Releases: kravietz/pam_tacplus
v1.7.0
libtac
- Refactored the complex and overengineered TACACS+ session id generation, replacing it with getrandom on all systems, with gnulib provided implementation for systems that do not have it.
- Removed legacy MD5 code and replaced it with gnulib implementation for easier maintenance and compatibility.
- Legacy data structures such as attribute lists were replaced with gnulib structures.
- CHAP implementation used a fixed challenge in contradiction with the RFC 1994 requirement. This was replaced with a pseudo-random challenge generated using
getrandom. - ABI version set to
5:0:0. From now on, this is the only way to version the library. The legacy static variablestac_ver_were removed as confusing
pam_tacplus
- Calling process PID is now used as the
task_idattribute in TACACS+ accounting session. This replaces an overengineered cryptographically random tasks identifiers. - Updated Debian build instructions.
This release v1.7.0.tar.gz file is signed using SigStore.
v1.6.2.1
v1.6.2.1
v1.6.2
v1.6.2
v1.6.1
Fixed CVE-2020-27743
v1.5.1
Second pre-release of 1.5.0
We've picked up the last few weeks of fixes from master. Any subsequent minor fixes can also be cherry-picked into v1.5.x. If there are no further fixes, we'll tag this as v1.5.0.
First pre-release of 1.5.0
Master will be branching soon as v1.5.x and there will be limited releases of 1.5.x after v1.5.0 comes out, most likely just maintenance releases to address CVEs and other serious bugs.
Master will then be released as v2.0.0 which will break ABI/API compatibility, and developers will be expected to port their code to the v2 API.
The new API will be more object-oriented, and have per-session parameters encapsulated in a session container so that multiple Tacacs+ sessions may be supported.