutexes, limits_wrong_strncpy, misc_conv_allow_sigint.patch,
pam_tally_audit.patch, 057_pam_unix_passwd_OOM_check, and
065_pam_unix_cracklib_disable which have been merged upstream.
* Patch 022_pam_unix_group_time_miscfixes: partially merged upstream;
now is really just "pam_group_miscfixes".
* Patch 007_modules_pam_unix partially superseded upstream; stripping
hpux-style expiry information off of password fields is now supported.
* New patch pam_unix_thread-safe_save_old_password.patch, to make sure all
our getpwnam() use in pam_unix is thread-safe (fixes an upstream
regression)
* New patch pam_unix_fix_sgid_shadow_auth.patch, fixing an upstream
regression which prevents sgid shadow apps from being able to authenticate
any more because the module forces use of the helper and the helper won't
allow authentication of arbitrary users. This change does mean we're
going to be noisier for the time being in an SELinux environment, which
should be addressed but is not a regression on Debian.
* New patch pam_unix_dont_trust_chkpwd_caller.patch, rolling back an
upstream change that causes unix_chkpwd to assume that setuid(getuid())
is sufficient to drop permissions and attempt any authentication on
behalf of the user.
* The password-changing helper functionality for SELinux systems has been
split out into a separate unix_update binary, so at long last we can
change unix_chkpwd to be sgid shadow instead of suid root.
Closes: #155583.
- Update the lintian override to match.
* Install the new unix_update helper into libpam-modules.
* Use a pristine upstream tarball instead of repacking; requires various
changes to debian/rules and debhelper files.
* Replace the Vcs-Svn field with a Vcs-Bzr field; jumping ship from svn,
and how!
* Debconf translations:
- Romanian, thanks to Igor Stirbu <[EMAIL PROTECTED]>
(closes: #491821)
* Add libpam0g.symbols, for finer-grained package dependencies with
dpkg-gensymbols.
* Fix debian/copyright to list the known copyright holders
* Fix up the doc-base sections for the libpam-doc documentation, "Apps"
should not be part of the section name
* Also fix up whitespace issues in the doc-base abstracts
* Fix a typo in the libpam0g-dev description.
* 027_pam_limits_better_init_allow_explicit_root: RLIM_INFINITY is also
invalid for RLIMIT_NOFILE, so when resetting the limits for a new session,
use the kernel default of 1024 instead. Closes: #404836.
* Create /etc/environment on initial install of libpam-modules (or on
upgrade from an old version), to quell warnings in the logs about it
being missing. Closes: #442049.
* 026_pam_unix_passwd_unknown_user: drop a redundant, and broken, check for
the NSS source of our user; this was preventing password changes for NIS
users, which otherwise should have worked. Closes: #203222, LP: #9224.
* New patch do_not_check_nis_accidentally: respect the 'nis' option
(set or unset) when looking up the user's password entry for password
changes. Thanks to Quentin Godfroy <[EMAIL PROTECTED]> for the
patch. Closes: #469635.
* Drop patch 049_pam_unix_sane_locking, which upon review is not needed;
it reduces the length of time we hold the lock, but at the expense of
being able to enforce minimum times between password changes.
* debian/watch: upstream has hit 1.0, so we're no longer in a "pre"
directory. Fix up the regex for uscan.
* Fix the libpam0g-dev examples directory to not include a gratuitous
.cvsignore file.
* New patch, pam.d-manpage-section, to fix the manpage references to
point to section 5 instead of section 8.
* Update patch PAM-manpage-section to fix the references to pam(7) from
other manpages. Closes: #470137.
* Add debian/README.source documenting that this package uses quilt.
* Bump Standards-Version to 3.8.0.
* Fix a bug in the uid-restoring code in the hurd_no_setfsuid patch; thanks
to Tomas Mraz <[EMAIL PROTECTED]> for indirectly bringing this to my
attention
pam (0.99.7.1-7) unstable; urgency=medium
* Medium-urgency upload for RC bugfix
* Debconf translations:
- Italian, thanks to David Paleino <[EMAIL PROTECTED]> (closes: #483913)
- Slovak, thanks to Ivan Masár <[EMAIL PROTECTED]> (closes: #488908)
- Turkish, thanks to Mert Dirik <[EMAIL PROTECTED]> (closes: #490880)
- Basque, thanks to Piarres Beobide <[EMAIL PROTECTED]>
(closes: #473975)
* Drop the 'XS' from Vcs-Svn/Vcs-Browser, since these are now officially
recognized fields.
* Add a Homepage field. Closes: #473338.
* Drop -DCRACKLIB_DICTS from CFLAGS, since the referenced define is no
longer provided by cracklib2-dev 2.8 and above. This requires a
build-dependency on the corresponding version of libcrack2-dev.
Closes: #490236.
-- Steve Langasek <[EMAIL PROTECTED]> Mon, 28 Jul 2008
20:58:26 +0000
** Changed in: pam (Ubuntu)
Status: In Progress => Fix Released
--
Can't use NIS with 'password' feature of pam_unix
https://bugs.launchpad.net/bugs/9224
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
