2003-07-02  Thorsten Kukuk  <kukuk@suse.de>

	* release version 2.3

	* configure.in: Move crypt header/function check before LDAP
	checks.
	* src/rpasswd.c (main): Fix setting/loading of SSL cert path.
	* src/chpasswd.c: Disable LDAP support.

	* src/ldapfcn.h: Protect with USE_LDAP.
	* src/chage.c: Make LDAP support compile option.

	* src/rpasswd.conf.5: Document reqcert option.

2003-07-01  Thorsten Kukuk  <kukuk@suse.de>

	* src/rpasswd.c (load_config): Implement reqcert option.
	(main): Make certificate checking depending on reqcert value.

2003-06-20  Thorsten Kukuk  <kukuk@suse.de>

	* src/chpasswd.c (main): Implement -c option, add preliminary
	LDAP support.

	* src/chpasswd.8: New.
	* src/Makefile.am (man_MANS): Add chpasswd.8

2003-06-17  Thorsten Kukuk  <kukuk@suse.de>

	* src/rpasswd.c (main): Check server certificate and warn user
	if necessary.

	* src/rpasswdd.c (main): Initialise SSL before backgrouding.

	* src/read-files.c (parse_pwent): Don't inline.
	(parse_spent): Likewise.

	* src/rpasswd.c (main): Use SSLv23_client_method.

2003-04-07  Thorsten Kukuk  <kukuk@suse.de>

	* src/ldapfcn.c: Export ldap_get_lderrno if needed
	* src/ldapfcn.h: Add prototype for ldap_get_lderrno if needed

2003-03-15  Thorsten Kukuk  <kukuk@suse.de>

	* src/chage.c (print_help): Add help for -P.
	* src/chage.1: Add description for -D.

	* src/chpasswd.c: New file.

	* src/expiry.c (main): Drop all privilegs.

	* src/chage.c (main): Mark all output for translation.

	* src/Makefile.am (expiry_CFLAGS): Define passwd path.

2003-03-14  Thorsten Kukuk  <kukuk@suse.de>

	* src/expiry.1: Remove -c option, is now default.

2003-03-12  Thorsten Kukuk  <kukuk@suse.de>

	* src/Makefile.am (install-exec-hook): Fix permissions of expiry.
	(bin_PROGRAMS): Add expiry.
	* src/expiry.c: New file.
	* src/expiry.1: New file.

2003-02-13  Thorsten Kukuk  <kukuk@suse.de>

	* release version 2.2

	* src/ldapfcn.c: Only use syslog, if stderr is no tty.

	* src/Makefile.am: Fix creating of chsh/chfn hardlinks.
	Reported by Seth Chaiklin <seth@psy.au.dk>.

2003-02-12  Thorsten Kukuk  <kukuk@suse.de>

	* src/passwd.1: Fix typo.

	* src/user.c (do_setpwnam): Add support to change expire date in LDAP.

	* src/rpasswdd.c (main): Better error message, if certificate or
	privatkey file not found.
	(main): Correct usage of htons for port.

	* src/chage.c (main): If binddn is given, use this for changing
	data in a LDAP database.

2003-02-11  Thorsten Kukuk  <kukuk@suse.de>

	* src/passwd.c (passwd_main): Fix more error messages,
	implement binddn option, ask for binddn password.
	* src/ldapfcn.c (ldap_update_shell): Call ldap_update_field.
	(ldap_update_gecos): Likewise.
	(ldap_update_field): Fix to use binddn if given.
	* src/public.h: Add binddn to struct user.
	* src/user.c (free_user_t): Free binddn.

2003-02-09  Thorsten Kukuk  <kukuk@suse.de>

	* src/ldapfcn.c: pretty print.
	(ldap_update_field): New function.

	* src/passwd.c (passwd_main): Fix error message.

2003-02-03  Thorsten Kukuk  <kukuk@suse.de>

	* release version 2.1

	* src/passwd.c (print_usage): Add missing newline.

	* src/chage.1: Fix typo.

	* src/passwd.1: Rewritten, document all options.

2003-02-02  Thorsten Kukuk  <kukuk@suse.de>

	* src/Makefile.am: Link rpasswd and rpasswdd only against ssl.
	* configure.in: Put LDAP libraries in seperate variable.
	* configure.in: Add switch to disable LDAP.
	* src/ldapfcn.c: Don't include functions if LDAP is disabled.
	* src/user.c: Don't call ldap functions if LDAP is disabled.

2003-01-27  Thorsten Kukuk  <kukuk@suse.de>

	* release version 2.0

	* src/chfn.c: Fix typo in help message

	* src/Makefile.am: Use AM_CFLAGS instead of CFLAGS

	* configure.in: add AM_GNU_GETTEXT_VERSION

2003-01-21  Thorsten Kukuk  <kukuk@suse.de>

	* src/chfn.c: Rename print_usage to print_usage_shadow,
	rename print_help to print_help_shadow,
	(print_usage_util): New function.
	(print_help_util): New function.

	* src/read-files.c: Update from pam_unix2 1.14,
	Fix compiling with gcc 2.95.x (libc-lock).

2003-01-14  Thorsten Kukuk  <kukuk@suse.de>

	* src/rpasswd.1: Fix syntax error, add -p option.

	* src/rpasswdd.c: Add prototype for setresuid, use getservbyname
	to find default port to listen on.

	* src/user.c: Include read-files.h, rename path to files_etc_dir.
	* src/chage.c (main): Use files_etc_dir instead of path.
	* src/read-files.c: Update from pam_unix2 1.13.
	* src/read-files.h: New.

	* src/ldapfcn.c: Sync with pam_ldap-156.

2003-01-13  Thorsten Kukuk  <kukuk@suse.de>

	* src/chage.1: Expand -d description.
	* src/rpasswdd.c: Add sanity checks from Olaf Kirch.
	* src/rpasswd-client.h: Use port 774 as default.

2002-10-01  Thorsten Kukuk  <kukuk@suse.de>

	* src/chage.c (print_version): New, don't use the heimdal
	version.

2002-08-25  Thorsten Kukuk  <kukuk@suse.de>

	* src/ldapfcn.c (get_ldapuser_info): LDAP_FILT_MAXSIZ does
	not exist any longer with openldap 2.1.4, add a workaround.

2002-08-13  Thorsten Kukuk  <kukuk@suse.de>

	* src/read-files.c: Include own parser based on glibc macros.

2002-08-03  Thorsten Kukuk  <kukuk@suse.de>

	* src/rpasswdd.c: Rewrite IPv4/IPv6 binding, so that it works
	with plain and USAGI Linux kernel.

	* src/rpasswd.c (print_usage): Add username as parameter.
	* src/rpasswd.1: Likewise.

2002-07-21  Thorsten Kukuk  <kukuk@suse.de>

	* src/chage.c (main): Parameters -d and -E could be the number
	of days since 1.1.1970 or a date.
	* src/chage.1: Fix description of -d and -E.

2002-07-15  Thorsten Kukuk  <kukuk@suse.de>

	* release version 1.99

	* src/chage.c (main): Print info message if no shadow data
	is available for an account.

	* src/user.c (do_authentication): Make query for plaintext
	password configurable.
	* src/public.h: Adjust prototype for do_authentication.
	* src/chsh.c (chsh_main): Require plaintext password.
	* src/chfn.c (chfn_main): Likewise.

	* src/chage.c (main): Fix searching for user given by argument,
	implement -P (--path) option, don't require clear password for
	-l option.
	(change_shadow_info): Fix memory leaks, round the return value
	correct, print error messages.
	*src/chage.1: New.

2002-07-14  Thorsten Kukuk  <kukuk@suse.de>

	* src/files-spwd.c: Rename to ...
	* src/read-files.c: ... this, add support for passwd, too.

2002-07-09  Thorsten Kukuk  <kukuk@suse.de>

	* src/chsh.c (get_shell_list): Don't abort if line does not end
	with newline, could be removed already.

	* src/passwd.c (passwd_main): If we cannot lock/unlock the password,
	abort with an error code.

	* src/user.c (do_getpwnam): Use local copy of getspnam_r for files.

2002-07-04  Thorsten Kukuk  <kukuk@suse.de>

	* src/user.c (do_setpwnam): Set correct permissions of temporary
	files as early as possible (Reported by
	Artem Frolov <frolov@sigma.ispras.ru>).

2002-10-17  Thorsten Kukuk  <kukuk@suse.de>

	* src/chage.c: Implement changing values with options.

2002-05-28  Thorsten Kukuk  <kukuk@suse.de>

	* src/chsh.c (chsh_main): Allow ldap for -r option.

	* src/chage.c (print_shadow_info): if lstchg is zero, print
	unknown date and hint that user is forced to change password.
	(main): Allow ldap for -r option.

	* src/user.c (do_setpwnam): Save aging information only if
	they have changed.

	* src/chage.c (main): Implement missing queries for new
	aging values.
	* src/public.h: Add flag if aging informations have changed.
	* src/user.c (do_getpwnam): initialize sp_changed with FALSE.
	* src/passwd.c (passwd_main): Adjust to new do_getpwnam()
	interface.

2002-05-21  Thorsten Kukuk  <kukuk@suse.de>

	* src/chfn.c: Fix some comments.
	* src/user.c (do_getpwnam): clear sp field if no shadow entry
	is found, else initialize spn with sp.

2002-05-20  Thorsten Kukuk  <kukuk@suse.de>

	* src/chage.c: New file.

2002-05-10  Thorsten Kukuk  <kukuk@suse.de>

	* release version 1.98

	* src/rpasswdd.c (server_run): Set timeout for initial request to
	1 second.

	* src/rpasswdd.8: New manual page.
	* src/Makefile.am (man_MANS): Add rpasswdd.8.
	* src/rpasswdd.c (main): Remote unused nthreads variable.

2002-05-08  Thorsten Kukuk  <kukuk@suse.de>

	* src/rpasswd.c (print_usage): Print correct options.
	(print_help): Add --verbose description.
	* src/Makefile.am (man_MANS): Add rpasswd.1.
	* src/rpasswd.1: New manual page.

2002-05-06  Thorsten Kukuk  <kukuk@suse.de>

	* release version 1.97

	* src/Makefile.am (man_MANS): Add rpasswd.conf.5

	* src/rpasswd.conf.5: New file.

	* src/rpasswd.c (load_config): Read server name and port number
	from config file.

	* src/rpasswdd.c (handle_request): If uid of user is zero, call
	pam_authenticate() to make sure nobody changes remote the root
	password without knowing the old one. Ask always for a password,
	even if account does not exists.

2002-05-05  Thorsten Kukuk  <kukuk@suse.de>

        * release version 1.96

	* src/rpasswd.c (start_request): Send current LANG variable as
	locale to server.

	* src/rpasswdd.c (handle_request): Call setlocale.
	(main): set locale to "C".

	* src/rpasswd.c (read_string): Simply function, remove unessary
	timeout code.

2002-05-03  Thorsten Kukuk  <kukuk@suse.de>

	* src/rpasswdd.c (handle_request): Print info messages in admin mode.

	* src/rpasswd.c: Add -a option to enable admin mode, only print
	SSL certificate information if -v option is given.

2002-05-02  Thorsten Kukuk  <kukuk@suse.de>

	* src/rpasswdd.c: Undo last move of reading first data, does not work
	due SSL buffering.
	(safe_read): Use poll with timeout for waiting for data.
	(read_string): Use safe_read() to avoid waiting for ever.
	(server_start): Use safe_read() to avoid blocking the server by
	one user.

2002-05-01  Thorsten Kukuk  <kukuk@suse.de>

	* src/rpasswdd.c (server_start): Move first read of data from here ...
	* src/rpasswdd.c (handle_request): ... to here (avoid possible DoS
	attacks), in admin mode, let other side authenticate as root and
	don't call setresuid().

	* src/rpasswd-client.h: Add request_type enum.

2002-04-28  Thorsten Kukuk  <kukuk@suse.de>

	* src/rpasswd.c: Make compile with older gcc.
	* src/rpasswdd.c: Likewise.

2002-04-27  Thorsten Kukuk  <kukuk@suse.de>

	* release version 1.95

	* src/ldapfcn.h: Sync with pam_ldap-142.
	* src/ldapfcn.c: Likewise. remove pam_ldap prefix from syslog
	messages.

	* configure.in: Add options for ldap.conf and ldap.secrets location.

2002-04-25  Thorsten Kukuk  <kukuk@suse.de>

	* release version 1.94

	* src/rpasswdd.c (init_limits): New function, set correct limits.
	(main): Ignore SIGHUP and SIGXFSZ.

	* src/main.c (init_environment): New function, set correct limits
	and ignore most signals.

	* src/user.c (do_setpwnam): Close files before renaming them,
	rewrote complete error handling to give the error really back to
	calling function.

	* src/rpasswdd.c (server_run): If poll is interupted by a signal,
	don't print an error message.

2002-04-24  Thorsten Kukuk  <kukuk@suse.de>

	* release version 1.93

	* src/rpasswdd.c: read_string: Allow max. 1024 bytes of data,
	add SIGCHLD signal handler to cleanup childs.

	* src/rpasswdd.c: Check if sock4/sock6 is equal or greater zero,
	not only greater.

	* etc/rpasswdd.init: Fix typo.

	* release version 1.92

	* etc/rpasswdd.init: SuSE Linux 8.0 init script
	* etc/Makefile.am (EXTRA_DIST): Add rpasswdd.init

	* src/chfn.1: New.
	* src/chsh.1: New.
	* src/chsh.c (print_usage): Remove wrong options.
	* src/Makefile.am: Add rpasswdd.h header file and chfn.1/chsh.1.

	* src/rpasswdd.c: Code cleanup, correct error checking for SSL
	functions, fix some memory leaks.

2002-04-24  Thorsten Kukuk <kukuk@suse.de>

	* Makefile.am (SUUBDIRS): Remove intl.
	* configure.in (AC_OUTPUT): Remove intl/Makefile.
	(AM_GNU_GETTEXT): Add "external" as argument.
	* src/Makefile.am (INCLUDES): Remove ../intl from search path.
	(LDADD): Use LIBINTL instead of INTLLIBS.

2002-04-24  gettextize  <bug-gnu-gettext@gnu.org>

	* Makefile.am (SUBDIRS): Add m4.
	(ACLOCAL_AMFLAGS): New variable.
	(EXTRA_DIST): New variable.
	* configure.in (AC_OUTPUT): Add m4/Makefile.

2002-04-14  Thorsten Kukuk  <kukuk@suse.de>

	* src/nsw.c (nsw_free): Fix type (remove ; aftr if).
	* src/Makefile.am: Add rpasswd and rpasswdd sources.
	* src/rpasswd.c: New.
	* src/rpasswd-client.h: New.
	* src/rpasswdd.c: New.
	* src/dbg_log.h: New.
	* src/dbg_log.c: New.

2002-03-10  Thorsten Kukuk  <kukuk@suse.de>

	* etc/chfn.pamd: Use pam_deny for session management.
	* etc/chsh.pamd: Likewise.
	* etc/passwd.pamd: Reformat.

2002-01-29  Thorsten Kukuk  <kukuk@suse.de>

        * src/user.c (do_getpwnam): Create our own nsswitch data if
        user uses service option.

        * src/nsw.c (nsw_free): Fix memory leak.

2002-01-24  Thorsten Kukuk  <kukuk@suse.de>

	* release version 1.91

	* src/passwd.c (passwd_main): Implement password locking.

	* src/user.c (do_setpwnam): Revert code to run through passwd
	and shadow if needed: run only through /etc/passwd, if we have
	something to change. Always run through /etc/shadow, if we
	shadow informations.

	* src/chsh.c (check_shell): If root changes the shell, print
	only a warning and don't abort.

	* src/main.c (main): If called as chfn or chsh, don't execute
	passwd later.

2002-01-20  Thorsten Kukuk  <kukuk@suse.de>

	* release version 1.90

	* src/chsh.c: Rename main to chsh_main.
	* src/chfn.c: Likewise.

	* src/main.c: If passwd is called as chfn or chsh, call
	chfn_main and chsh_main.

	* src/Makefile.am: chsh and chfn are now links to passwd.

	* src/user.c (do_getpwnam): Also read shadow information.
	(do_setpwnam): Save all shadow values, they could have changed.

	* src/chfn.c (main): Add -q option.
	* src/chsh.c (main): Likewise.

	* src/chsh.c (main): Set locale before using it.
	* src/chfn.c (main): Likewise.

2002-01-19  Thorsten Kukuk  <kukuk@suse.de>

	* src/chfn.c (check_field): New function, check if parts of
	gecos field does not contain invalid characters.

	* src/ldapfcn.h: Add prototype for ldap_update_gecos().

	* src/ldapfcn.c (ldap_update_gecos): New function.

	* src/user.c (do_setpwnam): Also test, if gecos fields needs
	to be updated.

	* src/chsh.c (main): Check if new_shell is not NULL befor
	using it.

	* src/get_value.c (get_value): If "none" is entered, return
	empty string. If only <return> is entered, return old value.

2002-01-18  Thorsten Kukuk  <kukuk@suse.de>

	* src/get_value.c (get_value): If old value is NULL, print
	empty string.

	* src/user.c (do_authentication): New function for user
	authentication with PAM.

	* src/chsh.c (main): Flush passwd cache.
	* src/chfn.c (main): Likewise.

	* src/public.h (nscd_flush_cache): Add prototype.

	* src/nscd.c: New file.

2002-01-07  Thorsten Kukuk  <kukuk@suse.de>

	* src/get_value.c: Start new implementation of pwdutils.
