-userdir-ldap (0.3.3X) Xnstable; urgency=low
+userdir-ldap (0.3.XX) unstable; urgency=low
+
+ * Remove cruft comment.
+ * Fix group does not exist warning (layout/spacing issues).
+ * call addGroups with the proper number of arguments, when doing so
+ recursively.
+
+ -- Peter Palfrader <weasel@debian.org> Sun, 23 Nov 2008 22:07:47 +0100
+
+userdir-ldap (0.3.51) unstable; urgency=low
+
+ * Update template/welcome-message-800 to match the actual template used
+ on db.debian.org.
+ * Add subgroup support: A group can now have subgroups. This means
+ that if a user is a member of a group he also becomes a member of
+ all its subgroups. E.g. members of a wb-all group will automatically
+ be members of wb-i386, wb-arm, wb-mips, etc. [Luk Claes]
+ * Extend that support so that subgroups work on a per host basis too,
+ so that for instance the debbugs group can be in group
+ maillog@rietz.debian.org.
+ * Add hostnames from the host purpose field to the ssh_known_hosts
+ file [Thomas Viehmann].
+
+ -- Peter Palfrader <weasel@debian.org> Sun, 23 Nov 2008 21:22:58 +0100
+
+userdir-ldap (0.3.50) unstable; urgency=low
+
+ * ud-generate: Support $gid@$host supplementary group entries for users.
+
+ -- Peter Palfrader <weasel@debian.org> Sat, 15 Nov 2008 11:20:09 +0100
+
+userdir-ldap (0.3.49) unstable; urgency=low
+
+ * ud-replicate: Only link ssh-rsa-shadow to var/lib/misc/$host and etc/ssh
+ if it exists. Else remove the symlink.
+
+ -- Peter Palfrader <weasel@debian.org> Fri, 14 Nov 2008 23:14:58 +0100
+
+userdir-ldap (0.3.48) unstable; urgency=low
+
+ * ud-generate: Remove support for single ssh key shadow file.
+ * ud-generate: Make ssh key tarballs the default.
+ * ud-generate: Move ssh tarball generation into its own function.
+ Currently it's part of the main loop.
+
+ -- Peter Palfrader <weasel@debian.org> Fri, 14 Nov 2008 23:04:21 +0100
+
+userdir-ldap (0.3.47) unstable; urgency=low
+
+ * Fix a typo on ud-mailgate.
+
+ -- Peter Palfrader <weasel@debian.org> Fri, 14 Nov 2008 20:40:19 +0100
+
+userdir-ldap (0.3.46) unstable; urgency=low
+
+ * Change the hmac that protect sudopassword entries to also
+ hash the purpose ("sudo") and the owning user's uid into
+ the mac.
+
+ -- Peter Palfrader <weasel@debian.org> Fri, 14 Nov 2008 20:27:38 +0100
+
+userdir-ldap (0.3.45) unstable; urgency=low
+
+ * ud-generate: Declare [UNTRSUTED] flag as obsolete.
+ * ud-generate: Add [NOMARKERS] flag to not push markers (gps coordinates) to host.
+ * ud-replicate: Use --delete-after with rsync. Previously we didn't delete
+ stuff ever.
+ * ud-replicate: Sync only ssh_known_hosts into chroots, not ssh*.
+ * ud-replicate: Clean up better, correcting some mistakes done by earlier
+ versions.
+
+ -- Peter Palfrader <weasel@debian.org> Sun, 26 Oct 2008 22:31:46 +0100
+
+userdir-ldap (0.3.44) unstable; urgency=low
+
+ * ud-mailgate: Do not support del requests for sshDSAAuthKey - there is no
+ such attribute.
+ * ud-generate: do not export sudopassword to untrusted or nopasswd hosts,
+ unless the password is explicitly added for this host and not just for '*'.
+
+ -- Peter Palfrader <weasel@debian.org> Fri, 03 Oct 2008 13:23:22 +0200
+
+userdir-ldap (0.3.43) unstable; urgency=low
+
+ * FQHNs sometimes, well always, include dots.
+
+ -- Peter Palfrader <weasel@debian.org> Tue, 16 Sep 2008 15:07:21 +0200
+
+userdir-ldap (0.3.42) unstable; urgency=low
+
+ * Export all accounts into sudo-passwd, even if they
+ do not have a sudo password set. Set their password to '*' then.
+ etc/pam.d/sudo should look like this then:
+ auth [authinfo_unavail=ignore success=done ignore=ignore default=die] pam_pwdfile.so pwdfile=/var/lib/misc/thishost/sudo-passwd
+ auth required pam_unix.so nullok_secure try_first_pass
+ @include common-account
+
+ -- Peter Palfrader <weasel@debian.org> Tue, 16 Sep 2008 14:30:41 +0200
+
+userdir-ldap (0.3.41) unstable; urgency=low
+
+ * ud-generate: lower casing the sudopasswd ldap entry prior to parsing
+ and verifying it was a bad idea.
+
+ -- Peter Palfrader <weasel@debian.org> Mon, 15 Sep 2008 19:26:14 +0200
+
+userdir-ldap (0.3.40) unstable; urgency=low
+
+ * Reading the hmac key only once is too troublesome.
+
+ -- Peter Palfrader <weasel@debian.org> Mon, 15 Sep 2008 01:12:23 +0200
+
+userdir-ldap (0.3.39) unstable; urgency=low
+
+ * Lowercasing hashed sudo passwords in ud-mailgate not considered smart.
+
+ -- Peter Palfrader <weasel@debian.org> Mon, 15 Sep 2008 00:40:13 +0200
+
+userdir-ldap (0.3.38) unstable; urgency=low
+
+ * Fix order of some calls so stuff works again.
+ * And import pwd and os and the hmac crowed in userdir_ldap.py.
+ * Using the right variable name will also help.
+
+ -- Peter Palfrader <weasel@debian.org> Mon, 15 Sep 2008 00:18:37 +0200
+
+userdir-ldap (0.3.37) unstable; urgency=low
+
+ * ud-mailgate: Do not commit any changes if one of the requests is invalid
+ or could not be parsed or caused an error or anything.
+ * Add sudoPassword to schema, and the slapd.conf/ACL snippet
+ A sudoPassword entry in LDAP has the form of
+ "<uuid> unconfirmed <hostlist> <cryptedpassword>", or
+ "<uuid> confirmed:<hmac_sha1("password-is-confirmed:<uuid>:<hosts>:<cryptedpass>")> <hostlist> <cryptedpassword>"
+ * ud-mailgate: Implement confirmation of sudoPassword field:
+ A confirmationation is of the form
+ "confirm sudopassword <uuid> <hostlist> <hmac_sha1("confirm-new-password:<uuid>:<hosts>:<cryptedpass>")>"
+ * ud-generate: generate a sudo passwd file
+
+ -- Peter Palfrader <weasel@debian.org> Sun, 14 Sep 2008 23:45:36 +0200
+
+userdir-ldap (0.3.36) unstable; urgency=low
+
+ * Aha. Error is not some magic variable or exception, it's a
+ normal string that needs defining when we use it.
+
+ -- Peter Palfrader <weasel@debian.org> Sat, 19 Jul 2008 21:35:39 +0200
+
+userdir-ldap (0.3.35) unstable; urgency=low
+
+ * Check if a key has encryption capabilities and fail saying so when
+ trying to encrypt stuff (like passwords) to users. All this does is
+ give nicer error messages, it previously failed with just "gpg failed".
+
+ -- Peter Palfrader <weasel@debian.org> Sat, 19 Jul 2008 16:17:13 +0200
+
+userdir-ldap (0.3.34) unstable; urgency=low
+
+ * ud-info: fix changing of DD status/DD status comment -
+ we were missing prompt information so we got a backtrace.
+ * ud-info: Warn when we don't have a prompt string for
+ attributes on startup.
+ * ud-info: Change the "retired" status to "inactive".
+ inactive covers memorial, removed, expelled more clearly.
+ * userdir_gpg.py
+ - do not use SIGEXPIRED, it's deprecated
+ - use EXPKEYSIG to tell if a signature is made by an expired key.
+ - Check that the primary key is not expired, even if we get a
+ GOODSIG status from gnupg. Based on patch by Jeremy T. Bouse.
+
+ -- Peter Palfrader <weasel@debian.org> Tue, 08 Jul 2008 14:33:08 +0200
+
+userdir-ldap (0.3.33) unstable; urgency=low
* add "security simple_bind=128" to sample slapd.conf.
* ud-info: Only show "Lock account" in root mode.
also disabled. accountStatus is just a freeform text, but
these 4 options should be the only ones that exist.
* Allow setting of gender in ud-mailgate. Based on patch by Bernhard
- R. Link.
+ R. Link.
+ * Add userdir-ldap-slapd.conf, a snipped to be included in slapd.conf
+ to the package.
- -- Peter Palfrader <weasel@debian.org> Mon, 09 Jun 2008 22:59:06 +0200
+ -- Peter Palfrader <weasel@debian.org> Mon, 23 Jun 2008 22:59:02 +0200
userdir-ldap (0.3.32) unstable; urgency=low