New shadow maintainer, pre-release of upcoming packages...
Hello fellow developers,
With Guy's permission I have taken on the shadow packages. I've been busily
building a new version which has _lots_ changed in it. Below is a breakdown
of what I have so far, and a URL for a pre-release of the packages. NOTE,
because this is not an official upload, please do not file any bug reports
on these packages. There are way to many BTS entries already that I have to
take care of with these packages, so please don't make it any harder for me
to sort through them. Also note that the Debian release is 0.1, it will turn
to -1 when I upload.
This set is pretty much the way I want it with a few exceptions noted below
under TODO, so if there are no complaints, and no problems reported _directly_
to me, this will be the uploaded form (save the few TODO items):
1) Upgraded to the latest 19990827 release, this fixes lots of bugs
2) New build setup. I really need Hurd (Marcus?) to test this and make sure
that it still only produces the passwd package for that OS. This build
setup is based on Adam Heath's `dbs' system (a great setup btw).
3) PAM functionality completely turned on for login, passwd, su, chsh and chfn.
Please test, test, and retest this functionality. When doing so, please make
sure you are using the latest PAM 0.69-2 (other versions may cause problems).
Note, that the login program was not fully working with PAM (as noted in the
shadow README.pam doc). I believe I have it working pretty well now. Also, I
do know that login sticks around until after logout. This is on purpose, so
that login can call pam_close_session() to get rid of credentials. Also note
that certain functionality in /etc/login.defs is replaced with PAM. The final
upload will include a new login.defs that documents this, and the corresponding
/etc/pam.d/ file for each program will have exmaples of how to implement that
functionality there. Most notably are MD5 passwords, limits, lastlog, mail check,
password strength checking (cracklib will be possible now with libpam-cracklib
package), porttime checks, securetty's, motd file, su wheel group, chfn auth,
and env file and handling.
4) The default su will now be in the `login' package as opposed to shellutils. The
shellutils maintainer is holding an upload for that package without su. That
version of shellutils will depend on the version of login that I upload, and
this version of login correctly Replaces versions of shellutils lower than the
new version he has waiting.
5) Many Many bug fixes. If your bug isn't fixed here, don't worry I still plan to
- better examples in pam.d files to atleast mirror the capabilities in login.defs and
then remove the lines in login.defs that are handled by PAM with a note on which ones
- use login.defs FAIL_DELAY to set PAM's fail delay
Thanks, for the help in testing.