From a852177c4fde4f21ca20abba1ca8d9db06824102 Mon Sep 17 00:00:00 2001 From: Steve Langasek Date: Tue, 25 Aug 2009 01:17:34 -0700 Subject: =?UTF-8?q?debian/patches/007=5Fmodules=5Fpam=5Funix:=20drop=20div?= =?UTF-8?q?ergence=20from=20upstream=20that=20treats=20"0"=20as=20a=20spec?= =?UTF-8?q?ial=20value=20in=20various=20fields=20in=20/etc/shadow,=20and?= =?UTF-8?q?=20document=20this=20in=20debian/NEWS.=20=20Thanks=20to=20Nicol?= =?UTF-8?q?as=20Fran=C3=A7ois=20=20for?= =?UTF-8?q?=20the=20detailed=20analysis.=20Closes:=20#308229.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- debian/NEWS | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'debian/NEWS') diff --git a/debian/NEWS b/debian/NEWS index f644dc45..327df1ac 100644 --- a/debian/NEWS +++ b/debian/NEWS @@ -9,6 +9,25 @@ pam (1.1.0-1) unstable; urgency=low The pam_unix module still does its own check of /etc/security/opasswd, so if you are using this module you should not need to change anything. + * Change in handling of /etc/shadow fields + + The Debian PAM package included a patch to treat a value of 0 in certain + fields in /etc/shadow as the same as an empty field. This patch has + been dropped, since it caused the behavior of pam_unix to differ from + both that of PAM upstream and that of the shadow package. + + The main consequences of this change are that: + + - a "0" in the sp_expire field will be treated as a date of Jan 1, 1970 + instead of a "never expires" value, so users with this set will be + unable to log in + + - a "0" in the sp_inact field will indicate that the user should not be + allowed to change an expired password at all, instead of being allowed + to change an expired at any time after the expiry. + + See Debian bug #308229 for more information about this change. + -- Steve Langasek Tue, 25 Aug 2009 00:13:57 -0700 pam (0.99.10.0-1) unstable; urgency=low -- cgit v1.2.3