0.6.10

What's Changed

• Add a sshd soft depends for the deb package by @dmulder in #232
• Rework the poll logic by @dmulder in #234
• Ensure local users are ignored when CN mapping by @dmulder in #236
• Stable 0.6.x fail on bad password by @dmulder in #239
• Hello PIN length and offline fixes by @dmulder in #242

Full Changelog: 0.6.5...0.6.10

0.6.5

What's Changed

• Stable 0.6.x CN Name mapping by @dmulder in #231

Full Changelog: 0.6.4...0.6.5

0.6.4

2024-08-10 - Himmelblau 0.6.4 Patch (Security)

• Newer versions of Rust/LLVM would optimise-out a call to pam_get_user due to a library using const incorrectly on a pointer. This could result in a username not being set with an invalid fall through condition. In some cases this COULD CAUSE UNAUTHENTICATED system access.
  • Affected versions: 0.5.3 through 0.6.1.

What's Changed

• Bug in pam which needs defended against by @dmulder in #221
• Stable 0.6.x Debian packaging fixes by @dmulder in #222

Full Changelog: 0.6.2...0.6.4

0.6.2

What's Changed

• Debian build requires libdbus-1-dev by @dmulder in #198
• libdbus-1-dev deb build dep by @dmulder in #200
• Makefile typo fixes by @dmulder in #202
• Correct installation directory of the deb pam module by @dmulder in #207
• Never return the Pam result from get_user() by @dmulder in #215

Full Changelog: 0.6.0...0.6.2

0.6.0

What's Changed

Added

• Pam option for OpenSSH 2876 workaround: Added a new PAM configuration option to work around OpenSSH issue #2876.
• Debug option: Introduced a new debug option to the configuration.

Fixed

• PAM failure to register Pin following MFA poll: Resolved an issue causing PAM to fail during Pin registration after multi-factor authentication polling.
• PAM echo not displayed via SSH: Fixed an issue where the PAM echo was not properly displayed in SSH sessions.

Changed

• Authorization behavior: Now authorizing all users when pam_allow_groups is left empty.
• Libhimmelblau update: Updated the project to use the latest version of libhimmelblau.

Miscellaneous

• Fork from Kanidm: This version marks the fork from the original Kanidm project.
• README update: Updated the README.md file with new instructions and details.

Full Changelog: 0.5.3...0.6.0

0.5.3

What's Changed

• Stable 0.5.x make install by @dmulder in #193

Full Changelog: 0.5.2...0.5.3

What's Changed

• Add Debian packaging to stable 0.5.x by @dmulder in #187
• Version 0.5.1 by @dmulder in #188
• Add a version check script by @dmulder in #189
• Fix tag push permissions for github tag-version workflow by @dmulder in #190
• Stable 0.5.x make install by @dmulder in #193

Full Changelog: 0.5.0...0.5.3

0.5.0

What's Changed

• Update to latest msal by @dmulder in #64
• Update msal crate again by @dmulder in #66
• Always force MFA when enrolling the device by @dmulder in #73
• Enhanced MFA by @dmulder in #76
• Update the gitignore by @dmulder in #77
• deps(rust): update opentelemetry-otlp requirement from 0.13.0 to 0.15.0 by @dependabot in #84
• deps(rust): update opentelemetry_sdk requirement from 0.20.0 to 0.22.1 by @dependabot in #83
• deps(rust): update base64 requirement from ^0.21.5 to ^0.22.0 by @dependabot in #82
• deps(rust): update notify-debouncer-full requirement from 0.1 to 0.3 by @dependabot in #81
• deps(rust): update systemd-journal-logger requirement from ^1.0.0 to ^2.1.1 by @dependabot in #80
• Dmulder/actions by @dmulder in #85
• deps(rust): update kanidm-hsm-crypto requirement from ^0.1.6 to ^0.2.0 by @dependabot in #86
• deps(rust): update clap requirement from ^3.2 to ^4.5 by @dependabot in #87
• deps(rust): update rusqlite requirement from ^0.28.0 to ^0.31.0 by @dependabot in #88
• deps(rust): update tracing-opentelemetry requirement from 0.21.0 to 0.23.0 by @dependabot in #89
• deps(rust): update libnss requirement from 0.5.0 to 0.6.0 by @dependabot in #90
• WIP: Use the Kanidm MFA patches by @dmulder in #78
• deps(rust): update tonic requirement from 0.10.2 to 0.11.0 by @dependabot in #91
• deps(rust): update num_enum requirement from ^0.5.11 to ^0.7.2 by @dependabot in #92
• deps(rust): update opentelemetry requirement from 0.20.0 to 0.22.0 by @dependabot in #93
• deps(rust): update lru requirement from ^0.8.0 to ^0.12.3 by @dependabot in #94
• deps(rust): update reqwest requirement from ^0.11.18 to ^0.12.2 by @dependabot in #95
• Dmulder/fix build by @dmulder in #96
• Enable actions on stable branches by @dmulder in #99
• deps(rust): update hostname requirement from ^0.3.1 to ^0.4.0 by @dependabot in #100
• Windows Hello PIN implementation by @dmulder in #101
• Add rid idmapping (replacing existing idmap) by @dmulder in #102
• Fix fallback DAG deadlock by @dmulder in #104
• deps(rust): update webauthn-rs-proto requirement from 0.4.8 to 0.5.0 by @dependabot in #105
• deps(rust): update libnss requirement from 0.6.0 to 0.7.0 by @dependabot in #107
• Fallback to SFA first if MFA fails Browse files by @dmulder in #108
• Update version main by @dmulder in #110
• Update README.md with Matrix contact info by @dmulder in #112
• Fix Hello PIN Authentication error, no nonce by @dmulder in #114
• Update the base64urlsafedata version by @dmulder in #116
• Fix Bug #113 by @dmulder in #117
• Add an option for disabling Windows Hello by @dmulder in #118
• Allow disabling Hello PIN auth for enrolled users by @dmulder in #120
• Correct the debug messages for Hello skip by @dmulder in #121
• Fix user dropping from NSS by @dmulder in #122
• Fix aad-tool to handle MFA by @dmulder in #125
• Fake user token and fix NSS by @dmulder in #128
• Only remove cached user if it doesn't exist by @dmulder in #129
• SSSD Idmapping with upn mapping by @dmulder in #131
• When faking a uuid for NSS, use a random uuid by @dmulder in #133
• Fix group lookup failure by @dmulder in #136
• Version 0.5.0 bump for main, and README updates by @dmulder in #137
• Always normalize idmap upn inputs by @dmulder in #138
• Fix a refresh token leak in debug from msal by @dmulder in #140
• Utilize the graph code in MSAL by @dmulder in #142
• Relicensing as GPL3, as SSSD source inclusion requires by @dmulder in #144
• OneWaySMS is additionally a valid OTP by @dmulder in #145
• MS Authenticator with PhoneAppNotification fixes by @dmulder in #146
• Fix ConsolidatedTelephony MFA method by @dmulder in #148
• Disable the SFA fallback by default by @dmulder in #149
• Update required packages for tumbleweed by @noelpower in #153
• himmelblaud stops working after suspend by @dmulder in #156
• Switch to using libhimmelblau by @dmulder in #157
• deps(rust): update tonic requirement from 0.11.0 to 0.12.0 by @dependabot in #160
• Update to libhimmelblau version 0.2.9 by @dmulder in #167
• Fix CI failures caused by cargo 1.80.1 by @dmulder in #168
• deps(rust): update bindgen requirement from 0.69.4 to 0.70.1 by @dependabot in #165
• deps(rust): update scim_proto requirement from ^0.2.1 to ^1.3.2 by @dependabot in #163
• deps(rust): update rusqlite requirement from ^0.31.0 to ^0.32.0 by @dependabot in #161
• deps(rust): update base32 requirement from ^0.4.0 to ^0.5.0 by @dependabot in #134
• Compilation fails on Ubuntu, missing ldb header by @dmulder in #169

New Contributors

• @dependabot made their first contribution in #84
• @noelpower made their first contribution in #153

Full Changelog: 0.2.0...0.5.0

0.4.3

What's Changed

• himmelblaud stops working after suspend by @dmulder in #158

Full Changelog: 0.4.2...0.4.3

0.4.2

What's Changed

• Fix ConsolidatedTelephony MFA method by @dmulder in #150

Full Changelog: 0.4.1...0.4.2

0.4.1

What's Changed

• Normalize idmap inputs by @dmulder in #139
• Fix a refresh token leak in debug from msal (stable-0.4.x) by @dmulder in #141
• Backports of MFA fixes to 0.4.x stable by @dmulder in #147

Full Changelog: 0.4.0...0.4.1