pam-mysql / News: Recent posts

pam-mysql 0.7RC1 is released!

This is the first release candidate of 0.7 branch.

Please refer to the change log for details about major changes.

* Add a option "disconnect_every_op" option that
forces pam_mysql to disconnect from the database
every operation (PR #1325395).
* Use geteuid() instead of getuid() to check if
the current user is authorized to change the
password (PR #1338667).
* Allow root (uid=0) to change the passwords
of other users without their old password
(PR #1338672).... read more

Posted by Moriyoshi Koizumi 2006-01-09

pam-mysql 0.6.2 & 0.7pre3 are released (security update)

The PAM-MySQL project, which aims to create a PAM module that enables PAM-aware applications to authenticate the users against the MySQL database, has announced that the newest versions of the product is now available for downloads.

The new releases include some crucial security fixes and users are strongly encouraged to upgrade installation.

Addressed security concerns:

- Possible segmentation fault in the SQL logging facility, which can
cause Denial-of-Service (DoS).... read more

Posted by Moriyoshi Koizumi 2005-09-28

pam-mysql 0.6.1 (stable) & 0.7pre2 are released!!

The latest versions of pam-mysql, which allows PAM aware applications to authenticate users through a MySQL database, are just released.

New features:
* SHA1 support (0.7pre2)
* "use_first_pass" and "try_first_pass" options for effective
use of PAM semantics. (0.7pre2)
* "use_323_passwd" option (0.6.1, 0.7pre2)

* Changed column name handling to not escape meta
characters. Now you can specify an expression to every
XXXcolumn variable like "CONCAT(a, b, c)" (0.7pre2)
* Fixed account management code that wouldn't work
at all :-p (0.6.1, 0.7pre2)
* Included pam_mysql.spec to the tarball by default.
This enables you to make a RPM with the following
oneliner: (rpmbuild -tb pam_mysql.tar.gz).(0.6.1, 0.7pre2)
* Fixed compile failure that occurs with the old mysql_config (< 4.0.16). (0.6.1, 0.7pre2)
* Fixed compile failure on Solaris when --with-openssl is
specified to the configure script. (0.6.1, 0.7pre2)... read more

Posted by Moriyoshi Koizumi 2005-09-18

pam-mysql 0.6.0 (stable version) is released!!

Two years and a half since the last release, we proudly annouce the latest version of pam-mysql, which is a PAM(3) module that handles authentication / session management against MySQL database.

New features:
* Total tidy-up for security.
* Unix-domain socket / non-default port support.
* Non-cryptish and portable MD5 hash support (requires either OpenSSL or Cyrus-SASL1/2).
* Autogenerated spec file for RPM build.
* Support for account management / authentication token alteration.... read more

Posted by Moriyoshi Koizumi 2005-06-14

New Management

Hi, I'm James, you might remember me from such releases as version 0.2. Steve and Kevin have moved on to other projects, and I'd rather not see this package die, so I'm going to put some time into maintaining it.
My biggest stumbling block is that I don't have a use for the module anymore, which is the reason I passed it on a few years ago.

Tonight I just checked in some code related to a buffer overflow problem that was reported to me. It currently 'works for me'. Could some other people give it a test?... read more

Posted by James O'Kane 2002-08-26