1
0
mirror of https://github.com/Yubico/yubico-pam.git synced 2024-11-29 00:24:11 +01:00
yubico-pam/NEWS

274 lines
8.1 KiB
Plaintext
Raw Normal View History

2009-01-13 15:08:21 +01:00
pam_yubico NEWS -- History of user-visible changes. -*- outline -*-
2009-01-13 10:13:50 +01:00
2014-08-26 09:16:13 +02:00
* Version 2.17 (released 2014-08-26)
** Fix a bug with the 'urllist' parameter where urls would be forgotten.
** Manpages converted to asciidoc.
2014-06-10 13:02:56 +02:00
2014-06-10 13:01:28 +02:00
* Version 2.16 (released 2014-06-10)
2014-04-30 13:20:45 +02:00
2014-06-10 10:58:24 +02:00
** Fix a crashbug with the new parameter 'urllist'
2014-04-30 11:09:02 +02:00
* Version 2.15 (released 2014-04-30)
2013-09-27 14:07:22 +02:00
2014-04-30 10:44:12 +02:00
** Added new parameter 'urllist'
** Added pam_yubico(8) man page.
** Fix memory leak.
** Bump yubico-c-client version requirement to 2.12.
2013-09-27 14:05:43 +02:00
* Version 2.14 (released 2013-09-27)
2013-03-01 15:33:16 +01:00
2013-09-18 13:30:03 +02:00
** Don't install internal header files.
2013-09-18 13:33:02 +02:00
** Don't print debug info when the "debug" parameter is not given.
2013-09-27 14:05:43 +02:00
** Use PBKDF2 to process expected reply for challenge-response mode.
** Fixup memory leaks and leaks of privilege.
** Let return values reflect whether the user wasn't found or other error.
2013-03-01 15:28:48 +01:00
* Version 2.13 (released 2013-03-01)
* Fix a bug in the version check to support major version > 2 (neo).
Patch from https://github.com/wwest4
* Give ykpamcfg an option for specifying path.
2012-06-15 14:58:37 +02:00
2012-06-15 14:43:58 +02:00
* Version 2.12 (released 2012-06-15)
** Only use libyubikey when --with-cr is used.
** Set correct permissions on tempfile.
** YubiKey 2.2 contains a bug in challenge-response that makes it output the
same response to all challenges unless HMAC_LT64 is set. Add warnings to
ykpamcfg and a warning through conversate in the pam module. Keys programmed
like this should be reprogrammed with the HMAC_LT64 flag set.
2012-06-14 08:48:21 +02:00
2012-02-10 15:28:01 +01:00
* Version 2.11 (released 2012-02-10)
2012-02-02 13:47:15 +01:00
** Fix crash-bug with challenge-response mode when button press is required,
but button is never pressed. Reported and fixed by
Lingzhu Xiang <xianglingzhu@gmail.com>.
** Fix a memset() with wrong size as reported by clang, as well as some
other problems/warnings when building on Mac OS X, thanks to
Clemens Lang <neverpanic@gmail.com>.
** Add prefix-matching of LDAP fetched values, so you can store the
token-to-user mapping in a multi-value attribute with values like
"yubikey:publicid", "other-token:something" etc. Patch by
Remi Mollon <remi.mollon@cern.ch>.
2011-12-14 12:49:32 +01:00
* Version 2.10 (released 2011-12-14)
2011-11-23 15:05:19 +01:00
** Drop permissions (to the user that is trying to authenticate) before
accessing files in the users home directory. Largely based on a patch by
Ricky Zhou <ricky@fedoraproject.org>. Thanks!
** Restore challenge-response support - version 2.7 was supposed to make
the dependency on libykpers optional, but in reality accidentally
disabled challenge-response for all configurations. As before, use
--without-cr to compile pam_yubico without the ykpers dependency.
2011-11-17 20:52:29 +01:00
* Version 2.9 (released 2011-11-17)
2011-11-08 22:05:53 +01:00
** Security: Explicitly request ykclient to verify server signature.
ykclient <= 2.5 strangely enough defaults to signing requests, but not
verifying signatures in responses when it is supplied with a client key.
Reported and patched by Dominic Rutherford <dominic@rutherfordfamily.co.uk>.
2011-08-26 13:58:42 +02:00
* Version 2.8 (released 2011-08-26)
** Fix big security hole: Authentication succeeded when no password
was given, unless use_first_pass was being used.
This is fatal if pam_yubico is considered 'sufficient' in the PAM
configuration.
Reported and patched by Nanakos Chrysostomos <nanakos@wired-net.gr>.
2011-06-07 00:43:48 +02:00
* Version 2.7 (released 2011-06-07)
** Make dependency on libykpers optional.
Use --without-cr to force it. Reported by Jussi Sallinen <jussi@jus.si>.
2011-04-11 15:44:55 +02:00
* Version 2.6 (released 2011-04-11)
** This release includes lots of patches by members of our open
source community. Thank you all!
** Add Challenge-Response mode for offline validation (requires
YubiKey 2.2). Patch by Tollef Fog Heen.
** Eliminate all problems with pam_get_data by simply getting rid
of that code completely. This seems to have caused problems for a lot
of people.
** Numerous LDAP bug fixes and improvements, including community
patches by judas.iscariote and maxsanna81@gmail.com. Change to
LDAPv3, since v2 has been declared historic for a looong time.
** Support passing capath parameter to Yubico validation client.
Patch by Remi Mollon.
** Support public id's longer/shorter than 6 bytes. Patch by
fraser.scott@gmail.com.
** Convert documentation to Asciidoc format used in Github wiki.
** Try to never log passwords in debug logs.
2010-09-10 13:08:52 +02:00
* Version 2.5 (released 2010-09-10)
2010-09-10 01:17:30 +02:00
2010-09-10 10:22:30 +02:00
** Wiki articles are now inclded in the archive. Same license as code.
Reported by dmitrij.ledkov in Issue #30:
<http://code.google.com/p/yubico-pam/issues/detail?id=30>.
2010-09-10 01:12:45 +02:00
* Version 2.4 (released 2010-09-10)
2010-04-14 10:52:43 +02:00
** New keyword "verbose_otp" to allow displaying OTP characters.
Contributed by qistoph reported in Issue #22:
<http://code.google.com/p/yubico-pam/issues/detail?id=22>.
** Build with -DPAM_DEBUG so that debug file writing works.
Reported by qistoph in Issue #20:
<http://code.google.com/p/yubico-pam/issues/detail?id=20>.
** Make deprecated "ldapserver" work again.
Reported by giovannibajo in Issue #27:
<http://code.google.com/p/yubico-pam/issues/detail?id=27>.
** Fix segmentation fault on 64-bit systems.
Reported by multiple people in Issue #11:
<http://code.google.com/p/yubico-pam/issues/detail?id=11>.
2010-09-09 23:42:00 +02:00
** Don't crash on ^D at su prompt, or generally, on a NULL password value.
2010-04-14 10:47:45 +02:00
* Version 2.3 (released 2010-04-14)
2009-05-11 12:10:16 +02:00
** New keyword "ldap_uri" added.
This keyword is preferred over the old "ldapserver" keyword, and
allows you to specify a complete LDAP URI instead of only the hostname
of your LDAP server. Contributed by Zubrick.
2010-04-14 10:45:28 +02:00
** Improved README.
Contributed by Erinn Looney-Triggs <erinn.looneytriggs@gmail.com>.
2009-05-11 12:07:32 +02:00
* Version 2.2 (released 2009-05-11)
2009-03-31 16:14:17 +02:00
2009-05-11 12:05:36 +02:00
** Added new PAM configuration variable "key" for base64 client key.
2009-03-31 16:04:34 +02:00
* Version 2.1 (released 2009-03-31)
2009-03-25 11:26:59 +01:00
2009-03-31 16:04:19 +02:00
** Fix documentation.
** Fix warning.
2009-03-25 11:16:29 +01:00
* Version 2.0 (released 2009-03-25)
2009-03-25 11:15:13 +01:00
** Requires libykclient v2.0 or later.
See <http://code.google.com/p/yubico-c-client/>.
2009-03-24 17:44:31 +01:00
2009-03-24 17:41:59 +01:00
* Version 1.14 (released 2009-03-24)
2009-03-24 17:40:57 +01:00
2009-03-24 17:41:42 +01:00
** Quick release to sync release archive with svn code.
2009-03-24 17:36:53 +01:00
* Version 1.13 (released 2009-03-24)
2009-03-24 14:13:39 +01:00
2009-03-24 16:12:34 +01:00
** Fix parsing of password into OTP/ID/password.
Earlier string handling may have been incorrect for short strings.
** Don't pass integers via pam_set_data/pam_get_data.
May solve problems on 64-bit platforms. Based on patch from
forum.yubico.com.
2009-03-24 14:10:25 +01:00
* Version 1.12 (released 2009-03-24)
2009-03-24 12:12:36 +01:00
** Add support for "use_first_pass" and "try_first_pass".
They work similar to other PAM modules, see README for more
documentation.
2009-03-24 12:15:21 +01:00
Upgrade notice: If you are relying on getting the Yubikey OTP from an
earlier PAM module, and no prompting by the pam_yubico module, you
need to add "try_first_pass" to preserve the same behaviour.
2009-02-11 17:56:49 +01:00
* Version 1.11 (released 2009-02-11)
2009-02-11 17:51:28 +01:00
** Added support to store user:keyid mapping in LDAP.
Contributed by Gregory Brusick <gregory@brusick.ch>.
2009-01-13 15:13:19 +01:00
* Version 1.10 (released 2009-01-13)
2009-01-13 11:34:50 +01:00
2009-01-13 15:08:21 +01:00
** Change license to 2-clause BSD.
The Linux-PAM license is unclear, and in any case, the 2-clause BSD
license is compatible with 3-clause BSD and GPL.
2008-09-01 15:31:52 +02:00
2009-01-13 15:08:21 +01:00
* Version 1.9 (released 2009-01-13)
2009-01-13 15:08:21 +01:00
** Solaris portability improvements.
Suggested by Martin Englund <Martin.Englund@Sun.COM>.
2008-01-11 13:53:40 +01:00
2009-01-13 15:08:21 +01:00
* Version 1.8 (released 2008-09-15)
2008-09-01 15:17:53 +02:00
2009-01-13 15:08:21 +01:00
** Add new parameter 'url' to specify the server template URL.
2008-09-01 15:17:53 +02:00
2009-01-13 15:08:21 +01:00
* Version 1.7 (released 2008-09-01)
2008-06-25 15:40:53 +02:00
2009-01-13 15:08:21 +01:00
** Support two-factor mode to provide a password.
2008-01-11 13:53:40 +01:00
2009-01-13 15:08:21 +01:00
** Support a user-specific configuration file to allow yubikeys per user.
2008-01-11 13:41:21 +01:00
2009-01-13 15:08:21 +01:00
** Use libyubikey-client instead of direct use of libcurl.
2008-06-25 15:23:34 +02:00
2009-01-13 15:08:21 +01:00
** Move *.m4's to m4/.
2008-06-25 15:23:34 +02:00
2009-01-13 15:08:21 +01:00
* Version 1.6 (released 2008-01-11)
2008-06-25 15:23:34 +02:00
2009-01-13 15:08:21 +01:00
** First release from code.google.com repository.
2008-01-11 13:41:21 +01:00
2009-01-13 15:08:21 +01:00
** Clarify documentation with regard to license and development info.
2008-06-25 15:23:34 +02:00
2009-01-13 15:08:21 +01:00
* Version 1.5 (internal release)
2008-06-25 15:23:34 +02:00
2009-01-13 15:08:21 +01:00
** Clarify that license is the same as Linux-PAM (GPLv2 or modified BSD).
This is likely the last internal release, source moving to code.google.com.
2008-06-25 15:23:34 +02:00
2009-01-13 15:08:21 +01:00
* Version 1.4 (internal release)
2008-06-25 15:23:34 +02:00
2009-01-13 15:08:21 +01:00
** Don't free CURL's user agent string before we're done.
2008-06-25 15:23:34 +02:00
2009-01-13 15:08:21 +01:00
** Version 1.3 (internal release)
2008-06-25 15:23:34 +02:00
2009-01-13 15:08:21 +01:00
** Disable echo'ing of password, for FreeRadius.
2008-06-25 15:23:34 +02:00
2009-01-13 15:08:21 +01:00
* Version 1.2 (internal release)
2008-01-11 13:41:21 +01:00
2009-01-13 15:08:21 +01:00
** Added PDF/HTML manual, see yubico-pam.pdf and yubico-pam.html.
2008-01-11 13:41:21 +01:00
2009-01-13 15:08:21 +01:00
** Fixes to use new web service API.
2008-01-11 13:41:21 +01:00
2009-01-13 15:08:21 +01:00
** Add "url" parameter.
2008-01-11 13:41:21 +01:00
2009-01-13 15:08:21 +01:00
** Fix "alwaysok" parameter.
2008-01-11 13:41:21 +01:00
2009-01-13 15:08:21 +01:00
** Fix crash on empty server responses.
2008-01-11 13:41:21 +01:00
2009-01-13 15:08:21 +01:00
** Parse "status" properly.
2008-01-11 13:41:21 +01:00
2009-01-13 15:08:21 +01:00
** Better debug info.
2008-01-11 13:41:21 +01:00
2009-01-13 15:08:21 +01:00
* Version 1.1 (internal release)
2008-01-11 13:41:21 +01:00
2009-01-13 15:08:21 +01:00
** Fix ws-api usage.
2008-01-11 13:41:21 +01:00
2009-01-13 15:08:21 +01:00
** Support "alwaysok".
2008-01-11 13:41:21 +01:00
2009-01-13 15:08:21 +01:00
* Version 1.0 (internal release)
2008-01-11 13:41:21 +01:00
2009-01-13 15:08:21 +01:00
** Initial release.