Version 1.9

* NEWS: Update version number.
* configure.ac: Likewise.
* doc/pam_ldaphome.8in: Reorder configuration statements.
* pamck/pamck.c: Update copyright years.

NEWS

@@ -5,7 +5,7 @@ See the end of file for copying conditions.
 Please send pam-modules bug reports to <bug-pam-modules@gnu.org.ua>
 
 
-Version 1.8.93, (Git)
+Version 1.9, 2014-05-21
 
 * New module pam_groupmember
 
@@ -168,7 +168,7 @@ Version 0.1
 =========================================================================
 Copyright information:
 
-Copyright (C) 2001, 2004-2005, 2007-2012 Sergey Poznyakoff
+Copyright (C) 2001, 2004-2005, 2007-2014 Sergey Poznyakoff
 
    Permission is granted to anyone to make or distribute verbatim copies
    of this document as received, in any medium, provided that the

configure.ac

@@ -16,7 +16,7 @@
 
 AC_PREREQ(2.63)
 
-AC_INIT(pam-modules, 1.8.93, bug-pam-modules@gnu.org.ua)
+AC_INIT(pam-modules, 1.9, bug-pam-modules@gnu.org.ua)
 AC_CONFIG_SRCDIR(pam_fshadow/pam_fshadow.c)
 AC_CONFIG_AUX_DIR([build-aux])
 AC_CONFIG_MACRO_DIR([m4])

doc/pam_ldaphome.8in

@@ -14,7 +14,7 @@
 .\" You should have received a copy of the GNU General Public License
 .\" along with PAM-Modules.  If not, see <http://www.gnu.org/licenses/>.
 .so config.so
-.TH PAM_LDAPHOME 8 "May 19, 2014" "PAM-MODULES" "Pam-Modules User Reference"
+.TH PAM_LDAPHOME 8 "May 21, 2014" "PAM-MODULES" "Pam-Modules User Reference"
 .SH NAME
 pam_ldaphome \- create and populate user home directories
 .SH SYNOPSIS
@@ -46,27 +46,7 @@ split across several physical lines of text by ending each line but
 the last with a backslash character. 
 .PP
 Available configuration directives are:
-.TP
-.BI allow\-home\-dir " PATH"
-Lists directories in which it is allowed to create home directories.
-\fIPATH\fR is a list of directories separated by colons.  The user's
-home directory will be created only if the directory part of its name
-is listed in \fIPATH\fR.
-.TP
-.BI skel " DIR"
-Supplies the name of a \fIskeleton directory\fR.  The contents of this
-directory is copied to each newly created user home directory.  The
-file modes and permissions are retained.
-.TP
-.BI uri " ARG"
-Sets the URI of the LDAP server to consult for the user profile.
-.TP
-.BI ldap\-version " NUM"
-Sets the LDAP version to use.  Valid arguments are
-.B 2 
-and
-.B 3
-(the default).
+.SS LDAP Settings
 .TP
 .BI base " SEARCHBASE"
 Use \fISEARCHBASE\fR as starting point for searches.
@@ -81,6 +61,21 @@ password for simple authentication.
 .BI bindpwfile " FILE"
 Read password for simple authentication from \fIFILE\fR.
 .TP
+.BI filter " EXPR"
+Defines a LDAP filter expression which returns the user profile.  The
+\fIEXPR\fR should conform to the string representation for search
+filters as defined in RFC 4515.
+.TP
+.BI ldap\-version " NUM"
+Sets the LDAP version to use.  Valid arguments are
+.B 2 
+and
+.B 3
+(the default).
+.TP
+.BI pubkey\-attr " TEXT"
+Defines the name of the attribute that keeps user's public SSH key.
+.TP
 .BI tls " VAL"
 Controls whether TLS is desired or required.  If \fIVAL\fR is
 \fBno\fR (the default), TLS will not be used.  If it is \fByes\fR,
@@ -89,32 +84,15 @@ anyway if it fails.  Finally, if \fIVAL\fR is the word \fBonly\fR, the
 use of TLS becomes mandatory, and the module will not establish LDAP
 connection unless \fIStartTLS\fR succeeds.
 .TP
-.BI min\-uid " N"
-Sets the minimal UID.  For users with UIDs less than \fIN\fR,
-\fBpam_ldaphome\fR will return \fBPAM_SUCCESS\fR immediately.  This
-allows you to have a set of basic users whose credentials are kept in
-the system database and who will not be disturbed by
-\fBpam_ldaphome\fR.  See also \fBmin\-gid\fR and \fBallow\-groups\fR.
+.BI uri " ARG"
+Sets the URI of the LDAP server to consult for the user profile.
+.SS Home directory creation
 .TP
-.BI min\-gid " N"
-Sets the minimal GID.  For users with GIDs less than \fIN\fR,
-the module will return \fBPAM_SUCCESS\fR immediately.
-.TP
-\fBallow\-groups\fR \fIGROUP\fR [\fIGROUP\fR...]
-Only handle members of the listed groups.
-.TP
-.BI filter " EXPR"
-Defines a LDAP filter expression which returns the user profile.  The
-\fIEXPR\fR should conform to the string representation for search
-filters as defined in RFC 4515.
-.TP
-.BI import\-public\-keys " BOOL"
-When set to \fBno\fR, disables importing public keys from LDAP.  You
-may wish to use this option if you are using \fBopenssh\fR 6.1 or
-later with \fBldappubkey\fR as \fBAuthorizedKeysCommand\fR.
-.TP
-.BI pubkey\-attr " TEXT"
-Defines the name of the attribute that keeps user's public SSH key.
+.BI allow\-home\-dir " PATH"
+Lists directories in which it is allowed to create home directories.
+\fIPATH\fR is a list of directories separated by colons.  The user's
+home directory will be created only if the directory part of its name
+is listed in \fIPATH\fR.
 .TP
 .BI copy\-buf\-size " N"
 Sets the size of the buffer used to copy files from the skeleton
@@ -123,8 +101,11 @@ directory to the newly created home.  The default value is 16384 bytes.
 .BI home\-dir\-mode " MODE"
 Defines the file mode (octal) for creation of the user directories.
 .TP
-.BI keyfile\-mode " MODE"
-Defines the file mode (octal) for creation of authorized keys files.
+.BI skel " DIR"
+Supplies the name of a \fIskeleton directory\fR.  The contents of this
+directory is copied to each newly created user home directory.  The
+file modes and permissions are retained.
+.SS Authorized keys file control
 .TP
 .BI authorized_keys " NAME"
 Sets the pathname (relative to the home directory) for the authorized
@@ -134,6 +115,35 @@ operation, this value must be the same as the value of
 .BR sshd_config (5).
 Unless you change the latter, there's no need to edit it.
 .TP
+.BI import\-public\-keys " BOOL"
+When set to \fBno\fR, disables importing public keys from LDAP.  You
+may wish to use this option if you are using \fBopenssh\fR 6.2p1 or
+later with \fBldappubkey\fR as \fBAuthorizedKeysCommand\fR.
+.TP
+.BI keyfile\-mode " MODE"
+Defines the file mode (octal) for creation of authorized keys files.
+.SS Access control
+.TP
+\fBallow\-groups\fR \fIGROUP\fR [\fIGROUP\fR...]
+Only handle members of the listed groups.
+.TP
+.BI min\-gid " N"
+Sets the minimal GID.  For users with GIDs less than \fIN\fR,
+the module will return \fBPAM_SUCCESS\fR immediately.
+.TP
+.BI min\-uid " N"
+Sets the minimal UID.  For users with UIDs less than \fIN\fR,
+\fBpam_ldaphome\fR will return \fBPAM_SUCCESS\fR immediately.  This
+allows you to have a set of basic users whose credentials are kept in
+the system database and who will not be disturbed by
+\fBpam_ldaphome\fR.  See also \fBmin\-gid\fR and \fBallow\-groups\fR.
+.SS Initialization script support
+.TP
+.BI exec\-timeout " SECONDS"
+Sets maximum time the \fBinitrc\-command\fR is allowed to run.  If
+it runs longer than \fISECONDS\fR, it will be terminated with a
+\fBSIGKILL\fR, and the module will return \fBPAM_SYSTEM_ERR\fR.
+.TP
 .BI initrc\-command " COMMAND"
 Run \fICOMMAND\fR after populating the user home directory with
 files from the skeleton directory.  The user login name is passed to
@@ -144,10 +154,6 @@ standard output is redirected to standard errror.
 The command should exit with code 0 on success.  If it exits with a
 non-zero code, PAM_SYSTEM_ERR will be reported.
 .TP
-.BI initrc-log " FILE"
-Redirects standard output and error from the
-\fBinitrc\-command\fR to \fIFILE\fR.
-.TP
 \fBinitrc\-environ\fR \fIENV\fR ...
 Modifies the environment of \fBinitrc\-command\fR.
 
@@ -185,6 +191,10 @@ is removed from it before assignment.
 .RE
 The \fIVALUE\fR part can be enclosed in single or double quotes, in
 which case the usual shell dequoting rules apply.
+.TP
+.BI initrc-log " FILE"
+Redirects standard output and error from the
+\fBinitrc\-command\fR to \fIFILE\fR.
 .SH OPTIONS
 .TP
 .BI config= FILE

pamck/pamck.c

@@ -39,7 +39,7 @@ version()
 {
 	printf("%s (%s) %s\n", program_name, PACKAGE, PACKAGE_VERSION);
 	fputs ("\
-Copyright (C) 2009 Sergey Poznyakoff\n\
+Copyright (C) 2009-2012, 2014 Sergey Poznyakoff\n\
 \n\
 License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>.\n\
 This is free software: you are free to change and redistribute it.\n\