| Commit message (Collapse) | Author | Age |
|
|
|
|
|
| |
instead of creating a new parse-kernel-rlimits.patch, to keep these changes
logically grouped together; and add a DEP3 patch header here since we didn't
have one before
|
|
|
|
|
|
| |
from the kernel (via /proc/1/limits), instead of continuing to hardcode
the settings internally. Fall back to internal defaults when the kernel
rlimits are not found. Closes: #620302. (LP: #746655, #391761)
|
|
|
|
| |
compatibility when it's not already set. Closes: #552043.
|
|
|
|
| |
mkhomedir_linking.patch, which are included upstream.
|
|
|
|
|
| |
only when linking libraries. Thanks to Julien Cristau
<jcristau@debian.org> for the fix. Closes: #582362.
|
|
|
|
|
| |
libraries required for building pam_tty_audit, we shouldn't install the
manpage either. LP: #588547.
|
|
|
|
| |
pam_securetty_tty_check_before_user_check, which are included upstream.
|
|
|
|
|
| |
be included directly, without having to include sys/types.h first.
Closes: #556203.
|
|
|
|
|
|
| |
to make pam_securetty always return success on a secure tty regardless
of what username was passed. Thanks to Nicolas François
<nicolas.francois@centraliens.net> for the patch. Closes: #537848
|
|
|
|
|
| |
namespace.init script's dependency on non-POSIX features of gawk, since
we don't use gawk by default. Closes; #518908.
|
|
|
|
|
| |
manpages caused by oddities of toolchain used when generating them
upstream.
|
| |
|
|
|
|
|
|
| |
pam_env_ignore_garbage.patch, dont_freeze_password_chain,
pam_1.0.4_mindays, pam_mail-fix-quiet, and
cve-2009-0887-libpam-pam_misc.patch, which are included upstream.
|
|
|
|
| |
(CVE-2009-0887) (Closes: #520115)
|
|\ |
|
| |
| |
| |
| | |
obsolete, LP: #399071
|
|/
|
|
| |
applied upstream to fix quiet option of pam_mail, Closes: #439268
|
|
|
|
| |
for MINDAYS-Field regression (closes: #514437).
|
|
|
|
|
|
|
|
| |
don't always follow the same path through the password stack on
the PAM_UPDATE_AUTHTOK pass as was used in the PAM_PRELIM_CHECK
pass; this Linux-PAM deviation from the original PAM spec causes a
number of problems, in particular causing wrong return values when
using the refactored pam-auth-update stack. LP: #303515, #305882.
|
|
|
|
|
|
| |
exits normally; if it was killed by a signal, we don't want to
accept the password.
|
|
|
|
| |
buggy before and fixed now.
|
|
|
|
| |
by a subprocess.
|
|
|
|
|
|
| |
point to section 5 instead of section 8.
* Update patch PAM-manpage-section to fix the references to pam(7) from
other manpages. Closes: #470137.
|
|
|
|
|
|
| |
upstream change that causes unix_chkpwd to assume that setuid(getuid())
is sufficient to drop permissions and attempt any authentication on
behalf of the user.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
regression which prevents sgid shadow apps from being able to authenticate
any more because the module forces use of the helper and the helper won't
allow authentication of arbitrary users. This change does mean we're
going to be noisier for the time being in an SELinux environment, which
should be addressed but is not a regression on Debian.
|
|
|
|
|
| |
in-process NIS+ account checking instead of unconditionally passing it
off to the unix_chkpwd helper; if it wasn't broke, don't fix it.
|
|
|
|
|
| |
changes for NIS+, since I know the old behavior was right and don't
believe anyone has tested the new code.
|
|
|
|
| |
committed upstream soon
|
|
|
|
| |
getpwnam() use in pam_unix is thread-safe (fixes an upstream regression)
|
|
|
|
| |
and pam_tally_audit.patch, which have been merged upstream.
|
| |
|
|
|
|
|
| |
it reduces the length of time we hold the lock, but at the expense of
being able to enforce minimum times between password changes.
|
|
|
|
|
|
| |
(set or unset) when looking up the user's password entry for password
changes. Thanks to Quentin Godfroy <godfroy@clipper.ens.fr> for the
patch. Closes: #469635.
|
|
|
|
| |
been dropped upstream
|
|
|
|
|
|
| |
pam_rhosts_auth introduced upstream in 0.99.9.0: we want to cast the
result of inet_addr to int32_t, not the result of a boolean *comparison*
on inet_addr's result...
|
| |
|
| |
|
| |
|
|
|
|
|
| |
separate subdir for the upstream sources
|
|
|