rc6 release: 
   - fix crash in username mapping with certain length usernames
   - fix 100% CPU utilisation issue in module code when waiting for server
   - fix crash in username mapping not using pam_set_item

rc5 release:
   - fix remote root overflow

rc4 release:
   - FreeBSD build fixes

18 Apr 2002 -
   - add two patches from Sam Horrocks - failover and failsafe caching

26 Mar 2002 -
   - updated to newest tdb code from sf.net/projects/tdb
   - moved to internal TDB databases removing storage on disk

20 Mar 2002 - 
   - fixes for username mapping code from Sam Horrocks
   - add noroot options to stop UID 0 from Robert Macaulay
   - cleanup suggestions to pam_read_conf and startup script from
   	Michael J. Maravillo

Changes for 1.9.9
  - fixed CRASHER in safestrcpy from walking off allocated memory!!!
    -pasirste

  - convered some C++ style comments to C style comments
    -pasirste

  - There is still a potential authentication race condition: so we bullet proof 
    (if possible) all other cases where a threaded application (such as a web app) 
    has a single pid an may have multiple authentication requests at the "same time".
    This fix is not theoretically perfect; however, practically it should be OK.  The
    theoretical hole is that if two auth requests were to occur exactly at the same time
    down to the micro-second (usec) there could be a problem. In
    practice this should not happen.
    -dpasirst & lombardo

  - odd things can happen with threaded applications during an
    authentication request In some cases, ernno will be set to an unusual value that 
    pam_smb did not handle: ENOENT. Since this was not handled it was
    falling down onto the default case, and it caused responses to get backed up on
    the queue and the next person to auth will receive the previous 
    return from pamsmbd. This behavior 
    has only been seen on Solaris 2.6 and 7. The fix will not affect other
    OS's. 
    -lombardo & dpasirst

  - new behavior for debug option (can now be "dynamically" controled as
    a param in pam.conf (or equiv.) no restart necessary)
    -dpasirst & lombardo 

  - "cachetime" option and modified timeout behavior from 1.9.8
    The login cache can now be "dynamically" controled as a param
    in pam.conf.  Default cache time if not set is 15 min
    note: 
      cachetime=n  where n=number in minutes before considered expired
      cachetime=0  never cache (ie. always go out and check PDC/BDC)
      cachetime=-1 never consider an account in cache expired
    -dpasirst & lombardo

  - small signal handling (usr2, hup, term) changes/clean up.  Removal of 
	sigalarm (no longer needed: see cachetime change).  
	Addition of "USR1" signal handler to reset the user cache. 
    -dpasirst & lombardo

  - fixed tdb storage so that it no longer stores cleartext passwords
    in the pam_smb.cache.tdb. Instead it will use the MD5 hash. This
    probably supercedes the changes made for using crypt since MD5 is 
    more collision resistant.
    -dpasirst & lombardo
    
  - Fixed potential buffer overflow problems regarding strcmp and 
    non null terminated strings.  
    -dpasirst & lombardo

  - Implemented "_TRUSTEDDOMAINS_" option in .conf file to allow
    non-usermapped users to authenticate against any of the trusted
    domains on a PDC / BDC. This allows greater flexablility in terms
    of configuration.
    -dpasirts & lombardo

    Notes: the MD5 implementation is pure public domain under the same
    license as zlib - it should be GPL friendly. The md5 driver is
    modified from the one included with Strip (Secure Tool for Recalling
    Important Passwords, www.zetetic.net). It is definatly covered under the GPL. 

	added files:
	pamsmbd/md5.c	
	pamsmbd/salt.c	
	pamsmbd/md5driver.c	
	include/md5.h
	include/md5driver.h

	modified files:
	pamsmbd/cache.c
	pamsmbd/server.c
	pamsmbd/Makefile
	include/pamsmbd.h
	include/cache.h

    - implementation of crypted cashed passwords in the user cache. 
      -jnewbigin

    - implementation of safestrcpy and some potential prep work to allow
      some previously compiletime defines to be set at run time.
      -jnewbigin
	
1.9.8 -- pre-release of 2.0

1.9.1 -- tdb code from samba integrated, no more Berkeley db code

1.9.0 -- Big jump clean out old version clean up code, licenses etc..

------------------- old version control system -------------------------
1.3.6 -- cleaned up caching algorithm and bugfixes

1.3.5 -- internal changes CVS tree only
	
1.3.4 -- some warning cleanups, and some configure cleanup

1.3a -- re-wrote cache support completely using a db hash table,
	and also added cache management routine to expire cache,
	change config file style from three line to comma separated one liner
	old config file still works (new one is in theory for multi-domain).

1.2a-c -- Started adding changes for caching and username mapping features.
	still missing cache management feature (cache cleaner) and
	some bugs in username mapping.

1.1 -- Security changes + minor bugfixes

1.0 -- Put GNU autoconf support

0.9 -- Some bug fixes for RH 5.0 and cleaned up function names,
	added in syslogging and command line options.

0.8 -- Added Solaris 2.6 support -- needs gmake

0.7 -- Support for encrypted passwords

0.6 -- Added changes for glibc-2.0 and a bit of a bug fix

0.5 -- Added support for backup server 

0.4 -- Small bugfix

0.3 -- Hopefully compiles outside tree .. removed some of the SMB deadwood..

0.2 -- compiled only underneath Linux-PAM--0.57 tree

0.1 -- first version .. didn't work too well

