diff options
Diffstat (limited to 'debian/NEWS')
-rw-r--r-- | debian/NEWS | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/debian/NEWS b/debian/NEWS new file mode 100644 index 0000000..c6c4f7f --- /dev/null +++ b/debian/NEWS @@ -0,0 +1,85 @@ +pam (1.1.2-1) unstable; urgency=low + + * Name of option for minimum Unix password length has changed + + The Debian-specific 'min=n' option to pam_unix for specifying minimum + lengths for new passwords has been replaced by a new upstream option + called 'minlen=n'. If you are using 'min=n' in + /etc/pam.d/common-password, this will be migrated to the new option name + for you on upgrade. If you have configured pam_unix password changing + elsewhere on your system, such as in a PAM profile under + /usr/share/pam-configs or in other files in /etc/pam.d, you will need to + update them by hand for this change. + + -- Steve Langasek <vorlon@debian.org> Tue, 31 Aug 2010 23:09:30 -0700 + +pam (1.1.0-3) unstable; urgency=low + + * pam_rhosts_auth module obsolete, symlink removed + + The pam_rhosts_auth module was dropped upstream prior to the lenny + release and a compatibility symlink provided in the libpam-modules + package, pointing at the new (and not 100% compatible) pam_rhosts + module. This symlink has now been dropped. If you still have + references to pam_rhosts_auth in your /etc/pam.d/* config files, you + will need to fix these, since they no longer work. + + For information on using pam_rhosts, see the pam_rhosts(8) manpage. + + -- Steve Langasek <vorlon@debian.org> Wed, 02 Sep 2009 16:17:16 -0700 + +pam (1.1.0-1) unstable; urgency=low + + * pam_cracklib no longer checks for reuse of old passwords + + The pam_cracklib module no longer checks /etc/security/opasswd to see + if the proposed password is one that was previously used. This + functionality has been split out into a new module, pam_pwhistory. + + The pam_unix module still does its own check of /etc/security/opasswd, + so if you are using this module you should not need to change anything. + + * Change in handling of /etc/shadow fields + + The Debian PAM package included a patch to treat a value of 0 in certain + fields in /etc/shadow as the same as an empty field. This patch has + been dropped, since it caused the behavior of pam_unix to differ from + both that of PAM upstream and that of the shadow package. + + The main consequences of this change are that: + + - a "0" in the sp_expire field will be treated as a date of Jan 1, 1970 + instead of a "never expires" value, so users with this set will be + unable to log in + + - a "0" in the sp_inact field will indicate that the user should not be + allowed to change an expired password at all, instead of being allowed + to change an expired at any time after the expiry. + + See Debian bug #308229 for more information about this change. + + -- Steve Langasek <vorlon@debian.org> Tue, 25 Aug 2009 00:13:57 -0700 + +pam (0.99.7.1-5) unstable; urgency=low + + * Default Unix minimum password length has changed + + Previous versions of pam_unix on Debian had a built-in minimum password + length of 1 character, and a minimum password length configured in + /etc/pam.d/common-password of 4 characters. This differed from the + upstream default of 6 characters. This has been changed, so the + default /etc/pam.d/common-password no longer overrides the compile-time + default and the compile-time default has been raised to 6 characters. + If you are using pam_unix but are not using the default + /etc/pam.d/common-password file, it is recommended that you drop any + min= options to pam_unix from your config unless you have stronger + local password requirements that the upstream default. + + The password length 'max' option has also been deprecated in this + version because it was never written to work as suggested in the + documentation. If you are using pam_unix but are not using the default + /etc/pam.d/common-password file, you should remove any old max= options + to pam_unix from your config as this option will be considered an error + in future versions of pam. + + -- Steve Langasek <vorlon@debian.org> Sat, 01 Sep 2007 21:27:11 -0700 |