1 libpve-access-control (6.0-0+1) pve; urgency=medium
3 * bump for Debian buster
5 * fix #2079: add periodic auth key rotation
7 -- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2019 21:31:15 +0200
9 libpve-access-control (5.1-10) unstable; urgency=medium
11 * add /access/user/{id}/tfa api call to get tfa types
13 -- Proxmox Support Team <support@proxmox.com> Wed, 15 May 2019 16:21:10 +0200
15 libpve-access-control (5.1-9) unstable; urgency=medium
17 * store the tfa type in user.cfg allowing to get it without proxying the call
18 to a higher priviledged daemon.
20 * tfa: realm required TFA should lock out users without TFA configured, as it
21 was done before Proxmox VE 5.4
23 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Apr 2019 14:01:00 +0000
25 libpve-access-control (5.1-8) unstable; urgency=medium
27 * U2F: ensure we save correct public key on registration
29 -- Proxmox Support Team <support@proxmox.com> Tue, 09 Apr 2019 12:47:12 +0200
31 libpve-access-control (5.1-7) unstable; urgency=medium
33 * verify_ticket: allow general non-challenge tfa to be run as two step
36 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Apr 2019 16:56:14 +0200
38 libpve-access-control (5.1-6) unstable; urgency=medium
40 * more general 2FA configuration via priv/tfa.cfg
42 * add u2f api endpoints
44 * delete TFA entries when deleting a user
46 * allow users to change their TOTP settings
48 -- Proxmox Support Team <support@proxmox.com> Wed, 03 Apr 2019 13:40:26 +0200
50 libpve-access-control (5.1-5) unstable; urgency=medium
52 * fix vnc ticket verification without authkey lifetime
54 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 10:43:17 +0100
56 libpve-access-control (5.1-4) unstable; urgency=medium
58 * fix #1891: Add zsh command completion for pveum
60 * ground work to fix #2079: add periodic auth key rotation. Not yet enabled
61 to avoid issues on upgrade, will be enabled with 6.0
63 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 09:12:05 +0100
65 libpve-access-control (5.1-3) unstable; urgency=medium
67 * api/ticket: move getting cluster name into an eval
69 -- Proxmox Support Team <support@proxmox.com> Thu, 29 Nov 2018 12:59:36 +0100
71 libpve-access-control (5.1-2) unstable; urgency=medium
73 * fix #1998: correct return properties for read_role
75 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:22:40 +0100
77 libpve-access-control (5.1-1) unstable; urgency=medium
79 * pveum: introduce sub-commands
81 * register userid with completion
83 * fix #233: return cluster name on successful login
85 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Nov 2018 09:34:47 +0100
87 libpve-access-control (5.0-8) unstable; urgency=medium
89 * fix #1612: ldap: make 2nd server work with bind domains again
91 * fix an error message where passing a bad pool id to an API function would
92 make it complain about a wrong group name instead
94 * fix the API-returned permission list so that the GUI knows to show the
95 'Permissions' tab for a storage to an administrator apart from root@pam
97 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Jan 2018 13:34:50 +0100
99 libpve-access-control (5.0-7) unstable; urgency=medium
101 * VM.Snapshot.Rollback privilege added
103 * api: check for special roles before locking the usercfg
105 * fix #1501: pveum: die when deleting special role
107 * API/ticket: rework coarse grained permission computation
109 -- Proxmox Support Team <support@proxmox.com> Thu, 5 Oct 2017 11:27:48 +0200
111 libpve-access-control (5.0-6) unstable; urgency=medium
113 * Close #1470: Add server ceritifcate verification for AD and LDAP via the
114 'verify' option. For compatibility reasons this defaults to off for now,
115 but that might change with future updates.
117 * AD, LDAP: Add ability to specify a CA path or file, and a client
118 certificate via the 'capath', 'cert' and 'certkey' options.
120 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Aug 2017 11:56:38 +0200
122 libpve-access-control (5.0-5) unstable; urgency=medium
124 * change from dpkg-deb to dpkg-buildpackage
126 -- Proxmox Support Team <support@proxmox.com> Thu, 22 Jun 2017 09:12:37 +0200
128 libpve-access-control (5.0-4) unstable; urgency=medium
130 * PVE/CLI/pveum.pm: call setup_default_cli_env()
132 * PVE/Auth/PVE.pm: encode uft8 password before calling crypt
134 * check_api2_permissions: avoid warning about uninitialized value
136 -- Proxmox Support Team <support@proxmox.com> Tue, 02 May 2017 11:58:15 +0200
138 libpve-access-control (5.0-3) unstable; urgency=medium
140 * use new PVE::OTP class from pve-common
142 * use new PVE::Tools::encrypt_pw from pve-common
144 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 17:45:55 +0200
146 libpve-access-control (5.0-2) unstable; urgency=medium
148 * encrypt_pw: avoid '+' for crypt salt
150 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 08:54:10 +0200
152 libpve-access-control (5.0-1) unstable; urgency=medium
154 * rebuild for PVE 5.0
156 -- Proxmox Support Team <support@proxmox.com> Mon, 6 Mar 2017 13:42:01 +0100
158 libpve-access-control (4.0-23) unstable; urgency=medium
160 * use new PVE::Ticket class
162 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 13:42:06 +0100
164 libpve-access-control (4.0-22) unstable; urgency=medium
166 * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency
167 (moved to PVE::Storage)
169 * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class
171 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 09:12:04 +0100
173 libpve-access-control (4.0-21) unstable; urgency=medium
175 * setup_default_cli_env: expect $class as first parameter
177 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jan 2017 13:54:27 +0100
179 libpve-access-control (4.0-20) unstable; urgency=medium
181 * PVE/RPCEnvironment.pm: new function setup_default_cli_env
183 * PVE/API2/Domains.pm: fix property description
185 * use new repoman for upload target
187 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2017 12:13:26 +0100
189 libpve-access-control (4.0-19) unstable; urgency=medium
191 * Close #833: ldap: non-anonymous bind support
193 * don't import 'RFC' from MIME::Base32
195 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Aug 2016 13:09:08 +0200
197 libpve-access-control (4.0-18) unstable; urgency=medium
199 * fix #1062: recognize base32 otp keys again
201 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Jul 2016 08:43:18 +0200
203 libpve-access-control (4.0-17) unstable; urgency=medium
205 * drop oathtool and libdigest-hmac-perl dependencies
207 -- Proxmox Support Team <support@proxmox.com> Mon, 11 Jul 2016 12:03:22 +0200
209 libpve-access-control (4.0-16) unstable; urgency=medium
211 * use pve-doc-generator to generate man pages
213 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Apr 2016 07:06:05 +0200
215 libpve-access-control (4.0-15) unstable; urgency=medium
217 * Fix uninitialized warning when shadow.cfg does not exist
219 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:10:57 +0200
221 libpve-access-control (4.0-14) unstable; urgency=medium
223 * Add is_worker to RPCEnvironment
225 -- Proxmox Support Team <support@proxmox.com> Tue, 15 Mar 2016 16:47:34 +0100
227 libpve-access-control (4.0-13) unstable; urgency=medium
229 * fix #916: allow HTTPS to access custom yubico url
231 -- Proxmox Support Team <support@proxmox.com> Mon, 14 Mar 2016 11:39:23 +0100
233 libpve-access-control (4.0-12) unstable; urgency=medium
235 * Catch certificate errors instead of segfaulting
237 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Mar 2016 14:41:01 +0100
239 libpve-access-control (4.0-11) unstable; urgency=medium
241 * Fix #861: use safer sprintf formatting
243 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Jan 2016 12:52:39 +0100
245 libpve-access-control (4.0-10) unstable; urgency=medium
247 * Auth::LDAP, Auth::AD: ipv6 support
249 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Dec 2015 12:09:32 +0100
251 libpve-access-control (4.0-9) unstable; urgency=medium
253 * pveum: implement bash completion
255 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Oct 2015 17:22:52 +0200
257 libpve-access-control (4.0-8) unstable; urgency=medium
259 * remove_storage_access: cleanup of access permissions for removed storage
261 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:39:15 +0200
263 libpve-access-control (4.0-7) unstable; urgency=medium
265 * new helper to remove access permissions for removed VMs
267 -- Proxmox Support Team <support@proxmox.com> Fri, 14 Aug 2015 07:57:02 +0200
269 libpve-access-control (4.0-6) unstable; urgency=medium
271 * improve parse_user_config, parse_shadow_config
273 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:14:33 +0200
275 libpve-access-control (4.0-5) unstable; urgency=medium
277 * pveum: check for $cmd being defined
279 -- Proxmox Support Team <support@proxmox.com> Wed, 10 Jun 2015 10:40:15 +0200
281 libpve-access-control (4.0-4) unstable; urgency=medium
283 * use activate-noawait triggers
285 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:25:31 +0200
287 libpve-access-control (4.0-3) unstable; urgency=medium
293 -- Proxmox Support Team <support@proxmox.com> Wed, 27 May 2015 11:15:44 +0200
295 libpve-access-control (4.0-2) unstable; urgency=medium
297 * trigger pve-api-updates event
299 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:06:38 +0200
301 libpve-access-control (4.0-1) unstable; urgency=medium
303 * bump version for Debian Jessie
305 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Feb 2015 11:22:01 +0100
307 libpve-access-control (3.0-16) unstable; urgency=low
309 * root@pam can now be disabled in GUI.
311 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Jan 2015 06:20:22 +0100
313 libpve-access-control (3.0-15) unstable; urgency=low
315 * oath: add 'step' and 'digits' option
317 -- Proxmox Support Team <support@proxmox.com> Wed, 23 Jul 2014 06:59:52 +0200
319 libpve-access-control (3.0-14) unstable; urgency=low
321 * add oath two factor auth
323 * add oathkeygen binary to generate keys for oath
325 * add yubico two factor auth
329 * depend on libmime-base32-perl
331 * allow to write builtin auth domains config (comment/tfa/default)
333 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Jul 2014 13:09:56 +0200
335 libpve-access-control (3.0-13) unstable; urgency=low
337 * use correct connection string for AD auth
339 -- Proxmox Support Team <support@proxmox.com> Thu, 22 May 2014 07:16:09 +0200
341 libpve-access-control (3.0-12) unstable; urgency=low
343 * add dummy API for GET /access/ticket (useful to generate login pages)
345 -- Proxmox Support Team <support@proxmox.com> Wed, 30 Apr 2014 14:47:56 +0200
347 libpve-access-control (3.0-11) unstable; urgency=low
349 * Sets common hot keys for spice client
351 -- Proxmox Support Team <support@proxmox.com> Fri, 31 Jan 2014 10:24:28 +0100
353 libpve-access-control (3.0-10) unstable; urgency=low
355 * implement helper to generate SPICE remote-viewer configuration
357 * depend on libnet-ssleay-perl
359 -- Proxmox Support Team <support@proxmox.com> Tue, 10 Dec 2013 10:45:08 +0100
361 libpve-access-control (3.0-9) unstable; urgency=low
363 * prevent user enumeration attacks
365 * allow dots in access paths
367 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2013 09:06:38 +0100
369 libpve-access-control (3.0-8) unstable; urgency=low
371 * spice: use lowercase hostname in ticktet signature
373 -- Proxmox Support Team <support@proxmox.com> Mon, 28 Oct 2013 08:11:57 +0100
375 libpve-access-control (3.0-7) unstable; urgency=low
377 * check_volume_access : use parse_volname instead of path, and remove
380 * use warnings instead of global -w flag.
382 -- Proxmox Support Team <support@proxmox.com> Tue, 01 Oct 2013 12:35:53 +0200
384 libpve-access-control (3.0-6) unstable; urgency=low
386 * use shorter spiceproxy tickets
388 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Jul 2013 12:39:09 +0200
390 libpve-access-control (3.0-5) unstable; urgency=low
392 * add code to generate tickets for SPICE
394 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2013 13:08:32 +0200
396 libpve-access-control (3.0-4) unstable; urgency=low
398 * moved add_vm_to_pool/remove_vm_from_pool from qemu-server
400 -- Proxmox Support Team <support@proxmox.com> Tue, 14 May 2013 11:56:54 +0200
402 libpve-access-control (3.0-3) unstable; urgency=low
404 * Add new role PVETemplateUser (and VM.Clone priviledge)
406 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Apr 2013 11:42:15 +0200
408 libpve-access-control (3.0-2) unstable; urgency=low
410 * remove CGI.pm related code (pveproxy does not need that)
412 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Apr 2013 12:34:23 +0200
414 libpve-access-control (3.0-1) unstable; urgency=low
416 * bump version for wheezy release
418 -- Proxmox Support Team <support@proxmox.com> Fri, 15 Mar 2013 08:07:06 +0100
420 libpve-access-control (1.0-26) unstable; urgency=low
422 * check_volume_access: fix access permissions for backup files
424 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Feb 2013 10:00:14 +0100
426 libpve-access-control (1.0-25) unstable; urgency=low
428 * add VM.Snapshot permission
430 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Sep 2012 09:23:32 +0200
432 libpve-access-control (1.0-24) unstable; urgency=low
434 * untaint path (allow root to restore arbitrary paths)
436 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2012 13:06:34 +0200
438 libpve-access-control (1.0-23) unstable; urgency=low
440 * correctly compute GUI capabilities (consider pools)
442 -- Proxmox Support Team <support@proxmox.com> Wed, 30 May 2012 08:47:23 +0200
444 libpve-access-control (1.0-22) unstable; urgency=low
446 * new plugin architecture for Auth modules, minor API change for Auth
447 domains (new 'delete' parameter)
449 -- Proxmox Support Team <support@proxmox.com> Wed, 16 May 2012 07:21:44 +0200
451 libpve-access-control (1.0-21) unstable; urgency=low
453 * do not allow user names including slash
455 -- Proxmox Support Team <support@proxmox.com> Tue, 24 Apr 2012 10:07:47 +0200
457 libpve-access-control (1.0-20) unstable; urgency=low
459 * add ability to fork cli workers in background
461 -- Proxmox Support Team <support@proxmox.com> Wed, 18 Apr 2012 08:28:20 +0200
463 libpve-access-control (1.0-19) unstable; urgency=low
465 * return set of privileges on login - can be used to adopt GUI
467 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Apr 2012 10:25:10 +0200
469 libpve-access-control (1.0-18) unstable; urgency=low
471 * fix bug #151: corretly parse username inside ticket
473 * fix bug #152: allow user to change his own password
475 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2012 09:40:15 +0200
477 libpve-access-control (1.0-17) unstable; urgency=low
479 * set propagate flag by default
481 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Mar 2012 12:40:19 +0100
483 libpve-access-control (1.0-16) unstable; urgency=low
485 * add 'pveum passwd' method
487 -- Proxmox Support Team <support@proxmox.com> Thu, 23 Feb 2012 12:05:25 +0100
489 libpve-access-control (1.0-15) unstable; urgency=low
491 * Add VM.Config.CDROM privilege to PVEVMUser rule
493 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 11:44:23 +0100
495 libpve-access-control (1.0-14) unstable; urgency=low
497 * fix buf in userid-param permission check
499 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 10:52:35 +0100
501 libpve-access-control (1.0-13) unstable; urgency=low
503 * allow more characters in ldap base_dn attribute
505 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 06:17:02 +0100
507 libpve-access-control (1.0-12) unstable; urgency=low
509 * allow more characters with realm IDs
511 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Feb 2012 08:50:33 +0100
513 libpve-access-control (1.0-11) unstable; urgency=low
515 * fix bug in exec_api2_perm_check
517 -- Proxmox Support Team <support@proxmox.com> Wed, 15 Feb 2012 07:06:30 +0100
519 libpve-access-control (1.0-10) unstable; urgency=low
521 * fix ACL group name parser
523 * changed 'pveum aclmod' command line arguments
525 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Feb 2012 12:08:02 +0100
527 libpve-access-control (1.0-9) unstable; urgency=low
529 * fix bug in check_volume_access (fixes vzrestore)
531 -- Proxmox Support Team <support@proxmox.com> Mon, 13 Feb 2012 09:56:37 +0100
533 libpve-access-control (1.0-8) unstable; urgency=low
535 * fix return value for empty ACL list.
537 -- Proxmox Support Team <support@proxmox.com> Fri, 10 Feb 2012 11:25:04 +0100
539 libpve-access-control (1.0-7) unstable; urgency=low
541 * fix bug #85: allow root@pam to generate tickets for other users
543 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Jan 2012 06:40:18 +0100
545 libpve-access-control (1.0-6) unstable; urgency=low
547 * API change: allow to filter enabled/disabled users.
549 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2012 12:30:37 +0100
551 libpve-access-control (1.0-5) unstable; urgency=low
553 * add a way to return file changes (diffs): set_result_changes()
555 -- Proxmox Support Team <support@proxmox.com> Tue, 20 Dec 2011 11:18:48 +0100
557 libpve-access-control (1.0-4) unstable; urgency=low
559 * new environment type for ha agents
561 -- Proxmox Support Team <support@proxmox.com> Tue, 13 Dec 2011 10:08:53 +0100
563 libpve-access-control (1.0-3) unstable; urgency=low
565 * add support for delayed parameter parsing - We need that to disable
566 file upload for normal API request (avoid DOS attacs)
568 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Dec 2011 09:56:10 +0100
570 libpve-access-control (1.0-2) unstable; urgency=low
572 * fix bug in fork_worker
574 -- Proxmox Support Team <support@proxmox.com> Tue, 11 Oct 2011 08:37:05 +0200
576 libpve-access-control (1.0-1) unstable; urgency=low
578 * allow '-' in permission paths
580 * bump version to 1.0
582 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jun 2011 13:51:48 +0200
584 libpve-access-control (0.1) unstable; urgency=low
586 * first dummy package - no functionality
588 -- Proxmox Support Team <support@proxmox.com> Thu, 09 Jul 2009 16:03:00 +0200