
=======================================================================
=======================================================================

  This file is no longer used for tracking changes for Linux-PAM. For
  user visible changes, please look at the NEWS file. A more verbose
  list of changes can be found in ChangeLog.

=======================================================================
=======================================================================

-----------------------------

TODO:

  - sanitize use of md5 throughout distribution.. Make a static
    library for helping to develop modules that contains it and other
    stuff. Also add sha-1 and ripemd-160 digest algorithms.
  - once above is done. remove hacks from the secret@here module etc..
  - document PAM_INCOMPLETE changes
  - verify that the PAM_INCOMPLETE interface is sensible.   Can we
    catch errors? should we permit item changing etc., between
    pam_authenticate re-invocations?
  - verify that the PAM_INCOMPLETE interface works (auth seems ok..)
  - add PAM_INCOMPLETE support to modules (partially added to pam_pwdb)
  - work on RFC.
  - auth and acct support in pam_cracklib, "yes, I know the password
    you just typed was valid, I just don't think it was very strong..."

====================================================================

If you have found a bug in Linux-PAM (including a documentation bug,
or a new feature request and/or patch), please consider filing such a
bug report - outstanding bugs are listed here:

 http://sourceforge.net/tracker/?atid=106663&group_id=6663&func=browse

(to file another bug see the 'submit bug' button on that page).

====================================================================

0.81: please submit patches for this section with actual code/doc
      patches!
* pam_umask: New module for setting umask from GECOS field, /etc/login.defs
  or /etc/default/login (kukuk)
* configure/pam_strerror: Remove old ugly-hack option for pam_strerror
  interface change (kukuk)
* configure.in: Fix AC_DEFINE usage for autoheader (kukuk)
* configure.in/_pam_aconf.h.in: Remove feature.h inclusion (kukuk)
* defs: Remove obsolete directory/content (kukuk)
* Rename _pam_aconf.h.in to config.h (kukuk)
* pam_unix: Don't ignore pam_get_item return value (kukuk)
* pam_userdb: Fix regression - crash when crypt param not specified (t8m)
* libpam: Remove pam_authenticate_secondary stub (kukuk)
* Use autoconf/automake/libtool (kukuk)
* pam_securetty: Be fail-close on user lookups, always log failures,
  not just with "debug" (Solar Designer)
* Add gettext support
* Add translations for cs, de, es, fr, hu, it, ja, nb, pa, pt_BR,
  pt, zh_CN and zh_TW
* pam_limits: Apply ALT Linux/Owl patch
* pam_motd: Apply ALT Linux/Owl patch
* libpam: Cache pam_get_user() failures
* libpam: Add pam_prompt,pam_vprompt,pam_error,pam_verror,pam_info
  and pam_vinfo functions for use by modules as extension (kukuk).
* pam_cracklib: Make path to cracklib dicts an option (kukuk).
* libpam: Add pam_syslog function for unified syslog messages from
  PAM modules (kukuk).
* pam_tally, pam_time, pam_userdb: use pam_syslog and pam_prompt (ldv)
* pam_issue: major cleanup (ldv)
* pam_echo: New PAM module for message output (kukuk)
* pam_limits: Fix regression from RLIMIT_NICE support (wrong limit
  values for other limits are applied) patch by Anton Guda
* pam_unix: Always honor nis flag on password change (by Aaron Hope)
* libpam: Moved functions from pammodutil to libpam (t8m)
* pam_lastlog: Cleanup, fix broken logic in pam_parse,
  modify wtmp by default, nowtmp option switches that off (ldv)

0.80: Wed Jul 13 13:23:20 CEST 2005
* pam_tally: test for NULL data before dereferencing them (t8m)
* pam_unix: fix regression introduced in 0.78 - both NIS and local password
  should be changed if possible (t8m)
* misc_conv: flush input first then print the prompt - fixes problem
  with expect scripts (t8m)
* pam_unix: nis option shouldn't clear the shadow option (t8m)
* cleanups and minor bugfixes by Steve Grubb (t8m)
* pam_private.h: set PAM_DEFAULT_PROMPT to "login: " (kukuk)
* pam_mkhomedir: Create parent directories if they do not already
  exist (Bug 600351 - kukuk)
* pam_mkhomedir: Set owner/permissions of home directory after we
  created all files (Bug 1032922 - kukuk)
* pam_rhosts: Get rid of static buffer for path (kukuk)
* pam_selinux/pam_unix/pam_rootok: Add SELinux support based on
  patch from Red Hat (kukuk)
* pam_limits: Correct support of unlimited limits, use correct type
  for rlimit value (Bug 945449 - kukuk, t8m)
* pam_xauth: Unset the XAUTHORITY variable when requesting user is
  root and target user is not (t8m)
* pam_access: Add listsep option to set list element separator by
  Richard Shaffer (t8m)
* pam_limits: Don't reset process priority if none is specified in
  the config file (Novell #81690 - kukuk)
* Fix all occurrence of dereferencing type-punned pointer will break
  strict-aliasing rules warnings (kukuk)
* pam_limits: Support new limits in linux 2.6.12 (t8m)
* pam_mkhomedir: change mode datatype (toady)
* pam_limits: Don't lowercase login names (kukuk)

0.79: Thu Mar 31 16:48:45 CEST 2005
* pam_tally: added audit option (toady)
* pam_unix: don't log user unknown failure when he can be properly
  authenticated by another module (t8m)
* configure: don't abort if no cracklib dictinaries were found, but
  warn user that pam_cracklib will not be built (kukuk)
* modules/pam_unix/support.c: Fix return value if user aborts while
  changes the password (Bug 872945 - kukuk)
* modules/pam_unix/support.c: Fix return value for an unknown user
  (Bug 872943 - kukuk)
* pam_limits: support for new Linux kernel 2.6 limits (from toby cabot
  - t8m)
* pam_tally: major rewrite of the module (t8m)
* libpam: don't return PAM_IGNORE for OK or JUMP actions if using
  cached chain (Bug 629251 - t8m)
* pam_nologin: don't overwrite return value with return from
  pam_get_item (t8m)
* libpam: Add more checks for broken PAM configuration files to
  avoid seg.faults (kukuk)
* pam_shells: correct README
* libpam: Fix debug code (kukuk)
* pam_limits: Fix order of LIMITS_DEF_* priorities (kukuk)
* pam_xauth: preserve DISPLAY variable (Novell #66885 - kukuk)
* libpam: Add prelude ids (http://www.prelude-ids.org) support,
  as experimental. (toady)
* configure: Add the directory where new versions of cracklib is
  installed (from Jim Gifford - toady)
* libpamc: Use standard u_intX_t types instead of __uX (kukuk)

0.78: Do Nov 18 14:48:36 CET 2004

* pam_unix: change the order of trying password changes - local first,
  NIS second (t8m)
* pam_wheel: add option only_root to make it affect authentication
  to root account only
* pam_unix: test return values on renaming files and report error to
  syslog and to user
* pam_unix: forced password change shouldn't trump account expiration
* pam_unix: remove the use of openlog (from debian - toady)
* pam_unix: NIS cleanup (patch from Philippe Troin)
* pam_access: you can now authenticate an explicit user on an explicit
  tty (from debian - toady)
* pam_limits, pam_rhosts, pam_unix: fixed hurd portability issues
  (patch from Igor Khavkine)
* pam_env: added comments in the configuration file to avoid errors
  (from debian - toady)
* pam_mail: check PAM_NO_ENV to know if we can delete the environment
  variable (from debian - toady)
* pam_filter: s/termio/termios/g (from debian - toady)
* pam_mkhomedir: no maxpathlen required (from debian - toady)
* pam_limits: applied patch to allow explicit limits for root
  and remove limits on su. (from debian - toady)
* pam_unix: severe denial of service possible with this module since
  it locked too aggressively. Bug report and testing help from Sascha
  Loetz. (Bug 664290 - agmorgan)
* getlogin was spoofable: "/tmp/" and "/dev/" have the same number of
  characters, so 'ln /dev/tty /tmp/tty1 ; bash < /tmp/tty1 ; logname'
  attacks could potentially spoof pam_wheel with the 'trust' module
  argument into granting access to a luser. Also, pam_unix gave
  odd error messages in such a situation (logname != uid). This
  problem was found by David Endler of iDefense.com (Bug 667584 -
  agmorgan).
* added my new DSA public key to the pgp.keys.asc file. Also included
  a signed copy of my new public key (1024D/D41A6DF2) made with my old
  key (1024/2A398175).
* added "include" directive to config file syntax.
  The whole idea is to create few "systemwide" pam configs and include
  parts of them in application pam configs.
  (patch by "Dmitry V. Levin" <ldv@altlinux.org>) (Bug 812567 - baggins).
* doc/modules/pam_mkhomedir.sgml: Remove wrong debug options
  (Bug 591605 - kukuk)
* pam_unix: Call password checking helper whenever the password field
  contains only one character (Bug 1027903 - kukuk)
* libpam/pam_start.c: All service names should be files below /etc/pam.d
  and nothing else. Forbid paths. (Bug 1027912 - kukuk)
* pam_cracklib: Fix error in distance algorithm in the 0.9 pam_cracklib
  module (Bug 1010142 - toady)
* pam_userdb: applied patch from Paul Walmsley <paul@booyaka.com>
  it now indicates whether encrypted or plaintext passwords are stored
  in the database needed for pam_userdb (BerliOS - toady)
* pam_group: The module should also ignore PAM_REINITIALIZE_CRED to
  avoid spurious errors (from Linux distributors - kukuk)
* pam_cracklib: Clear the entire options structure (from Linux
  distributors - kukuk)
* pam_issue: We write a NUL to prompt_tmp[tot_size] later, so make sure
  that the destination is part of the allocated block, make do_prompt
  static (from Linux distributors - kukuk)
* ldconfig: Only run full ldconfig, if we don't install into a FAKEROOT
  environment, else let ldconfig only create the symlinks correct
  (from Linux distributors - kukuk)
* pam_unix/pam_pwdb: Use SIG_DFL instead of SIG_IGN for SIGCHLD
  (from Linux distributors - kukuk)
* Add most of Steve Grubb's resource leak and other fixes (from
  Linux distributors - kukuk)
* doc/Makefile: Don't include .cvsignore files in tar ball (kukuk)
* libpam_misc/misc_conv.c: Differentiate between Ctrl-D and
  <Return> (Bug 1032604 - kukuk)
* Make.Rules.in: Add targets for installing man pages for modules
  (from Linux distributors - kukuk)
* Add pam_xauth module (Bug 436440 - kukuk)
* Add pam_localuser module (Bug 436444 - kukuk)
* Add pam_succeed_if module (from Linux distributors - kukuk)
* configure.in: Fix check for libcrypt (Bug 417704 - kukuk)
* Add the "broken_shadow" argument to pam_unix, for ignoring errors
  reading shadow information (from Linux distributors - kukuk)
* Add patches to make PAM modules reentrant (Bug 440107 - kukuk)
* Merge patches from Red Hat (Bug 477000 and other - kukuk)
* Fix pam_rhosts option parsing (Bug 922648 - kukuk)
* Add $ISA support in config files (from Red Hat - kukuk)

0.77: Mon Sep 23 10:25:42 PDT 2002

* documentation support for pdf files was not quite right -
  installation was messed up.
* pam_wheel was too aggressive to grant access (in the case of the
  'deny' option you want to pay attention to 'trust'). Fix from
  Nalin (Bugs 476951, 476953 - agmorgan)
* account management support for: pam_shells, pam_listfile, pam_wheel
  and pam_securetty (+ static module fix for pam_nologin). Patch from
  redhat through Harald Welte (Bug 436435 - agmorgan).
* pam_wheel feature from Nalin - can use the module to provide wheel
  access to non-root accounts. Also from Nalin, a bugfix related to
  the primary group of the applicant is the 'wheel' group. (Bugs
  476980, 476941 - agmorgan)
* pam_unix and pam_pwdb: by default turn off the SIGCHLD handler while
  running the helper binary (patch from Nalin) added the "noreap"
  module argument to both of these modules to turn off this new
  default. Bugfix found by Silvan Minghetti for former module and
  521314 checkin. (Bugs 476963, 521314 - agmorgan).
* updated CHANGELOG and configure.in for 0.77 work.

0.76: Mon Jul  8 21:44:59 PDT 2002

* pam_unix: fix for legacy crypt() support when the password entered
  was long. (Bug 521314 - agmorgan).
* pam_access no longer include gethostname() prototype complaint from
  David Lee (Bug 415423 - agmorgan).
* make pam_nologin more secure by default, added two new module
  arguments etc. - acting on suggestion from Nico (Bug 419307 -
  agmorgan)
* link in libpam to libpam_misc - since the latter uses functions in
  the former it makes some sort of sense to do this (although, in the
  static library case, I remain to be convinced). (Bug 565470 -
  agmorgan).
* absorbed some of the proposed darwin (OS X) changes from Luke Howard
  (of PADL software) - hopefully will get the rest (see Rob Braun's
  534205) by 0.77 (Bug 491466 - agmorgan).
* README fix for pam_unix from Nalin (Bug 476971 - agmorgan).
* add support for building pdf files from the documentation - request
  from 'lolive' (Bug 471377 - agmorgan).
* documented the equivalent '[..]' expressions for "required"
  etc. Request from Ross Patterson (Bug 529078 - agmorgan).
* '[...]' parsing: document it and also fix it to support '\]' escape
  sequence. Feature request from Russell Kliese (Bug 517064 -
  agmorgan).
* pam_rootok: compilation warning noted by Tony den Haan wrt no
  prototype for strcmp() (Bug 557322 - agmorgan).
* documentation: (a few of mine in passing) and app documentation
  suggestions regarding PAM environment variables and module
  documentation changes regarding the conversation function from Jenn
  Vesperman (Bug 527821, 527965 - agmorgan)
* documentation: pam_time.sgml typo fixed, pam_motd exists now,
  correct Red Hat comment about config files (Bugs 554274, 554261,
  554182 - agmorgan)
* pam_limits: added '%' domain for maxlogins limiting, now '*' and @group
  have the old meaning (every) and '%' the new one (all)
  (Bug 533664 - baggins)
* pam_limits: put not so interesting log messages under debug arg
  (Bug 533668 - baggins)
* pam_access: added the 'fieldsep=' argument (Bug 547051 - agmorgan),
  made a PAM_RHOST of "" equivalent to NULL (Bug 547521 - agmorgan).
* pam_limits: keep well know behaviour of maxlogins default ('*') limit
  (Bug 533664 - baggins)
* pam_unix: more from Nalin log password changes (Bug 517743 - agmorgan)
* pam_limits: make it use the priority value specified in config
  (bug 530428 - baggins)
* pam_unix: removed broken code in password update code. Report from
  Len Lattanzi (Bug 507379 - agmorgan)
* pam_mkhomedir: recurse directories. Patch from Nalin (Bug 476981 -
  agmorgan)
* pam_limits can handle negative priority limits now (which can apply
  to the superuser too) - based on patch from Nalin. Also cleanup the
  error handling that was very sloppy before. Also, courtesy of Berend
  De Schouwe get the math right on login counting (Bug 476990, 476987,
  493294 - agmorgan)
* documentation: random typo fixes from Nalin and more stuff from me
  (Bug 476949, Tasks 43507, 17426 - agmorgan)
* A Tru64 fix (given other stuff has already resolved this, it
  actually just a comment actually) from 'Eddie'. (Bug 418450 -
  agmorgan)
* pam_handlers: BSD fix from Dag-Erling Smrgrav and Anton Berezin
  (Bug 486063 - agmorgan)
* added the dynamic/* directory to the distribution. If you go in
  there after building the rest of the tree, you'll make a pam.so
  object that can be used by something like a java runtime with
  dlopen. Its not very well tested - caveat emptor. (Bug 232194 -
  agmorgan)
* somehow pam_unix has started forcing the user prompt to be "login: ".
  This is entirely inapropriate as it overrides PAM_USER_PROMPT. (Bug
  486361 - agmorgan).
* added a static module helper library object includes a few changes
  to examples/xsh.c for testing purposes (added a simple shell wrapper
  for running xsh with the sandbox libraries), and also modified the
  pam_rhosts_auth module to use this new library. (Bug 490938, 409852
  - agmorgan).
* pam_unix: fix 'likeauth' to kill off the memory leak once and for all.
  (Bug 483959 - vorlon)
* pam_unix: restore handling of 'likeauth' argument to a known working
  state; prettify AUTH_RETURN macro; remove redundant argv checks in
  pam_sm_setcred() (Bugs 483959, 113596 - vorlon)
* pam_cracklib: another try at implementing similar() from Harald
  Welte and Nalin (Bugs 436053, 476957 - agmorgan)
* pam_access: default access.conf file contained a type (console
  instead of LOCAL) fix from Nalin (Bug 476934 - agmorgan)
* pam_unix: fixed bizarre memory leak pointed out by Fernando Trias
  (Bug 483959 - agmorgan)
* misc string comparison length checking changes from Nalin. Modules
  touched, pam_cracklib, pam_listfile, pam_unix, pam_wheel (Bug 476947 -
  agmorgan)
* pam_userdb: require that all of typed password matches that in
  database report and fix from Vladimir Pastukhov. (Bug 484252 - agmorgan)
* pam_malloc: revived malloc debugging code, now tied to
  --enable-memory-debug and added strdup() support (Bug 485454 - agmorgan)
* pam_tally: Nalin's fix for lastlog corruption (Bug 476985 - agmorgan)
* pam_rhosts: Nalin adds support for '+hostname', and zdd fix
  compilation warning. (Bug 476986 - agmorgan)
* pam_motd: Nalin fixed compiler warning. (Bug 476938 - agmorgan)
* pam_pwdb: Solar Designer pointed out that there was a problem with
  the compatibility support for md5 password hashing. (Bug 460717,
  476961 - agmorgan)
* pam_issue: Nalin found segfaulting problems if the PAM_USER_PROMPT
  is unset, found some similar problems with assumptions about
  realloc. (Bug 476983 - agmorgan)
* pam_env: 'weichangyang of hotmail' pointed out a wild string with no
  valid '\0' was leading to problems with sshd and suggested fix (Bug
  473034 - agmorgan)
* MANDIR cleanup. It defaults to /usr/share/man, but can be overridden
  using the --enable-mandir ./configure option, similarly for DOCDIR
  from Nalin (Bug 476940 - agmorgan)
* pam_filter cleanup (including moving the filter directory) Nalin
  and Harald Welte (Bugs 436057, 476970 - agmorgan)
* db3 is now recognized as a libdb candidate (Bug 435764 - agmorgan)
* more changes (extracted from redhat version) courtesy of
  Harald Welte (Bugs pam_limits=436061, pam_lastlog=436060,
  pam_mkhomedir/pam_env=435991 - agmorgan)
* fix for legacy behavior of pam_setcred and pam_close_session in
  the case that pam_authenticate and pam_open_session hadn't been
  called - bug report from Seongwan Park. (Bug 468724 - agmorgan)
* some BSD updates and fixes from Mark Murray - including a slightly
  more robust conversation function and some minimization of gcc
  warnings. (Bugs 449203,463984 - agmorgan)
* verified that the setcred stack didn't suffer from the bug I was
  nervous about, add a new module pam_debug to help me test this.
  fixed a libpam/pam_dispatch.c instrumentation line that I tripped
  over when testing. Also restructured pam_warn to help here (Bug
  424315 - agmorgan).
* pam_unix/support.c: sample use of reentrant NSS function.  Not yet active,
  because modules do not include _pam_aconf_h! (Bug 440107 - vorlon)
* doc/Makefile changes - use $(mandir) [courtesy Harald Welte] (Bug
  435760) and add some rules to make/delete the draft rfc I've been
  working on (Task 17426 - agmorgan)
* pam_modules.sgml: sourceforge has changed its CVS viewing software
  (Bug 460491 - agmorgan)
* pam_unix_passwd: got rid of an annoying warning (Bug 461089 - agmorgan)
* configure.in, _pam_aconf.h.in: set the stage for fully reentrant PAM
  modules, with some infrastructure to detect getxxbyxx_r() functions
  (Bug 440107 - vorlon)
* pam_unix: removed superfluous use of static variables in md5 and bigcrypt
  routines, bringing us a step closer to thread-safeness.  Eliminated
  some variable indirection along the way.  (Bug 440107 - vorlon)
* pam_tally: remove #include of stdlib.h, which isn't needed by anything
  found in this module.  Can be readded if we find a real need for it at
  a later date. (Bug 436432 - vorlon)
* pam_tally: added an #include (was it really needed?) and made the
  pam_tally app install (with more pretty printing and a corrected
  Makefile dependency) motivated by a (red hat diff) courtesy of Harald
  Welte (Bug 436432 - agmorgan)
* configure.in changes to help support non-Linux environments courtesy
  of Scott T. Emery (Bug 422563 - agmorgan)
* made a pam_cracklib enhancement to interpret -ve limits in a
  sensible fashion contributed by Werner Puschitz (Bug 413162 -
  agmorgan)
* another fix for the latest number of rlimits available to pam_limits
  (Bug 424060 - agmorgan)
* removed stale link from pam_pwdb documentation (Bug 433460 - agmorgan)
* pam_appl.sgml change - more discussion of choosing a service name
  (Bug 417512 - agmorgan)
* more specific linking requirements for -lndbm for pam_userdb - from
  David Lee (Bug 417339 - agmorgan)
* a large number of small changes to make AIX support better (Bug
  416229 - agmorgan)
* $(MAKE) instead of 'make' - from Scott T. Emery (Bug 422144 -
  agmorgan)
* c++ header fixes for pam_misc.h and pam_client.h - from Alexandre
  Sagala (Bug 420270 - agmorgan)
* pam_access fixes - looks out for trailing '.' - from Carlo Marcelo
  Arenas Belon (Bug 419631 - agmorgan)
* don't zero out password strings during pam_unix's password changing
  function (Bug 419803 - vorlon)
* propagate some definitions to the _pam_aconf.h file - from David Lee
  (Bug 415419 - agmorgan)
* solaris GCC OS_CFLAGS change from David Lee (Bug 415412 - agmorgan)
* added a comment to this CHANGELOG to explain why most of the bugids
  used below appear not to be known to sourceforge [try adding 100000
  to the bugid number.] (Bug 414943 - agmorgan)
* bumped version numbers and also added support for SONAME defines
  that appear not to have survived the great autoconf experiment (Bug
  414669 - agmorgan).

0.75: Sat Apr  7 23:10:50 PDT 2001

                          ** WARNING **

This release contains backwardly incompatible changes to
libpam. Prior versions were buggy - see bugfix for Bug 129775.

                          ** WARNING **

* made 0.75 release (Bug 414665 - agmorgan)
* pam_pwdb has been removed from the suggested pam.conf template. I've
  replaced it with pam_unix. (Bug 227565 - agmorgan)
* pam_limits - Richard M. Yumul reported that "<domain> -" didn't
  work, first fix suggested by Werner Puschitz (Bug 404953 - agmorgan)
* Nicolay Pelov suggested a simple fix for freebsd support (Bug 407282
  - agmorgan)
* Michel D'HOOGE submitted documentation fixes (Bug 408961 - agmorgan)
* fix for module linking directions (Bug 133545 - agmorgan)
* fix for glibc-2.2.2 compilation of pam_issue (Bug 133542 - agmorgan)
* fix pam_userdb to make and link both .o files it needs - converse()
  wasn't being linked! (Bug 132880 - agmorgan)
* added some sys-admin documentation for the pam_tally module (Bug
  126210 - agmorgan).
* added a link to module examples from the module writers doc (Bug
  131192 - agmorgan).
* fixed a small security hole (more of a user confusion issue) with
  the unix and pwdb password helper binaries. The beef is described in
  the bug report, but no uid change was possible so no-one should
  think they need to issue a security bulletin over this one! (Bug
  112540 - agmorgan)
* pam_lastlog needs to be linked with -lutil, also removed ambiguity
  from sysadmin guide regarding this module being a 'session' module
  (Bug 131549 - agmorgan).
* pam_cracklib needs to be linked with -lcrypt (old password checking)
  (Bug 131601 - agmorgan).
* fixes for static library builds and also the examples when linked
  with the debugging build of the libraries. (Bug 131783 - agmorgan)
* fixed URL for original RFC to a cached kernel.org file. (Bug 131503
  - agmorgan)
* quoted the $CRACKLIB_DICTPATH test in configure.in (Bug 130130 -
  agmorgan).
* improved handling of the setcred/close_session and update chauthtok
  stack. *Warning* This is a backwardly incompatable change, but 'more
  sane' than before. (Bug 129775 - agmorgan)
* bumped the version number, and added some code to assist in making
  documentation releases (Bug 129644 - agmorgan).

0.74: Sun Jan 21 22:36:08 PST 2001

* made 0.74 release (Bug 129642 - agmorgan)
* libpam - cleaned up a few non-static functions to be static and added
  support for libpam to enforce things like pam_[gs]et_data() and
  AUTHTOK rules for using the API. Also documented pam_[gs]et_item()
  a little better including return codes (Bugs 129027, 128576 -
  agmorgan).
* pam_access - fixed the non-default config file option (Bug 127561 -
  agmorgan)
* pam.8 manual page clarified with respect to the default location for
  finding modules, also added some text describing the [...] control
  syntax. (Bug 127625 - agmorgan)
* md5.h ia64 fixes for pam_unix and pam_pwdb (Bug 127700 - agmorgan)
* removed requirement for c++ from the configure{.in,} files (Bug
  128298 - agmorgan)
* removed subdirectories from man page redirections (124396 - baggins)
* per David Lee, fixed non-POSIX shell command in modules/pam_filter/Makefile
  (Bug 126440 - vorlon)
* modify format of pam_unix log messages to include service name
  (Bug 126423 - vorlon)
* prevent pam_unix from logging unknown usernames (Bug 126431 - vorlon)
* changed format of pam_unix 'authentication failure' log messages to make
  them clearer and more consistent (Bug 126036 - vorlon)
* improved portability of pam_unix by eliminating Linux-specific utmp
  defines in PAM_getlogin() (Bug 125704 - vorlon)
* removed static variables from pam_tally (Bug 117434 - agmorgan)
* added copyright message to pam_access module from original logdaemon
  sources (Bug 125022 - agmorgan)
* configure.in - removed the GCC -Wtraditional flag (Bug 124923 - agmorgan)
* pam_mail - use PAM_PATH_MAILDIR as the location of mail spool
  (Bug 124397 - baggins)
* _pam_aconf.h.in, configure.in - added PAM_PATH_MAILDIR set via
  --with-mailspool=dir option (default is _PAM_MAILDIR if defined
  in paths.h otherwise /var/spool/mail (Bug 124397 - baggins)
* removed unnecessary CVS Log tags from all over the source
  (Bug 124391 - baggins)
* pam_tally - check for PAM_TTY if PAM_RHOST is not set when writing
  to faillog (Bug 124394 - baggins)
* use O_NOFOLLOW if available when opening debug log (Bug 124385 - baggins)
* pam_cracklib - removed comments about pam_unix not working with
  pam_cracklib, added information about use_authtok parameter
  (Bug 124388 - baggins)
* pam_userdb - fixed wrong definition of struct pam_module (was pam_wheel)
  (Bug 124386 - baggins)
* fixed example/Makefile include path (Bug 124187, 127563(?) - agmorgan)
* pam_userdb compiles on RH5x. Also removed circular dependency on
  configure.in. Also bumped revision number to 0.74. (Bug 124136 -
  agmorgan)

0.73: Sat Dec  2 00:04:04 PST 2000

* updated documentaion revisions and added 'make release' support
  to the top level Makefile (Bug 124132 - agmorgan).
* documented Qmail support in pam_mail (Bug 109219 - baggins)
* add change_uid option to pam_limits, and set real uid only if
  this option is present (Bug 124062 - baggins)
* pam_limits - set real uid to the user for who we set limits.
  (Bug 123972 - baggins)
* removed static variables from pam_limits (thread safe now). (Bug
  117450 - agmorgan).
* removed static variable from pam_wheel (module should be thread safe
  now). (Bug 112906 - agmorgan)
* added support for '/' symbols in pam_time and pam_group config files
  (support for modern terminal devices). Fixed infinite loop problem
  with '\\[^\n]' in these files. (Bug 116076 - agmorgan)
* avoid potential SIGPIPE when writing to helper binaries with (Bug
  123399 - agmorgan)
* replaced bogus logic in the pam_cracklib module for determining if
  the replacement is too similar to the old password (Bug 115055 -
  agmorgan)
* added accessconf=<filename> feature to pam_access - request from
  Aldrin Martoq and Meelis Roos (Bugs 111927,117240 - agmorgan)
* fix for pam_limit module not dealing with all limits Adam J. Richter
  (Bug 119554 - agmorgan)
* comment fix describing fail_delay callback in _pam_types.h (Bug
  112646 - agmorgan)
* "likeauth" fix for pam_unix and pam_pwdb which (Bug 113596 - agmorgan)
* fix for pam_unix (support.c) to avoid segfault with NULL password
  (Bug 113238 - vorlon)
* fix to pam_unix_passwd: try repeatedly to get a lock on the password
  file, instead of failing immediately (Bug 108845 - fix vorlon)
* fix to pam_shells: logged information was not formatted correctly
  (extra comma) (Bug 111491 - fix vorlon)
* fix for C++ application support (Bug 111645 - fix agmorgan)
* fix for typo in pam_client.h (Bug 111648 - fix agmorgan)
* removal of -lpam from pam_mkhomedir Makefile (Bug 116380 - fix agmorgan)
* autoconf support [Task ID 15788, Bug ID 108297 - agmorgan with help!]
 - bugfix for libpamc.h include file [Bug ID 117476 - agmorgan]
 - bugfix for pam_filter.h inclusion [Bug ID 117474 - agmorgan]

0.72: Mon Dec 13 22:41:11 PST 1999

* patches from Debian (Ben Collins): pam_ftp supports event driven
  conversations now; pwdb_chkpwd cleanup; pam_warn static compile fix;
  user_db compiler warnings removed; debian defs file; pam_mail can
  now be used as a session module
* ndbm compilation option for user_db module (fix explained by Richard Khoo)
* pam_cracklib bug fix
* packaging fixes & build from scratch stuff (Konst Bulatnikov & Frodo
  Looijaard)
* -ldl appended to the libpam.so compilation make rule. (Charles Seeger)
* Red Hat security patch for pam_pwdb forwarded by Debian! (Ben
  Collins. Fix provided by Andrey as it caught the problem earlier in the
  code.)
* heuristic to prevent leaking filedescriptors to an agent. [This needs
  to be better supported perhaps by an additional libpamc API function?]
* pam_userdb segfault fix from (Ben Collins)
* PAM draft spec extras added at request of 'sen_ml'

0.71: Sun Nov  7 20:21:19 PST 1999

* added -lc to linker pass for pam_nologin module (glibc is weird).
* various header changes to lower the number of warnings on glibc
  systems (Dan Yefimov)
* merged a bunch of Debian fixes/patches/documentation (Ben Collins)
  things touched: libpam (minor); doc/modules/pam_unix.sgml; pam_env
  (plus docs); pam_mkhomedir (new module for new home directories on
  the fly...); pam_motd (new module); pam_limits (adjust to match
  docs); pam_issue (new module + doc) [Some of these were also
  submitted by Thorsten Kukuk]
* small hack to lower the number of warnings that pam_client.h was
  generating.
* debian and SuSE apparently can use the pam_ftp module, so
  removed the obsolete comment about this from the docs. (Thorsten
  Kukuk)

0.70: Fri Oct  8 22:05:30 PDT 1999

* bug fix for parsing of value=action tokens in libpam/pam_misc.c was
  segfaulting (Jan Rekorajski and independently Matthew Melvin)
* numerous fixes from Thorsten Kukuk (icluding much needed fixes for
  bitrot in modules and some documentation) that got included in SuSE 6.2.
* reentrancy issues in pam_unix and pam_cracklib resolved (Jan Rekorajski)
* added hosts_equiv_rootok module option to pam_rhosts module (Tim Berger)
* added comment about 'expose_account' module argument to admin and
  module writers' docs (request from Michael K Johnson).
* myriad of bug fixes for libpamc - library now built by default and
  works with the biomouse fingerprint scanner agent/module
  (distributed separately).

0.69: Sun Aug  1 20:25:37 PDT 1999

* c++ header #ifdef'ing for pam_appl.h (Tuomo Pyhala)
* added pam_userdb module (Cristian Gafton)
* minor documentation changes
* added in revised pam_client library (libpamc). Not installed by
  default yet, since the example agent/module combo is not very secure.
* glibc fixes (Thorsten Kukuk, Adam J. Richter)

0.68: Sun Jul  4 23:04:13 PDT 1999

* completely new pam_unix module from Jan Rekorajski and Stephen Langasek
* Jan Rekorajski pam_mail - support for Maildir format mailboxes
* Jan Rekorajski pam_cracklib - support for old password comparison
* Jan Rekorajski bug fix for pam_pwdb setcred reusing auth retval
* Andrey's pam_tally patch (lstat -> fstat)
* Robert Milkowski's additional pam_tally patches to **change format of
  /var/log/faillog** to one from shadow-utils, add new option "per_user"
  for pam_tally module, failure time logging, support for fail_line
  field, and support for fail_locktime field with new option
  no_lock_time.
* pam_tally: clean up the tally application too.
* Marcin Korzonek added process priority settings to pam_limits (bonus
  points for adding to documentation!)
* Andrey's pam_pwdb patch (cleanup + md5 endian fubar fix)
* more binary prompt preparations (make misc conv more compatible with spec)
* modified callback hook for fail delay to be more useful with event
  driven applications (changed function prototype - suspect no one
  will notice). Documented this in app developer guide.
* documentation for pam_access from Tim Berger
* syntax fixes for the documentation - a long time since I've built it :*(
  added some more names to the CREDITS file.

0.67: Sat Jun 19 14:01:24 PDT 1999

* [dropped libpam_client - libpamc will be in the next release and
   conforms to the developing spec in doc/specs/draft-morgan-pam.raw.
   Sorry if you are keeping a PAM tree in CVS. CVS is a pain for
   directories, but this directory was actually not referenced by
   anything so the disruption should be light.]
* updates to pam_tally from Tim
* multiple updates from Stephen Langasek to pam_unix
* pam_filter had some trouble compiling (bug report from Sridhar)
* pam_wheel now attempts to identify the wheel group for the local
  system instead of blindly assuming it is gid=0. In the case that
  there is no "wheel" group, we default to assuming gid=0 is what was
  meant - former behavior. (courtesy of Sridhar)
* NIS+ changes to pam_unix module from Dmitry O Panov
* hopefully, a fix for redefinition of LOG_AUTHPRIV (bug report Luke
  Kenneth Casson Leighton)
* fix for minor typo in pam_wheel documentation (Jacek Kopecky)
* slightly more explanation of the [x=y] pam.conf syntax in the sys
  admin guide.

0.66: Mon Dec 28 20:22:23 PST 1998 <morgan@linux.kernel.org>

* Started using cvs to keep track of changes to Linux-PAM.  This will
  likely break some of the automated building stuff (RPMs etc..).
* security bug fix to pam_unix and pam_tally from Andrey.
* modules make file is now more automatic.  It should be possible to
  unpack an external module in the modules directory and have it automatically
  added to the build process.  Also added a modules/download-all script
  that will make such downloading easier.  I'm happy to receive patches to
  this file, informing the distribution of places from which to enrich itself.
* removed pam_system_log stuff.  Thought about it long and hard: a
  bad idea.  If libc cannot guarantee a thread safe syslog, it needs
  to be fixed and compatibility with other PAM libraries was
  unnecessarily strained.
* SAG documentation changes: Seth Chaiklin
* rhosts: problems with NIS lookup failures with the root-uid check.
  As a work-around, I've partially eliminated the need for the lookup
  by supplying two new arguments: no_uid_check, superuser=<username>.
  As a general rule this is more pluggable, since this module might be
  used as an authentication scheme for a network service that does not
  need root privilege...
* authenticate retval -> setcred for pam_pwdb (likeauth arg).
* pam_pwdb event driven support
* non openlog pam_listfile logging
* BUGFIX: close filedescriptor in pam_group and pam_time (Emmanuel Galanos)
* Chris Adams' mailhash change for pam_mail module
* fixed malloc failure check in pam_handlers.c (follow up to comment
  by Brad M. Garcia).
* update to _pam_compat.h (Brad M. Garcia)
* support static modules in libpam again (Brad M. Garcia)
* libpam/pam_misc.c for egcs to grok the code (Brad M. Garcia)
* added a solaris-2.5.1 defs file (revived by Derrick J Brashear)
* pam_listfile logs failed attempts
* added a comment (Michael K Johnson pointed it out) about sgml2latex
  having a new syntax.  I'll make it the change real when I upgrade...
* a little more text to the RFC, spelling fix from William J Buffam.
* minor changes to pam_securetty to accommodate event driven support.

0.65: Sun Apr  5 22:29:09 PDT 1998 <morgan@linux.kernel.org>

* added event driven programming extensions to libpam
 - added PAM_INCOMPLETE handling to libpam/pam_dispatch.c
 - added PAM_CONV_AGAIN which is a new conversation response that
   should be mapped to PAM_INCOMPLETE by the module.
 - ensured that the pam_get_user() function can resume
 - changes to pam_strerror to accommodate above return codes
 - clean up _pam_former_state at pam_end()
 - ensured that former state is correctly initialized
 - added resumption tests to pam_authenticate(), pam_chauthtok()
 - added PAM_FAIL_DELAY item for pausing on failure

* improved _pam_macros.h so that macros can be used as single commands
  (Andrey)

* reimplemented logging to avoid bad interactions with libc.  Added
  new functions, pam_[,v]system_log() to libpam's API.  A programmer
  can check for this function's availablility by checking if
  HAVE_PAM_SYSTEM_LOG is #defined.

* removed the reduce conflict from pam_conv1 creation -- I can sleep
  again now. :^]

* made building of static and dynamic libpam separate.  This is
  towards making it possible to build both under Solaris (for Derrick)

* made USE_CRACKLIB a condition in unix module (Luke Kenneth Casson Leighton)

* automated (quiet) config installation (Andrey)

0.64: Thu Feb 19 23:30:24 PST 1998 Andrew Morgan <morgan@linux.kernel.org>

* miscellaneous patches for building under Solaris (Derrick J Brashear)

* removed STATIC support from a number of module Makefiles.  Notably,
  these modules are those that use libpwdb and caused difficulties
  satisfying the build process. (Please submit patches to fix this...;)

* reomved the union for binary packet conversations from
  (_pam_types.h).  This is now completely implemented in libpam_client.

* Andrey's patch for working environment variable handling in
  sh_secret module.

* made the libpam_misc conversation function a bit more flexible with
  respect to binary conversations.

* added top level define (DEBUG_REL) for compiling in the form of
  a debugging release.  I use this on a Red Hat 4.2 system with little
  chance of crashing the system as a whole.  (Andrey has another
  implementation of this -- with a spec file to match..)

0.63: Wed Jan 28 22:55:30 PST 1998 Andrew Morgan <morgan@linux.kernel.org>

* added libpam_client "convention" library.  This makes explicit the
  use of PAM_BINARY_PROMPT.  It is a first cut, so don't take it too
  seriously yet.  Comments/suggestions for improvements are very
  welcome.  Note, this library does not compile by default.  It will
  be enabled when it is judged stable.  The library comes with two
  module/agent pairs and can be used with ssh using a patch available
  from my pre-release directory [where you got this file.]

* backward compatibility patch for libpam/pam_handlers.c (PAM_IGNORE
  was working with neither "requistie" nor "required") and a DEBUG'ing
  compile time bug with pam_dispatch.c (Savochkin Andrey Vladimirovich)

* minor Makefile change from (Savochkin Andrey Vladimirovich)

* added pam_afsauth, pam_afspass, pam_restrict, and pam_syslog hooks
  (Derrick J Brashear)

* pam_access use of uname(2) problematic (security problem
  highlighted by Olaf Kirch).

* pam_listfile went a bit crazy reading group membersips (problem
  highlighted by Olaf Kirch and patched independently by Cristian
  Gafton and Savochkin Andrey Vladimirovich)

* compatibility hooks for solaris and hpux (Derrick J Brashear)

* 64 bit Linux/alpha bug fixed in pam_rhosts (Andrew D. Isaacson)

0.62: Wed Jan 14 14:10:55 PST 1998   Andrew Morgan <morgan@linux.kernel.org>

* Derrick J Brashear's patches: adds the HP stuff missed in the first
  patch; adds SunOS support; adds support for the Solaris native ld
  instead of requiring gnu ld.

* last line of .rhosts file need not contain a newline. (Bug reported by
  Thompson Freeman.)

0.61: Thu Jan  8 22:57:44 PST 1998  Andrew Morgan <morgan@linux.kernel.org>

* complete rewrite of the "control flag" logic.  Formerly, we were
  limited to four flags: requisite, required, sufficient, optional.
  We can now use these keywords _and_ a great deal more besides.
  The extra logic was inspired by Vipin Samar, a preliminary patch was
  written by Andy Berkheimer, but I "had some ideas of my own" and
  that's what I've actually included.  The basic idea is to allow the
  admin to custom build a control flag with a series of token=value
  pairs inside square brackets.  Eg., '[default=die success=ok]' which
  is pretty close to a synonym for 'requisite'.  I'll try to document it
  better in the sys-admin guide but I'm pretty sure it is a change for
  the better....  If what is in the sys-admin guide is not good enough
  for you, just take a look at the source for libpam ;^)

0.59: Thu Jan  8 22:27:22 PST 1998 Andrew Morgan <morgan@linux.kernel.org>

* better handling of empty lines in .rhosts file.  (Formerly, we asked
  the nameserver about them!) Fix from Hugh Daschbach.

* _broke_some_binary_compatibility_ with previous versions to become
  compliant with X/Open's XSSO spec.  Specifically, this has been
  by changing the prototype for pam_strerror().

* altered the convention for the conversation mechanism to agree
  with that of Sun.  (number of responses 'now=' number of messages
  with help from Cristian for finding a bug.. Cristian also found a
  nasty speradic segfault bug -- Thanks!)

* added NIS+ support to pam_unix_*

* fixed a "regular file checking" problem with the ~/.rhosts sanity
  check.  Added "privategroup" option to permit group write permission
  on the ~/.rhosts file in the case that the group owner has the same
  name as the authenticating user.  :*) "promiscuous" and "suppress"
  were not usable!

* added glibc compatibility to pam_rhosts_auth (protected __USE_MISC
  with #ifndef since my libc already defines it!).

* Security fix from Savochkin Andrey Vladimirovich with suggested
  modification from Olaf Seibert.

* preC contains mostly code clean-ups and a number of changes to
  _pam_macros.

0.58: whenever

* pam_getenvlist() has a more robust definition (XSSO) than was previously
  thought.  It would seem that we no longer need pam_misc_copy_env()
  which was there to provide the robustness that pam_getenvlist()
  lacked before...

  Accordingly, I have REMOVED the prototype from libpam_misc. (The
  function, however, will remain in the library as a wrapper for
  legacy apps, but will likely be removed from libpam_misc-1.0.) PLEASE
  FIX YOUR APPS *BEFORE* WE GET THERE!

* Alexy Nogin reported garbage output from pam_env in the case of
  a non-existent environment variable.

* 'fixed' pwdb compilation for pam_wheel.  Not very cleanly
  done.. Mmmm. Should really clean up the entire source tree...

* added prototypes for mapping functions

			<**WARNING**>

  various constants have had there names changed.  Numerical values have
  been retained but be aware some source old modules/applications will
  need to be fixed before recompilation.

			</**WARNING**>

* appended documentation to README for pam_rhosts module (Nicolai
  Langfeldt).

* verified X/Open compatibility of header files - note, where we differ
  it is at the level of compilation warnings and the use of 'const char *'
  instead of 'char *'.  Previously, Sun(X/open) have revised their spec
  to be more 'const'-ervative in the light of comments from Linux-PAM
  development.

* Ooops! PAM_AUTHTOKEN_REQD should have been PAM_NEW_AUTHTOK_REQD.

	changed: pam_pwdb(pam_unix_acct) (also bug fix for
	_shadow_acct_mgmt_exp() return value), pam_stress,
	libpam/pam_dispatch, blank, xsh.

* New: PAM_AUTHTOK_EXPIRED - password has expired.

* Ooops! PAM_CRED_ESTABLISH (etc.) should have been PAM_ESTABLISH_CRED
  etc... (changed - this may break some people's modules - PLEASE TAKE
  NOTE!)
	changed: pam_group, pam_mail, blank, xsh; module and appl
	docs, pam_setcred manual page.

* renamed internal _pam_handle structure to be pam_handle as per XSSO.

* added PAM_RADIO_TYPE  (for multiple choice input method).  Also
  added PAM_BINARY_{MSG,PROMPT} (for interaction out of sight of user
  - this could be used for RSA type authentication but is currently
  just there for experimental purposes).  The _BINARY_ types are now
  usable with hooks in the libpam_misc conversation function. Still
  have to add PAM_RADIO_TYPE.

* added pam_access module (Alexei Nogin)

* added documentation for pam_lastlog.  Also modified the module to
  not (by default) print "welcome to your new account" when it cannot
  find a utmp entry for the user (you can turn this on with the
  "never" argument).

* small correction to the pam_fail_delay manual page.  Either the appl or
  the modules header file will prototype this function.

* added "bigcrypt" (DEC's C2) algorithm(0) to pam_pwdb. (Andy Phillips)

* *BSD tweaking for various #include's etc. (pam_lastlog, pam_rhosts,
  pam_wheel, libpam/pam_handlers). (Michael Smith)

* added configuration directory $SCONFIGED for module specific
  configuration files.

* added two new "linked" man pages (pam.conf(8) and pam.d(8))

* included a reasonable default for /etc/pam.conf (which can be
  translated to /etc/pam.d/* files with the pam_conv1 binary)

* fixed the names of the new configuration files in
   conf/pam_conv1/pam_conv.y

* fixed make check.

* pam_lastlog fixed to handle UID in virgin part of /var/log/lastlog
  (bug report from Ronald Wahl).

* grammar fix in pam_cracklib

* segfault avoided in pam_pwdb (getting user). Updating of passwords
  that are directed to a "new" database are more robust now (bug noted
  by Michael K. Johnson).  Added "unix" module argument for migrating
  passwords from another database to /etc/passwd. (documentation
  updated).  Removed "bad username []" warning for empty passwords -
  on again if you supply the 'debug' module argument.

* ctrl-D respected in conversation function (libpam_misc)

* Removed -DPAM_FAIL_DELAY_ON from top-level Makefile. Nothing in
  the distribution uses it.  I guess this change happened a while
  back, basically I'm trying to make the module parts of the
  distribution "source compatible" with the RFC definition of PAM.
  This implementation of PAM is a superset of that definition. I have
  added the following symbols to the Linux-PAM header files:

	PAM_DATA_SILENT (see _pam_types.h)
	HAVE_PAM_FAIL_DELAY (see _pam_types.h)
	PAM_DATA_REPLACE (see _pam_modules.h)

  Any module (or application) that wants to utilize these features,
  should check (#ifdef) for these tokens before using the associated
  functionality.  (Credit to Michael K. Johnson for pointing out my
  earlier omission: not documenting this change :*)

* first stab at making modules more independent of full library
  source.  Modules converted:
	pam_deny
	pam_permit
	pam_lastlog
	pam_pwdb

* pam_env.c: #include <errno.h> added to ease GNU libc use. (Michael
  K. Johnson)

* pam_unix_passwd fixes to shadow aging code (Eliot Frank)

* added README for pam_tally

0.57: Fri Apr  4 23:00:45 PST 1997  Andrew Morgan <morgan@parc.power.net>

* added "nodelay" argument to pam_pwdb.  This can be used to turn off
  the call to pam_fail_delay that takes effect when the user fails to
  authenticate themself.

* added "suppress" argument to pam_rhosts_auth module. This will stop
  printing the "rlogin failure message" when the user does not have a
  .rhosts file.

* Extra fixes for FAKEROOT in Makefiles (Savochkin Andrey
  Vladimirovich)

* pam_tally added to tree courtesy of Tim Baverstock

* pam_rhosts_auth was failing to read NFS mounted .rhosts
  files. (Fixed by Peter Allgeyer). Refixed and further enhanced
  (netgroups) by Nicolai Langfeldt. [Credit also to G.Wilford for some
  changes that were not actually included..]

* optional (#ifdef PAM_READ_BOTH_CONFS) support for parsing of pam.d/
  AND pam.conf files (Elliot Lee).

* Added (and signed) Cristian's PGP key. (I've never met him, but I am
  convinced the key belongs to the guy that is making the PAM rpms and
  also producing libpwdb. Please note, I will not be signing anyone
  else's key without a personal introduction..)

* fixed erroneous syslog warning in pam_listfile (Savochkin Andrey
  Vladimirovich, whole file reformatted by Cristian)

* modified pam_securetty to return PAM_IGNORE in the case that the user's
  name is not known to the system (was previously, PAM_USER_UNKNOWN). The
[--snip--]
