  231 Russ Allbery	2007-12-28
      Release 3.10.

  230 Russ Allbery	2007-12-25
      Update build support files to the latest versions.

  229 Russ Allbery	2007-12-25
      Rename COPYRIGHT to LICENSE and switch to the more complete format that
      I'm using for other packages.  Add explicit copyright headers to all
      files and a reference to LICENSE for licensing information.

  228 Russ Allbery	2007-12-25
      Add additional portability glue and Autoconf probes to support
      building against the version of Kerberos bundled with AIX.  Support
      for this should be considered alpha in this release.  Thanks to Markus
      Moeller for the initial patch.

  227 Russ Allbery	2007-12-25
      Move Autoconf supporting files into build-aux.

  226 Russ Allbery	2007-12-25
      Define _ALL_SOURCE on AIX to get prototypes for snprintf.

  225 Russ Allbery	2007-12-25
      When keytab is set, properly handle failure to create a keytab cursor
      and don't assume that the cursor is valid.  Thanks, Markus Moeller.

  224 Russ Allbery	2007-12-03
      The workaround for krb5_get_init_creds_opt_alloc problems in MIT
      Kerberos 1.6 broke PKINIT support with Heimdal.  Only apply that
      workaround when building against the MIT Kerberos libraries.  Thanks
      to Jaakko Pero for the detailed report.

  223 Russ Allbery	2007-12-03
      If no_ccache is set, always exit successfully from pam_setcred or
      pam_open_session, even if we couldn't retrieve module data.  Thanks,
      Markus Moeller.

  222 Russ Allbery	2007-11-12
      Release 3.9.

  221 Russ Allbery	2007-11-11
      Add a new clear_on_fail option for the password group.  If set, when a
      password change fails, set PAM_AUTHTOK to NULL so that subsequent
      modules in the PAM stack with use_authtok set will also fail.  Just
      returning failure doesn't abort the stack on the second pass when
      actual password changes are made.  This is not the default since it
      interferes with other desirable PAM configurations.  It's useful
      primarily when using the PAM stack to synchronize passwords between
      multiple environments.  Thanks to Christian Holler and Tomas Mraz for
      the analysis.
      
      Revert earlier documentation of the limitation of the password stack,
      since this documentation supersedes it.

  220 Russ Allbery	2007-11-10
      Add a new debugging section to the README.

  219 Russ Allbery	2007-11-10
      Fix parsing of the keytab PAM option.  Thanks, Markus Moeller.

  218 Russ Allbery	2007-11-10
      Fix portability issues with Heimdal, versions of PAM that don't
      provide pam_modutil_getpwnam, and compiler warnings when building
      PKINIT support.  Thanks, Martin von Gagern.

  217 Russ Allbery	2007-11-10
      Return PAM_AUTHINFO_UNAVAIL instead of PAM_AUTH_ERR when unable to
      resolve the Kerberos realm.  Thanks, Frank Cornelissen.

  216 Russ Allbery	2007-10-14
      Document the PAM limitation that causes the password PAM stack to
      continue even if pam_krb5 is marked requisite and fails due to KDC
      password strength restrictions or network failure.  Thanks, Christian
      Holler and Tomas Mraz.

  215 Russ Allbery	2007-10-14
      If use_authtok is set, fail even if we can retrieve the stored PAM
      password if that password is set to NULL.  Apparently that can happen
      in some cases, such as with pam_cracklib.  Thanks to Christian Holler
      for the diagnosis and a patch.

  214 Russ Allbery	2007-09-30
      Release 3.8.

  213 Russ Allbery	2007-09-30
      Various updates and minor improvements to the README.

  212 Russ Allbery	2007-09-30
      Add a make warnings target with aggressive gcc warning options.  Treat
      negative minimum UIDs as zero so that UID comparisons can always be
      done unsigned.  Add casts and unused attributes as needed.

  211 Russ Allbery	2007-09-30
      krb5_get_init_creds_opt_alloc doesn't initialize the returned
      structure with the default flags in MIT Kerberos 1.6, which meant that
      users with expired passwords were not being prompted to change their
      password but just rejected.  Fixed by always calling _init before
      setting the credential flags, regardless of the provenance of the opt
      structure.  Thanks, Michael Richters.

  210 Russ Allbery	2007-09-30
      Fix configure and Makefile glue so that Mac OS X and HP-UX have a
      chance of working (still untested).

  209 Russ Allbery	2007-09-29
      Don't store PAM data unless we're saving a ticket cache.  All other
      calls use it for is to find the ticket cache, so without a cache it's
      pointless and means we run the risk of stomping on ourselves in
      multithreaded programs.
      
      Still canonicalize the PAM user before returning when not saving a
      ticket cache.
      
      Use pam_krb5 instead of ctx for our PAM data name to reduce the
      chances of collision.

  208 Russ Allbery	2007-09-29
      Release 3.7.

  207 Russ Allbery	2007-09-29
      Don't link against the PAM library twice.

  206 Russ Allbery	2007-09-29
      Use pam_modutil_getpwnam instead of getpwnam if available for better
      thread safety.

  205 Russ Allbery	2007-09-29
      If given an explicit keytab path to use for credential verification,
      use the first principal found in that keytab as the principal for
      verification rather than the library default (which is normally the
      host/* principal for the local system and may not be found in that
      keytab).

  204 Russ Allbery	2007-09-29
      Fix determination of linker flags on non-x86_64 Linux.  Always link
      with -fPIC when using GCC, just in case.
      
      Add compilation options for Mac OS X and HP-UX (untested).

  203 Russ Allbery	2007-09-29
      When authenticating, don't store our context data until after
      authentication has succeeded.  Otherwise, we may destroy the ticket
      cache of a previous successful authentication.  This bug would only
      affect configurations where pam_krb5 was run multiple times with
      different settings, such as multiple realms.  Thanks to Dave Botsch
      for the report.

  202 Russ Allbery	2007-09-19
      Add back in the to-do item for supporting setting the principal for
      keytab verification.

  201 Russ Allbery	2007-09-18
      Remove duplicate entries of a feature fixed in the previous version.

  200 Russ Allbery	2007-09-18
      Remove a stray tab.

  199 Russ Allbery	2007-09-18
      Release 3.6.

  198 Russ Allbery	2007-09-18
      Add additional credits for the most recent set of changes.

  197 Russ Allbery	2007-09-17
      Change lib to lib64 on x86_64 Linux to allow for the magical $ISA
      parameter in Red Hat's PAM configuration.  Hopefully this won't cause
      problems elsewhere.

  196 Russ Allbery	2007-09-17
      Add a prompt_principal option which, if set, causes the PAM module to
      prompt the user for the Kerberos principal to use for authentication
      before prompting for the password.

  195 Russ Allbery	2007-09-17
      Explicitly clear the forwardable and proxiable options and don't ask
      for renewable tickets when getting a ticket for the password changing
      service.  Otherwise, system-wide defaults and PAM configuration will
      apply to those tickets as well and the resulting ticket request may be
      rejected based on KDC configuration.

  194 Russ Allbery	2007-09-17
      Fix word choice in the last change.

  193 Russ Allbery	2007-09-17
      Document that username canonicalization won't work with unmodified
      OpenSSH and with several common PAM modules.

  192 Russ Allbery	2007-09-17
      We have to do account canonicalization after we've determined the
      authentication principal, so we can't do it at context creation
      time.

  191 Russ Allbery	2007-09-17
      Do username canonicalization immediately so that .k5login checking and
      similar work uses the correct username but only change the PAM
      username if authentication succeeds.

  190 Russ Allbery	2007-09-17
      When the local user doesn't exist and search_k5login is enabled, fall
      back to simple Kerberos authentication just as if the account existed
      with no .k5login file.  This avoids trying to verify an all-zero
      credentials structure, leading to non-expoloitable segfaults on x86_64
      systems.  Be more careful in general about setting error codes in the
      search_k5login implementation.

  189 Russ Allbery	2007-06-01
      Need to add an option to specify the principal to use for verification
      of authentication.

  188 Russ Allbery	2007-04-23
      Missed one additional PAM_CONST.

  187 Russ Allbery	2007-04-23
      Try to determine whether the PAM headers use const in the prototypes
      of such things as pam_get_item and adjust accordingly.  This should
      address most compiler warnings on Solaris.  Thanks, Markus Moeller.

  186 Russ Allbery	2007-04-11
      Support DESTDIR for make install.

  185 Russ Allbery	2007-04-10
      Release 3.5.

  184 Russ Allbery	2007-04-10
      Map more Kerberos status codes to PAM status codes for authentication
      errors.

  183 Russ Allbery	2007-04-09
      When logging session deletion via pam_setcred or pam_close_session,
      don't look for the username in the PAM context after it's been freed.
      Thanks, Markus Moeller.

  182 Russ Allbery	2007-03-18
      Document that ChallengeResponseAuthentication is necessary for password
      change with OpenSSH.  Add the note about master_kdc in the README to the
      CAVEATS section of the man page as well.

  181 Russ Allbery	2007-03-05
      Another variable needs initialization as a side effect of the last
      change.

  180 Russ Allbery	2007-03-05
      Don't try to chown non-FILE ticket caches, which among other things
      breaks using pam-krb5 with Heimdal KCM caches.  Thanks, Jeremy
      Jackson.

  179 Russ Allbery	2007-01-28
      Release 3.4.

  178 Russ Allbery	2007-01-25
      Remove some stray duplicate code in compat-heimdal.c.

  177 Russ Allbery	2007-01-25
      Clean up a few more compiler warnings that showed up with Heimdal.

  176 Russ Allbery	2007-01-25
      Handle a NULL return from krb5_get_error_message, since that seems
      possible in some edge cases.
      
      Call krb5_get_error_message on Heimdal as well if it's available,
      since it's supported by the 0.8 release candidates.

  175 Russ Allbery	2007-01-25
      Never call error_message directly on Heimdal.  krb5_get_err_text can
      cope with a NULL context and krb5-config on Heimdal doesn't include
      -lcom_err.

  174 Russ Allbery	2007-01-25
      Spell krb5_get_init_creds_opt_set_pkinit correctly in the Autoconf
      probe.

  173 Russ Allbery	2007-01-25
      More compilation fixes for Heimdal 0.7, which has a pkinit function
      but takes a different number of arguments.  Thanks, Morgan LEFIEUX.

  172 Russ Allbery	2007-01-25
      Include stdlib.h in api-account.c for free().

  171 Russ Allbery	2007-01-24
      Release 3.3.

  170 Russ Allbery	2007-01-24
      Add support for the preauth_opt option to set arbitrary preauth
      options for the MIT Kerberos plugin support.  Add some more TODO
      list entries for the coding mess in options.c I need to clean up.

  169 Russ Allbery	2007-01-24
      Document MIT Kerberos's requirement for setting master_kdc.

  168 Russ Allbery	2007-01-24
      Revert the krb5_get_init_creds_opt_set_change_password change.  This
      wasn't the problem; the default is still to prompt.  The problem was
      probably a missing master_kdc configuration entry.

  167 Russ Allbery	2007-01-24
      Support the new MIT Kerberos error message functions.

  166 Russ Allbery	2007-01-24
      Fix compilation errors with Heimdal 0.7, which has some of the PKINIT
      functions but doesn't define the same error codes.  Thanks, Morgan
      LEFIEUX.

  165 Russ Allbery	2007-01-19
      Initial support for the MIT Kerberos PKINIT branch, which uses a
      different mechanism for configuring PKINIT support than Heimdal.
      Thanks to Douglas E. Engert for the initial patch.
      
      If use_pkinit is set in the PAM configuration and PKINIT isn't
      available or cannot be forced, always fail authentication.

  164 Russ Allbery	2007-01-19
      Fix compilation errors in the Heimdal PKINIT support and don't be
      confused by a similar function in the MIT Kerberos PKINIT branch.
      Thanks to Douglas E. Engert for the testing and patch.

  163 Russ Allbery	2007-01-19
      Enable prompting for a new password if the password is expired with
      MIT Kerberos 1.5 and later.  (This is the default behavior in earlier
      versions of MIT Kerberos.)  Thanks to Jacob Williams for the report.

  162 Russ Allbery	2007-01-16
      Release 3.2.

  161 Russ Allbery	2007-01-16
      Prefix the default cache path with "FILE:" to make the cache type
      explicit.

  160 Russ Allbery	2007-01-16
      Change debugging messages from cache_init_from_cache to show the
      Kerberos function call.

  159 Russ Allbery	2007-01-16
      We weren't really using stack-allocated memory for krb5_creds.
      There was a structure copy involved.  We were just being sloppy
      about allocated memory cleanup.  Adjust the NEWS entry accordingly.

  158 Russ Allbery	2007-01-16
      Add a debugging message when authorization checks fail.

  157 Russ Allbery	2007-01-15
      Kerberos authentication was storing initial credentials in a
      stack-allocated structure and then referring to it after exit from
      that stack frame.  This accidentally worked in practice but could have
      broken at any moment.  Rewrite the code to drop the credlist data
      structure (since we only ever have one set of credentials), allocate
      new krb5_creds objects, and do proper memory management.
      
      Probe for the correct Heimdal function to set default initial
      credential options.
      
      Fix several compilation errors with the PKINIT support with Heimdal
      0.8rc1 or later.  This code should still be considered alpha-quality.

  156 Russ Allbery	2007-01-14
      Fix installation of the manual page when building from a different
      directory than the source directory.  Thanks, Douglas E. Engert.

  155 Russ Allbery	2007-01-04
      Add to TODO prompting for a Kerberos principal.

  154 Russ Allbery	2007-01-03
      Release 3.1.

  153 Russ Allbery	2006-12-28
      Move the check for users we should ignore to pam_sm_authenticate 
      from pamk5_password_auth so that it's consistently done in the API
      function.  This also avoids bogus log messages when authenticating as
      an ignored user with debug enabled.

  152 Russ Allbery	2006-12-19
      Fix the retval handling when returning from password authentication
      properly.

  151 Russ Allbery	2006-12-19
      Fix an infinite loop with failed Kerberos authentication and a doubled
      colon that causes a syntax error with some compilers.  Thanks, Markus
      Moeller.

  150 Russ Allbery	2006-12-18
      Release 3.0.

  149 Russ Allbery	2006-12-18
      Note in README that configuration options can be put in krb5.conf.

  148 Russ Allbery	2006-12-15
      Add a pointer to my AFS PAM module in README.

  147 Russ Allbery	2006-12-15
      Note the refactoring work in NEWS.

  146 Russ Allbery	2006-12-15
      Add the banner and expose_account configuration options, which control
      the prompts for authentication and password changing.  Provide more
      informative prompts when changing passwords.

  145 Russ Allbery	2006-12-15
      Support a ticket_lifetime configuration option to set the lifetime of
      obtained credentials.

  144 Russ Allbery	2006-12-15
      Support a keytab configuration option to use a different keytab for
      initial credential validation.

  143 Russ Allbery	2006-12-15
      If PAM_USER is set to a fully-qualified principal that the Kerberos
      library can map to a local account name, reset PAM_USER to that local
      account name after authentication.

  142 Russ Allbery	2006-12-15
      Rename the compat_*.c files to change underscore to hyphen.  Remove
      a duplicate dependency rule in the Makefile.

  141 Russ Allbery	2006-12-15
      Rename all the pam_krb5_*.c source files to api-*.c, which is a bit
      easier on tab completion and looks better.  Add better introductory
      comments.

  140 Russ Allbery	2006-12-15
      Add better introductory file comments.

  139 Russ Allbery	2006-12-15
      Break the authentication functions out into their own file and
      leave support.c only for general utility functions.

  138 Russ Allbery	2006-12-15
      Clean up the return status of the credlist functions.  Those that
      don't return void now return krb5_error_code.  pamk5_ccache_init is
      now a private function of the authentication group and calls a new
      credlist function to store a credlist into a ticket cache.

  137 Russ Allbery	2006-12-15
      Honor PAM_SILENT when the Kerberos library prompts for more
      information, passing to the application only prompts.
      
      Avoid memory leaks in the Kerberos prompter by freeing the PAM
      response strings.  We were already doing this elsewhere and the world
      didn't end, so assume that it's safe for the PAM module to do this.
      Also avoid memory leaks in some unusual error conditions.
      
      Use service rather than in_tkt_service in the rest of the credential
      functions.

  136 Russ Allbery	2006-12-15
      Store the PAM handle in args, not ctx.  Store a pointer to ctx in
      args.  Then take advantage of that by only passing around args and
      not ctx.
      
      Modify the credlist functions to not take args or ctx and to always
      take a credlist ** as their first argument.
      
      Don't log erroneous principal names when we're using search_k5login.

  135 Russ Allbery	2006-12-15
      Do credential verification for the PKINIT case as well.

  134 Russ Allbery	2006-12-15
      Rename pamk5_validate_auth to pamk5_authorized.  This function does
      the krb5_kuserok authorization check, so that's a more accurate name.

  133 Russ Allbery	2006-12-15
      Don't say that we're initializing the ticket cache when we're
      refreshing it.

  132 Russ Allbery	2006-12-15
      Make pamk5_prompt more generic, rename it to pamk5_conv, and move
      it to prompting.c.  Use it for informational and error messages as
      well and eliminate the duplicate function in pam_krb5_pass.c.  Note
      that the Kerberos prompter function currently doesn't honor
      PAM_SILENT.

  131 Russ Allbery	2006-12-15
      Rename pam_krb5.h to internal.h.

  130 Russ Allbery	2006-12-15
      Add preliminary PKINIT support, contributed by Douglas E. Engert.
      I reorganized and refactored the code extensively and it therefore may
      not compile; until it has received more testing, it should be
      considered alpha-quality.  Currently, PKINIT support requires Heimdal
      0.8rc1 or later.

  129 Russ Allbery	2006-12-15
      Return unknown user rather than internal error when attempting
      authentication of a user we're supposed to ignore.

  128 Russ Allbery	2006-12-14
      Document the broken behavior of old versions of OpenSSH, which tell
      PAM to refresh credentials rather than opening a session.  Thanks,
      Michael C. Garrison.
      
      Add a link to the distribution page to the pam-krb5 man page.

  127 Russ Allbery	2006-12-14
      Work around a bug in MIT Kerberos prior to 1.4 causing the library to
      cache the default realm and assume a particular realm even if the
      default realm is later changed.  This bug prevented running two
      instances of pam-krb5 with different realm settings in the same PAM
      stack.  Thanks, Dave Botsch.
      
      When debug is enabled, report the principal for which we're attempting
      authentication to help catch realm configuration errors.

  126 Russ Allbery	2006-12-08
      Add additional documentation for PAM configuration on Solaris.

  125 Russ Allbery	2006-11-28
      We need to retrieve the PAM user into a temporary pointer and then
      strdup it in the account management code as well.

  124 Russ Allbery	2006-11-28
      Release 2.6.

  123 Russ Allbery	2006-11-27
      Update the current porting status and add documentation for Solaris.

  122 Russ Allbery	2006-11-27
      Use __func__ instead of __FUNCTION__ and provide a fallback for older
      versions of gcc and for systems that support neither.  Should fix
      compilation issues with Sun's C compiler.

  121 Russ Allbery	2006-11-27
      Make the PAM module non-executable.

  120 Russ Allbery	2006-11-27
      Pass -shared only to gcc.  Report an error for non-gcc compilers on
      platforms other than Solaris, since we don't know how to create PIC
      code or shared objects there.

  119 Russ Allbery	2006-11-27
      Cast uid_t to int before using it with a %d printf format.

  118 Russ Allbery	2006-11-27
      Solaris requires security/pam_appl.h always be included before
      security/pam_modules.h.

  117 Russ Allbery	2006-11-27
      We now get the PIC flag from configure, so don't add it here.

  116 Russ Allbery	2006-11-27
      On platforms where we know the appropriate compiler flags, try to
      build the module so that symbols are resolved within the module in
      preference to any externally available symbols.  Also add the
      hopefully correct compiler flags for Sun's C compiler.

  115 Russ Allbery	2006-11-27
      Add dependency information.

  114 Russ Allbery	2006-11-27
      Don't assume the pointer set by pam_get_user is usable over the life
      of the PAM module; instead, save a local copy.

  113 Russ Allbery	2006-11-17
      Don't obtain and carry around the PAM service.  We don't actually use
      it now that we're using krb5_verify_init_creds instead of rolling it
      ourself.

  112 Russ Allbery	2006-11-17
      Don't ask krb5_verify_init_creds to create a new ticket cache for
      us, since we just throw it away.  There still seems to be a memory
      leak somewhere here, but this is at least more correct.

  111 Russ Allbery	2006-11-17
      Fix an incorrect comment for pamk5_credlist_copy.

  110 Russ Allbery	2006-11-17
      Avoid a use of already-freed memory when debugging is enabled.

  109 Russ Allbery	2006-11-17
      Man page is installed in man5, not man8.

  108 Russ Allbery	2006-11-10
      Add maintainer-clean as an alias for maintclean and remove configure as
      well.

  107 Russ Allbery	2006-11-08
      Include security/pam_modules.h for the pam_strerror prototype.

  106 Russ Allbery	2006-11-08
      Comment fix for syslog priorities.

  105 Russ Allbery	2006-11-03
      Release 2.5.

  104 Russ Allbery	2006-11-03
      Add a blurb that I can use announcements.  Recommend use_authtok for
      the password configuration where cracklib runs first.

  103 Russ Allbery	2006-11-03
      Nothing needs to include com_err.h any more except the MIT compat
      code, since Kerberos error resolution is now done via the compat
      function.

  102 Russ Allbery	2006-11-03
      Be a bit more thorough when checking authorization in
      pam_sm_acct_mgmt.  Re-retrieve the value of user in case the
      application changed it, and if we have a ticket cache (we may not even
      after a successful authentication if no_ccache was specified),
      retrieve the principal from it rather than using the principal from
      the context.

  101 Russ Allbery	2006-11-03
      Fix typo in last news entry.

  100 Russ Allbery	2006-11-03
      Don't free the results of pam_get_item(PAM_AUTHTOK) when one is
      already available when changing passwords.  Thanks, Arne Nordmark.
      
      Override passwords with 0 before freeing them, just out of paranoia
      (and because PAM also does this internally).

   99 Russ Allbery	2006-10-05
      Release 2.4.

   98 Russ Allbery	2006-10-05
      Fix several places where an uninitialized context could have been
      passed into the argument parsing function.

   97 Russ Allbery	2006-10-05
      Cast result lengths to int before using them as field lengths to
      avoid warnings when building with Heimdal.

   96 Russ Allbery	2006-10-05
      Current Heimdal sends the same arguments to the prompter function as
      MIT, so we don't need a compat layer and the current compat layer was
      actually registering an invalid prompting function for Heimdal.

   95 Russ Allbery	2006-10-05
      krb5_get_err_text handles NULL contexts fine, so we can use it to
      report errors in creating a context as well.

   94 Russ Allbery	2006-10-04
      Log an error when an unknown option is passed via the PAM 
      configuration.  

   93 Russ Allbery	2006-10-04
      Log errors (not just authentication failures) at the LOG_ERR level
      to match (some of) the recommendations of the Linux PAM documentation.

   92 Russ Allbery	2006-10-04
      Clean up additional fallout from the previous change.

   91 Russ Allbery	2006-10-04
      Parse renew_lifetime immediately and always report an error rather than
      deferring time parsing until acquiring tickets.

   90 Russ Allbery	2006-10-04
      Add some additional ideas from reviewing the FreeBSD module.

   89 Russ Allbery	2006-09-08
      Add a missing include.

   88 Russ Allbery	2006-09-08
      Refactor the code to read configuration from krb5.conf to be easier
      to read and understand.

   87 Russ Allbery	2006-09-08
      Check for memory allocation failures when parsing PAM options rather
      than segfaulting.

   86 Russ Allbery	2006-09-08
      Fix compilation problems with Heimdal.  Thanks, Matthijs Mohlmann.

   85 Russ Allbery	2006-09-03
      Release 2.3.

   84 Russ Allbery	2006-09-03
      Fix the interface between the Kerberos prompting function and the
      PAM conversation function on Linux.  Prior to this fix, the PAM module
      would only work on Solaris if Kerberos passed multiple prompts, which
      happens when an account requires a password change.  Solaris and Linux
      PAM implementations expect a different structure of pam_message
      structs in the conversation function; use a workaround to cater to
      both of them.  Based on a patch by Joachim Keltsch.

   83 Russ Allbery	2006-08-29
      Minor comment fixes.

   82 Russ Allbery	2006-08-29
      Implement retain_after_close, which specifies that the PAM module
      should never destroy the user's ticket cache, even on session end.

   81 Russ Allbery	2006-08-29
      Adjust for the differences in Solaris's PAM libraries:  Include
      pam_appl.h everywhere for structure and type definitions, and add
      portability workarounds for the return statuses missing from the
      Solaris implementation.

   80 Russ Allbery	2006-08-28
      Release 2.2.

   79 Russ Allbery	2006-08-28
      Release 2.2.

   78 Russ Allbery	2006-08-26
      Document recent changes.

   77 Russ Allbery	2006-08-26
      Realm handling is now done.  Add a few more things that need doing.

   76 Russ Allbery	2006-08-26
      Don't override the configured realm with the default one before parsing
      options.

   75 Russ Allbery	2006-08-26
      Fix POD typo.

   74 Russ Allbery	2006-08-26
      Check for the existence of krb5_get_init_opt_set_default_flags.

   73 Russ Allbery	2006-08-26
      Allow the user to set the default realm on the PAM option line.  Use that
      both to set the default realm for other operations and when reading
      defaults from the krb5.conf file.
      
      For Heimdal, also set default options from krb5.conf before getting tickets.
      This mostly just duplicates lookups that the PAM module was already doing,
      but it may also pick up configuration from [libdefaults] and [realms] under
      some circumstances and supports all the options that Heimdal supports (even
      if pam_krb5 doesn't handle them specially).

   72 Russ Allbery	2006-08-26
      pamk5_compat_princ_component wasn't used, so remove it.

   71 Russ Allbery	2006-08-26
      Note the fix for Heimdal compatibility.

   70 Russ Allbery	2006-08-26
      Add casts to silence compiler warnings.

   69 Russ Allbery	2006-08-26
      Resolve a couple of implicit declarations of free.

   68 Russ Allbery	2006-08-26
      Spell compat_heimdal.c correctly.

   67 Russ Allbery	2006-08-26
      We now use Autoconf, so remove the item saying to add it.

   66 Russ Allbery	2006-08-26
      Update the build and installation documentation for the new Autoconf-based
      build system.  This should have been in the last release but was missed.

   65 Russ Allbery	2006-08-26
      Rename CHANGES.old so that rsync's default ignore list doesn't bite me.
      Sneak this change into 2.1.

   64 Russ Allbery	2006-08-26
      Release 2.1.

   63 Russ Allbery	2006-08-26
      Redid make dist to use rsync -C.  Added a .cvsignore file to control what
      files rsync distributes.  Updated .bzrignore with all the Autoconf
      droppings.

   62 Russ Allbery	2006-08-26
      Added an Autoconf script to distinguish between Heimdal and MIT Kerberos
      and take care of other portability issues.  Rewrote the Makefile
      accordingly.

   61 Russ Allbery	2006-08-25
      Pass the context in as the first argument to pamk5_compat_get_err_text.

   60 Russ Allbery	2006-08-25
      Call error_message for MIT Kerberos but krb5_get_err_text for Heimdal,
      using the appropriate compat indirection.  (The only exception is that
      we still call error_message for Heimdal if what failed was the creation
      of a context.)
      
      Remove the pamk5_compat_cc_next_cred wrapper.  It wasn't actually used,
      and Heimdal takes its arguments in the same order as MIT and the Heimdal
      compat layer wouldn't compile.
      
      Patches from Matthijs Mohlmann, committed with modifications.

   59 Russ Allbery	2006-08-24
      Ignore the auto-generated CHANGES file.

   58 Russ Allbery	2006-08-24
      Strip off a FILE: prefix from the cache path before creating it in
      case the user set ccache or ccache_dir with a cache type prefix.

   57 Russ Allbery	2006-08-11
      Release 2.0.

   56 Russ Allbery	2006-08-11
      Add a make dist target and ignore the files that it generates.

   55 Russ Allbery	2006-08-11
      Add some notes about the mission of this module and features in the
      Sourceforge module that it isn't going to support.

   54 Russ Allbery	2006-08-11
      Bring the TODO list back in line with reality.

   53 Russ Allbery	2006-08-11
      Move the old ChangeLog to CHANGES.old since we're going to generate a new
      CHANGES file from bzr and since it's not in ChangeLog format.  Add a NEWS
      file with a higher-level overview of interesting changes between versions
      and fill out all the changes that have happened in 2.0.

   52 Russ Allbery	2006-08-07
      Support FILE: prefixes to the ticket cache names.

   51 Russ Allbery	2006-07-29
      Rename the rest of the public functions to avoid stomping on the
      namespace of the application or glibc and running into unfortunate
      conflicts.

   50 Russ Allbery	2006-07-29
      Rename all the credlist functions.  Fix some accidental renamings from
      the context renaming.

   49 Russ Allbery	2006-07-29
      Rename all of the context functions to the pamk5_* namespace.

   48 Russ Allbery	2006-07-29
      Save the authentication credentials during the preliminary password
      change check so that we don't have to reacquire them for the actual
      password change.

   47 Russ Allbery	2006-07-16
      After setting the authentication token, retrieve it from the same storage
      location as we stored it.  Otherwise, password changes prompt twice.

   46 Russ Allbery	2006-07-16
      Call krb5_free_data_contents, not krb5_free_data, on buffers that are
      declared on the stack.

   45 Russ Allbery	2006-07-16
      The sense of the test in the last change was reversed.

   44 Russ Allbery	2006-07-16
      Don't try to verify the ticket cache when authenticating for password
      changes.

   43 Russ Allbery	2006-07-16
      Use strncmp for the options that take arguments.

   42 Russ Allbery	2006-07-16
      If ctx is set to NULL, fetch_context must fail.

   41 Russ Allbery	2006-07-16
      Always exit pam_sm_setcred through the normal exit path and don't free
      the clist unless it's non-NULL.

   40 Russ Allbery	2006-07-16
      Don't assume ctx is non-NULL when checking whether the ticket cache was
      already initialized in pam_sm_setcred.

   39 Russ Allbery	2006-07-16
      Rename the logging functions to avoid conflicting with system functions
      and calling the system error function by mistake.

   38 Russ Allbery	2006-07-16
      renew_lifetime defaults pulled from krb5.conf weren't handled properly.

   37 Russ Allbery	2006-07-16
      Initialize session to NULL in pam_sm_authenticate.

   36 Russ Allbery	2006-07-16
      krb5_appdefault_string has to have a default string; NULL doesn't work.

   35 Russ Allbery	2006-07-16
      Add support for use_authtok, which is like use_first_pass except that it
      won't ever prompt the user, even if no prior module obtained the
      password.
      
      Fix up the return status from password authentication and password
      changing to reduce the number of PAM_SERVICE_ERRs we were returning from
      calls that didn't accept that as a valid return status.

   34 Russ Allbery	2006-07-16
      Use PAM_OLDAUTHTOK to retrieve the user's password if we're changing the
      password rather than PAM_AUTHTOK and save the password back into the same
      place.  Don't always save authentication passwords into PAM_OLDAUTHTOK;
      only do that if we're changing passwords.
      
      Free the passwords retrieved from the user.  We were doing that already
      when obtaining the user's password for authentication, so apparently it
      is safe.
      
      Save the new password when changing passwords into PAM_AUTHTOK if the
      user enters the same password both times.
      
      Implement PAM_PRELIM_CHECK by doing all the steps up to prompting for the
      new password and changing it.  That includes authenticating the user, so
      PAM_PRELIM_CHECK now may prompt.

   33 Russ Allbery	2006-07-12
      Add a version number.

   32 Russ Allbery	2006-07-12
      Ignore the generated man page.

   31 Russ Allbery	2006-07-12
      Rewrite the man page in POD and add documentation for all the new
      configuration options.

   30 Russ Allbery	2006-07-12
      Don't set PAM_KRB5CCNAME if no_ccache is set, and set it after we run
      mkstemp so that it gets set to the correct value.

   29 Russ Allbery	2006-07-12
      If no_ccache is set, don't even create a temporary ticket cache in
      pam_authenticate.

   28 Russ Allbery	2006-07-12
      When checking minimum_uid, use the passed in username rather than
      ctx->name.

   27 Russ Allbery	2006-07-03
      Overhaul the README file and remove additional documentation that's no
      longer interesting.

   26 Russ Allbery	2006-07-03
      Factor out the common code in the MIT and Heimdal prompting functions and
      finish redoing all the code for style and formatting by doing the two
      compat_*.c files.

   25 Russ Allbery	2006-07-03
      Mostly finish cleanup for style and formatting.  Merge all the headers
      together; nothing is really gained from keeping the headers separate for
      context.c and credlist.c.
      
      Still close the cache even if we're not supposed to destroy it on context
      destruction just in case not closing it would leak resources.

   24 Russ Allbery	2006-07-03
      When obtaining the ticket cache name for pam_sm_setcred, never use the
      name of the cache in the existing context.  That's the temporary cache
      created by pam_sm_authenticate.  Instead, fall back on the default ticket
      cache name for reinitialization if KRB5CCNAME isn't set in the
      environment.

   23 Russ Allbery	2006-07-03
      If use_first_pass is set, password changing should never prompt for the
      password and just fail if one wasn't obtained by a previous module.

   22 Russ Allbery	2006-07-02
      Switch to the new logging functions and macros everywhere.  Also fix some
      other style and comment issues.

   21 Russ Allbery	2006-07-02
      Style and formatting cleanup.

   20 Russ Allbery	2006-06-28
      Verify the user's TGT immediately after obtaining it rather than
      deferring to validate_auth, since then we have the krb5_creds handy and
      don't have to dig them back out of the ticket cache.  Don't redo this
      work in the other callers of validate_auth (pam_sm_setcred and
      pam_sm_acct_mgmt); it's properly part of authentication and there isn't
      a need.

   19 Russ Allbery	2006-06-28
      Remove the hand-rolled Kerberos v5 TGT verification and instead call
      krb5_verify_init_creds.

   18 Russ Allbery	2006-06-28
      More reformatting for coding style.

   17 Russ Allbery	2006-06-28
      Add support for minimum_uid, which is like ignore_root but more general.
      Centralize the code to check for ignore_root or minimum_uid.
      
      Reformat the password_auth function for indentation and comment style.

   16 Russ Allbery	2006-06-27
      Remove code that was omitted with #if 0.

   15 Russ Allbery	2006-06-27
      Reformat the code and comment about not freeing the response data to make
      it clearer and remove #if 0 code and a pointless loop.

   14 Russ Allbery	2006-06-27
      Remove the unused Jokostat function.

   13 Russ Allbery	2006-06-27
      Allow ccache, ccache_dir, ignore_k5login, and renew_lifetime to be set
      in krb5.conf as well.
      
      Store all string options as allocated strings.  Use strlen to find the
      offset of the argument to string options in the PAM configuration for
      better maintainability.  Free the allocated strings when freeing the args
      structure.

   12 Russ Allbery	2006-06-27
      Eliminate the global pam_args struct.  Instead, allocate a new pam_args
      struct at each of our entry points and then free it before exiting.

   11 Russ Allbery	2006-06-27
      ENCTYPE_DES_CBC_MD5 was not used in the source, so don't set it here.

   10 Russ Allbery	2006-06-27
      Remove reuse_ccache; nothing actually referenced it.

    9 Russ Allbery	2006-06-27
      Add support for the renew_lifetime option in the PAM configuration, which
      if set specifies the renewable lifetime of obtained tickets.
      
      Alphabetize the option parsing code for easier maintenance.  Explicitly
      initialize to NULL the pointer members of pam_args.

    8 Russ Allbery	2006-06-27
      Add an ignore_k5login option to not check .k5login files but still do the
      krb5_aname_to_localname check, for sites that can't use .k5login files or
      can't allow the system access to user's home directories for some reason.

    7 Russ Allbery	2006-06-27
      Reformat for clarity.  Remove the OpenVision copyright left over from the
      MIT Kerberos code, since that only covered the kadmin interface, and none
      of that code is in the PAM module.

    6 Russ Allbery	2006-06-27
      valid_context is no longer used (it was replaced with validate_auth).

    5 Russ Allbery	2006-06-27
      Get the default values for debug, forwardable, ignore_root, and
      search_k5login out of krb5.conf.  The first two are also used by the
      Red Hat module, so look for the values in the pam section for
      compatibility.  Set up an infrastructure so that we can add further
      defaults from krb5.conf in the future.
      
      Pass a context into parse_args if we have one available so that it
      doesn't have to create its own krb5_context at least some of the time.
      
      Move parse_args into a new options.c source file and out of the support.c
      grab bag.

    4 Russ Allbery	2006-06-27
      In the PAM prompting function, copy the trailing nul at the end of the
      password into the krb5_prompt struct, even though the length set there
      does not include the trailing nul.  This matches the behavior of the
      prompter in the MIT Kerberos library, and something apparently depends
      on finding it.
      
      Add some comments to the prompter, since it's otherwise very difficult
      to follow what's going on.

    3 Russ Allbery	2006-06-27
      The old patches directory is no longer interesting.

    2 Russ Allbery	2006-06-27
      Apply the current Debian patch to 1.2.0.  This includes the following
      changes:
      
        * Only call krb5_kuserok when the account to which we're authenticating
          is a local account to allow use of pam_krb5 for application
          authentication of users without local accounts.  (Closes: #354133)
        * Restructure the code to do user validation after obtaining their
          initial tickets.  This eliminates a lot of confusing special cases and
          deferred checking and makes it easier to audit the code.
        * Don't create the ticket cache until after successful authentication.
          Otherwise, we leave files behind in /tmp.
        * Document what principals libpam_krb5.so looks for in the system keytab
          to do ticket validation.  (Closes: #350556)
      
        * Always use a disk cache for temporary storage of credentials and cope
          with not having module-specific data during pam_sm_setcred by passing
          the cache path in an environment variable.  This is required to cope
          with OpenSSH's technique (when using ChallengeResponseAuthentication)
          of doing PAM authentication in a child process and then opening the
          session in the parent.  (Closes: #339734)
        * Only initialize the ticket cache once no matter how many times setcred
          is called.  Saves duplicate work and works around a bug in xdm, which
          calls setcred repeatedly and discards the environment set by the final
          call.
        * Don't assume we already have a context when changing passwords; passwd
          doesn't work that way.  (Closes: #344003)
        * Fix the test for the new password.  I don't think this would have
          worked at all before.
        * Improve debugging output for password changes.
        * If search_k5login is specified but no .k5login is found, still check
          the user with krb5_kuserok in case there are custom principal mappings
          defined.
        * Handle ignore_root in a cleaner fashion and add support for
          ignore_root on password changes.
        * Document that ccache and ccache_dir must be specified as options to
          the session module.  (Closes: #341926)
        * Document that pam_sm_authenticate and pam_sm_setcred also call
          krb5_kuserok.
      
        * Bug fixes to upstream version (all sent back to the maintainer):
          - Succeed silently in account management if Kerberos wasn't used.
          - Parse ccache_dir correctly.
          - Bring the man page up to date.
          - Link with -z defs to ensure all symbols were found.
        * Readd the ccache option with a better implementation and allow for
          randomization of the filename using mkstemp even if ccache is used.
        * Add search_k5login option to allow authentication based on the
          principals listed in ~/.k5login when the local account name doesn't
          easily map to the Kerberos principal.

    1 Russ Allbery	2006-06-27
      Import of 1.2.0 release from Andres Salomon.

