diff --git a/Changelog b/Changelog deleted file mode 100644 index 971eba8..0000000 --- a/Changelog +++ /dev/null @@ -1,181 +0,0 @@ -* 0.4.0 -- Both pam_usb and its tools (adm, hotplug) have been redesigned from the - ground up and rewritten from scratch. -- Hardware recognition is now done through HAL which provides a stable - interface over kernel changes. -- Certificates have been replaced by one time pads. That will prevent - copies of the USB device to be used for authentication. -- Device's manufacturer properties verification. Pamusb now verifies - device informations (vendor, product, serial number, UUID) in the - authentication process. -- Configuration is now handled in a central place, the pusb.conf - configuration file. This XML file contains configuration entries for - users, devices and services. -- pusb_hotplug (formely usbhotplug) make use of DBUS signals (sent by HAL) - instead of kernel hotplugging. Also, its configuration has been merged - into the pusb.conf configuration file. -- A new tool named pusb_check has been added. It can perform authentication - the way the PAM module does. It can be useful for testing and scripting - purposes. - -* 0.3.3 -- The option keypath is now splitted into local_keypath and device_keypath. -- Fixed a bug that occurred when the TTY entry was empty. -- pam_usb doesn't get anymore the tty name from PAM_TTY as it used to be - empty on some systems. -- Better defaults. The default options have been set to fit most needs, - you are no longer required to use !check_device on 2.6. -- Verbose mode. By default, pam_usb now prints some informations during - the login process (access granted, the reason why access was refused, etc). - This can be turned off using the brand new 'quiet' option. -- Other small fixes. - -* 0.3.2 -- Now pam_usb will also try to autodetect /dev/sdN devices (not just - /dev/sdNX). -- Fixed a bug that happened when the application using PAM didn't set - PAM_TTY correctly. -- Added the use_first_pass and try_first_pass options. - Now if you enter your password on another PAM module (such as pam_mount - or pam_ssh), pam_usb will use that password to decrypt the private key. - -* 0.3.1 -- Lot of misc fixes (memory management, Makefiles, sanity checks, etc). - I'd like to thank the PaX Team who did almost - the whole job. -- Added the hostname option which allows to select what hostname should - be used for authentication (useful for shared public keys over lan). - Thanks to Nicolas Chauvat who reported the issue, - the idea and the patch for this feature. - -* 0.3.0 -- Not much changes in this version beside a gcc fix, but the 0.2 branch - reached too many new features so i wanted to name this release 0.3.0 - as i should have done with 0.2.3 -- Fixed a gcc 3.3 compile issue, and all related warning. - I would like to thank the following guys for having reported this bug so fast: - Lalande Fabrice - Marco - Neil Dunbar - -* 0.2.3 -- Added the usbhotplug tool. - usbhotplug is a hotplug agent that will automagically start a lock handler - when the usb device is removed and an unlock handler when the usb device - is plugged back in and authenticated through pam_usb. - - The default handlers will start xlock when the usb device is removed, - and will kill it when the usb device is plugged back in and authenticated. - - I'd like to thank Wout Mertens as we had a couple - of discussions about hotplug which helped me implementing this tool. - -- The parser can now understand "option" and "!option" instead of - option=1 and option=-1 (e.g. debug !check_device). - Thanks to Jean-Christophe JASKULA who - suggested me that and provided an initial patch. - -- Fixed a loop bug on serial number checking. Thanks to Zs - for reporting the bug and a patch to fix it. - -- Added the direct_open option which allows to open the private key - using O_DIRECT to avoid disk caching (works only on devices that - supports it). Thanks to myles who suggested me that. - -- Added some sanity checks here and there because it seems that the PAM - API can return weird stuff from time to time. - -- Handling the mount point creation/remotion in a better way which seems - to fix a couple of mntpoint problems. - -* 0.2.2 -- Added the keep_mounted option, which allows to not umount the mount point - once logged (useful if the gpg/ssh key is stored on there) - -- Fixed the mntpoint option: do not delete the directory if it's not a - temporary one. - -- Added the support to pass multiple filesystems name with the fs= - option (comma separated list). Changed the default fs to "ext2,vfat" - -- Added the log_file option. Takes a filename as a argument. - Combined with debug=1 it can log debug messages to a file. - -- Not mounting the device as read-only anymore. Instead, the mount_opts - option has been created. It accepts a comma separated list of mount - options (accepted options are: ro,bind,sync,remount,nosuid,noexec,nodev). - -- Fixed an issue which made the allow_remote feature not working correctly - with gdm/kdm. - -- Introduced the local_hosts and local_consoles options. They contain a - comma separated lists of hosts and consoles allowed to log in while using - allow_remote=-1 - -* 0.2.1 -- Changed the naming method from x.y to x.y.z - -- pam_usb is now able to distinguish local users from remote (as in - logged via ssh), and denies the authentication of non-local users. - Setting allow_remote to 1 disable this feature. - -- Mounting is now done in read-only. - -- Added the missing mandatory PAM functions. - -* 0.2_rc2 -- Workaround to make pam_usb not use /proc so it can run on Linux 2.6 - By setting check_device to -1, pam_usb will neither check the device's - serial number, nor if it's attached. It's not a real problem if you - don't need serial number checking, but don't combine it with - check_if_mounted. - -- Added the force_device capability. Now you can specify a device that - will be mounted without going in guessing mode. If the device cannot - be mounted, it'll switch back to the default guess mode. - Useful if guess mode fails, if you don't want it to try several - devices before getting the right one (so you can login faster), or if - you want to login using a floppy disk, a cdrom or whatever you want. - -- Modified the serial number authentication method so now if no serial - numbers are avaible on a device, it will try to use the GUID. - Thanks to Damien Braillard who reported the - issue, suggested a way to fix it, and provided a first patch for it. - -* 0.2_rc1 -- Radically changed the way pam_usb authenticates the user on the - system. Now it works with a pair of DSA keys. - - Thanks to Wout Mertens who told me that i could - use a couple of SSH keys to fix the authentication issue. - That gave me the idea to use a set of private/public keys. - - Thanks to Ilkka Mattila who helped me to - find out a better way to implement the key challenge: extracting the - public key was inadequate. - - Also thanks to those who brought up weird scenarios and/or tested - pre-releases of pam_usb, in alphabetical order: - - Ilkka Mattila - Joonas Kortesalmi - Thomas Stewart - Tuure Laurinolli - -* 0.1: -- Now pam_usb doesn't require a mount point. Instead, it creates - a temporary directory under /tmp. - Thanks to Loic Jaquemet who gave me the idea. - -- Compiles with gcc 2.95 thanks to Tobias Bayer bug - report. - -* 0.1-beta2: -- procfile and device entries autodetection have been fixed thanks to - Thomas Stewart bug reports. - -- devfs support added. Thanks to Loic Jaquemet - for the bug report. - -* 0.1-beta1: -- Initial release