+libpve-access-control (7.1-2) bullseye; urgency=medium
+
+ * catch incompatible tfa entries with a nice error
+
+ -- Proxmox Support Team <support@proxmox.com> Wed, 17 Nov 2021 13:44:45 +0100
+
+libpve-access-control (7.1-1) bullseye; urgency=medium
+
+ * tfa: map HTTP 404 error in get_tfa_entry correctly
+
+ -- Proxmox Support Team <support@proxmox.com> Mon, 15 Nov 2021 15:33:22 +0100
+
+libpve-access-control (7.0-7) bullseye; urgency=medium
+
+ * fix #3513: pass configured proxy to OpenID
+
+ * use rust based parser for TFA config
+
+ * use PBS-like auth api call flow,
+
+ * merge old user.cfg keys to tfa config when adding entries
+
+ * implement version checks for new tfa config writer to ensure all
+ cluster nodes are ready to avoid login issues
+
+ * tickets: add tunnel ticket
+
+ -- Proxmox Support Team <support@proxmox.com> Thu, 11 Nov 2021 18:17:49 +0100
+
+libpve-access-control (7.0-6) bullseye; urgency=medium
+
+ * fix regression in user deletion when realm does not enforce TFA
+
+ -- Proxmox Support Team <support@proxmox.com> Thu, 21 Oct 2021 12:28:52 +0200
+
+libpve-access-control (7.0-5) bullseye; urgency=medium
+
+ * acl: check path: add /sdn/vnets/* path
+
+ * fix #2302: allow deletion of users when realm enforces TFA
+
+ * api: delete user: disable user first to avoid surprise on error during the
+ various cleanup action required for user deletion (e.g., TFA, ACL, group)
+
+ -- Proxmox Support Team <support@proxmox.com> Mon, 27 Sep 2021 15:50:47 +0200
+
+libpve-access-control (7.0-4) bullseye; urgency=medium
+
+ * realm: add OpenID configuration
+
+ * api: implement OpenID related endpoints
+
+ * implement opt-in OpenID autocreate user feature
+
+ * api: user: add 'realm-type' to user list response
+
+ -- Proxmox Support Team <support@proxmox.com> Fri, 02 Jul 2021 13:45:46 +0200
+
+libpve-access-control (7.0-3) bullseye; urgency=medium
+
+ * api: acl: add missing `/access/realm/<realm>`, `/access/group/<group>` and
+ `/sdn/zones/<zone>` to allowed ACL paths
+
+ -- Proxmox Support Team <support@proxmox.com> Mon, 21 Jun 2021 10:31:19 +0200
+
+libpve-access-control (7.0-2) bullseye; urgency=medium
+
+ * fix #3402: add Pool.Audit privilege - custom roles containing
+ Pool.Allocate must be updated to include the new privilege.
+
+ -- Proxmox Support Team <support@proxmox.com> Tue, 1 Jun 2021 11:28:38 +0200
+
+libpve-access-control (7.0-1) bullseye; urgency=medium
+
+ * re-build for Debian 11 Bullseye based releases
+
+ -- Proxmox Support Team <support@proxmox.com> Sun, 09 May 2021 18:18:23 +0200
+
+libpve-access-control (6.4-1) pve; urgency=medium
+
+ * fix #1670: change PAM service name to project specific name
+
+ * fix #1500: permission path syntax check for access control
+
+ * pveum: add resource pool CLI commands
+
+ -- Proxmox Support Team <support@proxmox.com> Sat, 24 Apr 2021 19:48:21 +0200
+
+libpve-access-control (6.1-3) pve; urgency=medium
+
+ * partially fix #2825: authkey: rotate if it was generated in the
+ future
+
+ * fix #2947: add an option to LDAP or AD realm to switch user lookup to case
+ insensitive
+
+ -- Proxmox Support Team <support@proxmox.com> Tue, 29 Sep 2020 08:54:13 +0200
+
+libpve-access-control (6.1-2) pve; urgency=medium
+
+ * also check SDN permission path when computing coarse permissions heuristic
+ for UIs
+
+ * add SDN Permissions.Modify
+
+ * add VM.Config.Cloudinit
+
+ -- Proxmox Support Team <support@proxmox.com> Tue, 30 Jun 2020 13:06:56 +0200
+
+libpve-access-control (6.1-1) pve; urgency=medium
+
+ * pveum: add tfa delete subcommand for deleting user-TFA
+
+ * LDAP: don't complain about missing credentials on realm removal
+
+ * LDAP: skip anonymous bind when client certificate and key is configured
+
+ -- Proxmox Support Team <support@proxmox.com> Fri, 08 May 2020 17:47:41 +0200
+
+libpve-access-control (6.0-7) pve; urgency=medium
+
+ * fix #2575: die when trying to edit built-in roles
+
+ * add realm sub commands to pveum CLI tool
+
+ * api: domains: add user group sync API enpoint
+
+ * allow one to sync and import users and groups from LDAP/AD based realms
+
+ * realm: add default-sync-options to config for more convenient sync configuration
+
+ * api: token create: return also full token id for convenience
+
+ -- Proxmox Support Team <support@proxmox.com> Sat, 25 Apr 2020 19:35:17 +0200
+
+libpve-access-control (6.0-6) pve; urgency=medium
+
+ * API: add group members to group index
+
+ * implement API token support and management
+
+ * pveum: add 'pveum user token add/update/remove/list'
+
+ * pveum: add permissions sub-commands
+
+ * API: add 'permissions' API endpoint
+
+ * user.cfg: skip inexisting roles when parsing ACLs
+
+ -- Proxmox Support Team <support@proxmox.com> Wed, 29 Jan 2020 10:17:27 +0100
+
libpve-access-control (6.0-5) pve; urgency=medium
* pveum: add list command for users, groups, ACLs and roles