-userdir-ldap (0.3.24) UNRELEASED; urgency=low
+userdir-ldap (0.3.43) unstable; urgency=low
- * Add compatibility to dchroot-dsa to ud-replicate.
- * Add (disabled) generation of authorized_keys suiteable for sshdist.
- * Add performance optimization by caching IP adresses in ud-generate
- (as a precondition for automatically adding aliases)
+ * FQHNs sometimes, well always, include dots.
- -- Andreas Barth <aba@not.so.argh.org> Fri, 16 May 2008 17:35:19 +0000
+ -- Peter Palfrader <weasel@debian.org> Tue, 16 Sep 2008 15:07:21 +0200
+
+userdir-ldap (0.3.42) unstable; urgency=low
+
+ * Export all accounts into sudo-passwd, even if they
+ do not have a sudo password set. Set their password to '*' then.
+ etc/pam.d/sudo should look like this then:
+ auth [authinfo_unavail=ignore success=done ignore=ignore default=die] pam_pwdfile.so pwdfile=/var/lib/misc/thishost/sudo-passwd
+ auth required pam_unix.so nullok_secure try_first_pass
+ @include common-account
+
+ -- Peter Palfrader <weasel@debian.org> Tue, 16 Sep 2008 14:30:41 +0200
+
+userdir-ldap (0.3.41) unstable; urgency=low
+
+ * ud-generate: lower casing the sudopasswd ldap entry prior to parsing
+ and verifying it was a bad idea.
+
+ -- Peter Palfrader <weasel@debian.org> Mon, 15 Sep 2008 19:26:14 +0200
+
+userdir-ldap (0.3.40) unstable; urgency=low
+
+ * Reading the hmac key only once is too troublesome.
+
+ -- Peter Palfrader <weasel@debian.org> Mon, 15 Sep 2008 01:12:23 +0200
+
+userdir-ldap (0.3.39) unstable; urgency=low
+
+ * Lowercasing hashed sudo passwords in ud-mailgate not considered smart.
+
+ -- Peter Palfrader <weasel@debian.org> Mon, 15 Sep 2008 00:40:13 +0200
+
+userdir-ldap (0.3.38) unstable; urgency=low
+
+ * Fix order of some calls so stuff works again.
+ * And import pwd and os and the hmac crowed in userdir_ldap.py.
+ * Using the right variable name will also help.
+
+ -- Peter Palfrader <weasel@debian.org> Mon, 15 Sep 2008 00:18:37 +0200
+
+userdir-ldap (0.3.37) unstable; urgency=low
+
+ * ud-mailgate: Do not commit any changes if one of the requests is invalid
+ or could not be parsed or caused an error or anything.
+ * Add sudoPassword to schema, and the slapd.conf/ACL snippet
+ A sudoPassword entry in LDAP has the form of
+ "<uuid> unconfirmed <hostlist> <cryptedpassword>", or
+ "<uuid> confirmed:<hmac_sha1("password-is-confirmed:<uuid>:<hosts>:<cryptedpass>")> <hostlist> <cryptedpassword>"
+ * ud-mailgate: Implement confirmation of sudoPassword field:
+ A confirmationation is of the form
+ "confirm sudopassword <uuid> <hostlist> <hmac_sha1("confirm-new-password:<uuid>:<hosts>:<cryptedpass>")>"
+ * ud-generate: generate a sudo passwd file
+
+ -- Peter Palfrader <weasel@debian.org> Sun, 14 Sep 2008 23:45:36 +0200
+
+userdir-ldap (0.3.36) unstable; urgency=low
+
+ * Aha. Error is not some magic variable or exception, it's a
+ normal string that needs defining when we use it.
+
+ -- Peter Palfrader <weasel@debian.org> Sat, 19 Jul 2008 21:35:39 +0200
+
+userdir-ldap (0.3.35) unstable; urgency=low
+
+ * Check if a key has encryption capabilities and fail saying so when
+ trying to encrypt stuff (like passwords) to users. All this does is
+ give nicer error messages, it previously failed with just "gpg failed".
+
+ -- Peter Palfrader <weasel@debian.org> Sat, 19 Jul 2008 16:17:13 +0200
+
+userdir-ldap (0.3.34) unstable; urgency=low
+
+ * ud-info: fix changing of DD status/DD status comment -
+ we were missing prompt information so we got a backtrace.
+ * ud-info: Warn when we don't have a prompt string for
+ attributes on startup.
+ * ud-info: Change the "retired" status to "inactive".
+ inactive covers memorial, removed, expelled more clearly.
+ * userdir_gpg.py
+ - do not use SIGEXPIRED, it's deprecated
+ - use EXPKEYSIG to tell if a signature is made by an expired key.
+ - Check that the primary key is not expired, even if we get a
+ GOODSIG status from gnupg. Based on patch by Jeremy T. Bouse.
+
+ -- Peter Palfrader <weasel@debian.org> Tue, 08 Jul 2008 14:33:08 +0200
+
+userdir-ldap (0.3.33) unstable; urgency=low
+
+ * add "security simple_bind=128" to sample slapd.conf.
+ * ud-info: Only show "Lock account" in root mode.
+ * ud-info: Add "retire developer" option that sets
+ accountStatus properly to either retiring, retired, memorial
+ or active. Active is for all currently active developers,
+ memorial is for those who have passed away and whose accounts
+ will never be reused, retiring is a developer who is retired
+ but still receives mail at their @debian.org address. After
+ a few months they should move on to retired, with their mail
+ also disabled. accountStatus is just a freeform text, but
+ these 4 options should be the only ones that exist.
+ * Allow setting of gender in ud-mailgate. Based on patch by Bernhard
+ R. Link.
+ * Add userdir-ldap-slapd.conf, a snipped to be included in slapd.conf
+ to the package.
+
+ -- Peter Palfrader <weasel@debian.org> Mon, 23 Jun 2008 22:59:02 +0200
+
+userdir-ldap (0.3.32) unstable; urgency=low
+
+ * Do SSL when connecting to the ldap server.
+
+ -- Peter Palfrader <weasel@debian.org> Fri, 23 May 2008 23:50:03 +0200
+
+userdir-ldap (0.3.31) unstable; urgency=low
+
+ [ Joerg Jaspert ]
+ * Use sync_keyrings from config file in ud-generate instead of a
+ hardcoded list
+ * Use add_keyrings from config file in ud-useradd instead of a
+ hardcoded list
+ * Use ud-config to get the emailappend value in ud-replicate, no longer
+ hardcoding @debian.org
+
+ [ Stephen Gran ]
+ * Document how to use unique overlay for uid and keyFingerPrint
+
+ -- Peter Palfrader <weasel@debian.org> Fri, 23 May 2008 10:01:51 +0200
+
+userdir-ldap (0.3.30) unstable; urgency=low
+
+ * When we touch usePassword in ud-info or ud-mailgate we now also
+ update shadowLastChange.
+ * When we lock accounts, set shadowExpire to 1. shadowExpire
+ is "days since Jan 1, 1970 that account is disabled".
+ * Properly capitalize shadowInactive and shadowExpire attributes in
+ ud-info and ud-generate.
+ * Add copyright statements to ud-info from bzr log.
+
+ -- Peter Palfrader <weasel@debian.org> Thu, 22 May 2008 22:39:10 +0200
+
+userdir-ldap (0.3.29) unstable; urgency=low
+
+ * ud-info: Add an option "L" to lock accounts in the interactive
+ interface. Locking an account sets a user's password to "{crypt}*LK*"
+ and sets a mailDisableMessage of "account locked".
+
+ -- Peter Palfrader <weasel@debian.org> Thu, 22 May 2008 21:49:19 +0200
+
+userdir-ldap (0.3.28) unstable; urgency=low
+
+ * ud-generate: Do not disable mail just because the account is locked.
+
+ -- Peter Palfrader <weasel@debian.org> Thu, 22 May 2008 21:38:56 +0200
+
+userdir-ldap (0.3.27) unstable; urgency=low
+
+ * Export ssh-keys.tar.gz to [UNTRUSTED] hosts. Since we already export
+ ssh-rsa-shadow this is probably the right thing.
+ * Make keys in the ssh-keys tarball mode 0400 instead of mode 0600.
+
+ -- Peter Palfrader <weasel@debian.org> Mon, 19 May 2008 08:55:28 +0200
+
+userdir-ldap (0.3.26) unstable; urgency=low
+
+ * ud-replicate: sgran pointed out that if all we care about ignoring is
+ EEXIST then we should use mkdir -p instead of [ -d userkeys ] || mkdir
+ userkeys.
+ * ud-mailgate: a bug in DoSSH caused all changes to fail that came after
+ DoSSH in HandleChange. Now DoSSH properly returns without raising an
+ exception if the line to handle is not an ssh public key.
+ * Fix userdir-ldap.schema (objectClass now contains MAY: VoIP). [zobel]
+
+ -- Peter Palfrader <weasel@debian.org> Sun, 18 May 2008 14:27:50 +0200
+
+userdir-ldap (0.3.25) unstable; urgency=low
+
+ * Make ssh-keys.tar.gz readable only by the user.
+
+ -- Peter Palfrader <weasel@debian.org> Sat, 17 May 2008 16:14:56 +0200
+
+userdir-ldap (0.3.24) unstable; urgency=low
+
+ * ud-mailgate: better regex for ssh1 keys, which we reject. [joerg, weasel]
+ * ud-replicate: Also support the imposter dchroot-dsa from the debian
+ archive. [aba, weasel]
+ * ud-generate: Add support for generation of authorized_keys file on
+ the db host for the sshdist user. This is now possible since
+ ud-replicate clients use their ssh host key to authenticate to the
+ db server. The code now supports this but the feature is still
+ disabled. [aba]
+ * ud-generate: Add performance optimization by resolving IP adresses
+ for hosts only once and caching the result. [aba]
+ * ud-replicate, ud-generate: In addition to one big ssh-rsa-shadow file
+ ud-generate now produces per-user authorized_keys files and tars
+ them up. On the receiving end ud-replicate takes the tar and
+ syncs it to userkeys/. The goal here is to no longer require
+ a patched sshd. Setting AuthorizedKeysFile2 to
+ /var/lib/misc/userkeys/%u is sufficient. For homedir creation
+ we can use pam_mkhomedir. [mhy, sgran]
+
+ -- Peter Palfrader <weasel@debian.org> Sat, 17 May 2008 14:49:28 +0200
userdir-ldap (0.3.23) unstable; urgency=low
projects / mirror / userdir-ldap.git / blobdiff