| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: pam_yubico | Distribution: SUSE Linux Enterprise 15 |
| Version: 2.26 | Vendor: SUSE LLC <https://www.suse.com/> |
| Release: 1.7 | Build date: Sat May 26 01:55:17 2018 |
| Group: Productivity/Networking/Security | Build host: cabernet |
| Size: 226878 | Source RPM: pam_yubico-2.26-1.7.src.rpm |
| Packager: https://www.suse.com/ | |
| Url: https://developers.yubico.com/yubico-pam/ | |
| Summary: Yubico Pluggable Authentication Module (PAM) | |
This module allows you to use the Yubikey device to authenticate to the PAM system.
BSD-2-Clause
* Fri Apr 20 2018 kbabioch@suse.com
- Version 2.26 (released 2018-04-20)
- Make sure to close authfile (CVE-2018-9275 bsc#1088027).
- Fix compiler warnings.
- Open file descriptors with O_CLOEXEC.
- Use mkostemp() instead of mkstemp().
- Dropped patches that are included upstream:
- cloexec.patch
- compiler-warnings-format-strings.patch
- compiler-warnings-pointer.patch
- leaking-file-descriptor.patch
- util_test-mkdtemp.patch
* Fri Apr 13 2018 kbabioch@suse.com
- Added patches:
- cloexec.patch: Harden file descriptor handling (boo#1089517)
- compiler-warnings-pointer.patch: Fix compiler warnings due to wrong pointer
casts (boo#1089518)
- compiler-warnings-format-strings.patch: Fix compiler warnings due to wrong
format string specifiers (boo#1089519)
- util_test-mkdtemp.patch: Use mkdtemp() instead of tempnam() (boo#1089520)
* Wed Apr 04 2018 kbabioch@suse.com
- leaking-file-descriptor.patch: Close the authfile before returning
to make sure no file descriptors are leaked (bsc#1088027).
* Tue Mar 27 2018 kbabioch@suse.com
- Version 2.25 (released 2018-03-27):
- Security: Storage of challenges in path with restricted permissions
- Perform OTP validation only if token is authorized
- Return early if the user has no authorized tokens
- Compare OTP IDs against `yubi_attr` only
- Add nullok support to challenge-response mode
- Several improvements to the documentation
- Improved debugging output and test cases
* Mon Nov 27 2017 meissner@suse.com
- Version 2.24 (released 2016-11-25) (bsc#1067191)
- Debug mode changed, allows file output with debug_file.
- Fixup returning user-unknown correctly.
- Version 2.23 (released 2016-06-15)
- Fix an issue where a failure to set permissions was wrongly outputted.
* Thu Jun 09 2016 t.gruner@katodev.de
- Version 2.22 (released 2016-05-23)
- Documentation improvements.
- Retain ownership and permission of challenge files (issue #92).
- Make dependency on yubico-c-client 2.15 clearer.
* Mon Apr 25 2016 t.gruner@katodev.de
- Version 2.21 (released 2016-02-19)
- Add proxy support for yubico-c-client.
- Check that conv is set before trying to use it fixes a crash bug with the osx loginwindow.
- Add building of a mac installer.
* Mon Oct 05 2015 t.gruner@katodev.de
- Version 2.20 (released 2015-09-22)
- Add cainfo option to allow usage of a cabundle instead of path.
- Support comments in authfile.
- For challenge response with system-wide directory, write the files as root instead of the user.
- add baselib.conf
* Thu Mar 26 2015 t.gruner@katodev.de
- Version 2.19 (released 2015-03-23)
- Add new ldap functionality ldap_bind_user and ldap_bind_password
for authenticated binds ldap_filter for using subtree search and
a filter ldap_cacertfile to use a specific cacert for ldaps
* Mon Feb 16 2015 t.gruner@katodev.de
- Version 2.18 (released 2015-02-12)
- Fix a memory leak of the pam response data.
- Add more tests.
- Add version flag to ykpamcfg.
- Remove "make check" in spec-file. ( BuildRequires: perl(Net::LDAP::Server) )
* Wed Jan 21 2015 t.gruner@katodev.de
- Move ykpamcfg from /usr/sbin to /usr/bin
* Wed Jan 07 2015 mrueckert@suse.de
- Version 2.17 (released 2014-08-26)
- Fix a bug with the 'urllist' parameter where urls would be
forgotten.
- Manpages converted to asciidoc.
- Version 2.16 (released 2014-06-10)
- Fix a crashbug with the new parameter 'urllist'
- Version 2.15 (released 2014-04-30)
- Added new parameter 'urllist'
- Added pam_yubico(8) man page.
- Fix memory leak.
- Bump yubico-c-client version requirement to 2.12.
- Version 2.14 (released 2013-09-27)
- Don't install internal header files.
- Don't print debug info when the "debug" parameter is not given.
- Use PBKDF2 to process expected reply for challenge-response
mode.
- Fixup memory leaks and leaks of privilege.
- Let return values reflect whether the user wasn't found or
other error.
- Version 2.13 (released 2013-03-01)
- Fix a bug in the version check to support major version > 2
(neo). Patch from https://github.com/wwest4
- Give ykpamcfg an option for specifying path.
- Version 2.12 (released 2012-06-15)
- Only use libyubikey when --with-cr is used.
- Set correct permissions on tempfile.
- YubiKey 2.2 contains a bug in challenge-response that makes it
output the same response to all challenges unless HMAC_LT64 is
set. Add warnings to ykpamcfg and a warning through conversate
in the pam module. Keys programmed like this should be
reprogrammed with the HMAC_LT64 flag set.
- Version 2.11 (released 2012-02-10)
- Fix crash-bug with challenge-response mode when button press is
required, but button is never pressed. Reported and fixed by
Lingzhu Xiang <xianglingzhu@gmail.com>.
- Fix a memset() with wrong size as reported by clang, as well as
some other problems/warnings when building on Mac OS X, thanks
to Clemens Lang <neverpanic@gmail.com>.
- Add prefix-matching of LDAP fetched values, so you can store
the token-to-user mapping in a multi-value attribute with
values like "yubikey:publicid", "other-token:something" etc.
Patch by Remi Mollon <remi.mollon@cern.ch>.
- Version 2.10 (released 2011-12-14)
- Drop permissions (to the user that is trying to authenticate)
before accessing files in the users home directory. Largely
based on a patch by Ricky Zhou <ricky@fedoraproject.org>.
Thanks!
- Restore challenge-response support - version 2.7 was supposed
to make the dependency on libykpers optional, but in reality
accidentally disabled challenge-response for all
configurations. As before, use --without-cr to compile
pam_yubico without the ykpers dependency.
- Version 2.9 (released 2011-11-17)
- Security: Explicitly request ykclient to verify server
signature. ykclient <= 2.5 strangely enough defaults to
signing requests, but not verifying signatures in responses
when it is supplied with a client key. Reported and patched by
Dominic Rutherford <dominic@rutherfordfamily.co.uk>.
- Version 2.8 (released 2011-08-26)
- Fix big security hole: Authentication succeeded when no
password was given, unless use_first_pass was being used. This
is fatal if pam_yubico is considered 'sufficient' in the PAM
configuration. Reported and patched by Nanakos Chrysostomos
<nanakos@wired-net.gr>.
- Version 2.7 (released 2011-06-07)
- Make dependency on libykpers optional. Use --without-cr to
force it. Reported by Jussi Sallinen <jussi@jus.si>.
- Version 2.6 (released 2011-04-11)
- This release includes lots of patches by members of our open
source community. Thank you all!
- Add Challenge-Response mode for offline validation (requires
YubiKey 2.2). Patch by Tollef Fog Heen.
- Eliminate all problems with pam_get_data by simply getting rid
of that code completely. This seems to have caused problems for
a lot of people.
- Numerous LDAP bug fixes and improvements, including community
patches by judas.iscariote and maxsanna81@gmail.com. Change to
LDAPv3, since v2 has been declared historic for a looong time.
- Support passing capath parameter to Yubico validation client.
Patch by Remi Mollon.
- Support public id's longer/shorter than 6 bytes. Patch by
fraser.scott@gmail.com.
- Convert documentation to Asciidoc format used in Github wiki.
- Try to never log passwords in debug logs.
- new build requires:
pkg-config
libyubikey-devel
libykpers-devel
- use correct license string: BSD-2-Clause
- remove autoreconf call: no longer needed with release tarball
- package more documentation
* Thu Mar 17 2011 crrodriguez@opensuse.org
- Update GIT snapshot
* Sat Mar 12 2011 crrodriguez@opensuse.org
- Update git snapshot
* Thu Mar 03 2011 crrodriguez@opensuse.org
- Use an slightly newer git snapshot
* Sun Jan 30 2011 cristian.rodriguez@opensuse.org
- run make check
* Sun Jan 30 2011 cristian.rodriguez@opensuse.org
- fix some wrong ldap calls
* Sun Jan 30 2011 cristian.rodriguez@opensuse.org
- Initial version
/lib64/security/pam_yubico.so /usr/bin/ykpamcfg /usr/share/doc/packages/pam_yubico /usr/share/doc/packages/pam_yubico/AUTHORS /usr/share/doc/packages/pam_yubico/Authentication_Using_Challenge-Response.adoc /usr/share/doc/packages/pam_yubico/MacOS_X_Challenge-Response.adoc /usr/share/doc/packages/pam_yubico/NEWS /usr/share/doc/packages/pam_yubico/README /usr/share/doc/packages/pam_yubico/Two_Factor_PAM_Configuration.adoc /usr/share/doc/packages/pam_yubico/Ubuntu_FreeRadius_YubiKey.adoc /usr/share/doc/packages/pam_yubico/YubiKey_and_FreeRADIUS_1FA_via_PAM.adoc /usr/share/doc/packages/pam_yubico/YubiKey_and_FreeRADIUS_via_PAM.adoc /usr/share/doc/packages/pam_yubico/YubiKey_and_OpenVPN_via_PAM.adoc /usr/share/doc/packages/pam_yubico/Yubikey_and_Radius_via_PAM.adoc /usr/share/doc/packages/pam_yubico/Yubikey_and_SELinux_on_Fedora_18_and_up.adoc /usr/share/doc/packages/pam_yubico/Yubikey_and_SSH_via_PAM.adoc /usr/share/licenses/pam_yubico /usr/share/licenses/pam_yubico/COPYING /usr/share/man/man1/ykpamcfg.1.gz /usr/share/man/man8/pam_yubico.8.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Sun Mar 9 13:15:26 2025