+libpve-access-control (6.0-7) pve; urgency=medium
+
+ * fix #2575: die when trying to edit built-in roles
+
+ * add realm sub commands to pveum CLI tool
+
+ * api: domains: add user group sync API enpoint
+
+ * allow one to sync and import users and groups from LDAP/AD based realms
+
+ * realm: add default-sync-options to config for more convenient sync configuration
+
+ * api: token create: return also full token id for convenience
+
+ -- Proxmox Support Team <support@proxmox.com> Sat, 25 Apr 2020 19:35:17 +0200
+
+libpve-access-control (6.0-6) pve; urgency=medium
+
+ * API: add group members to group index
+
+ * implement API token support and management
+
+ * pveum: add 'pveum user token add/update/remove/list'
+
+ * pveum: add permissions sub-commands
+
+ * API: add 'permissions' API endpoint
+
+ * user.cfg: skip inexisting roles when parsing ACLs
+
+ -- Proxmox Support Team <support@proxmox.com> Wed, 29 Jan 2020 10:17:27 +0100
+
+libpve-access-control (6.0-5) pve; urgency=medium
+
+ * pveum: add list command for users, groups, ACLs and roles
+
+ * add initial permissions for experimental SDN integration
+
+ -- Proxmox Support Team <support@proxmox.com> Tue, 26 Nov 2019 17:56:37 +0100
+
+libpve-access-control (6.0-4) pve; urgency=medium
+
+ * ticket: use clinfo to get cluster name
+
+ * ldaps: add sslversion configuration property to support TLS 1.1 to 1.3 as
+ SSL version
+
+ -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2019 11:55:11 +0100
+
+libpve-access-control (6.0-3) pve; urgency=medium
+
+ * fix #2433: increase possible TFA secret length
+
+ * parse user configuration: correctly parse group names in ACLs, for users
+ which begin their name with an @
+
+ * sort user.cfg entries alphabetically
+
+ -- Proxmox Support Team <support@proxmox.com> Tue, 29 Oct 2019 08:52:23 +0100
+
+libpve-access-control (6.0-2) pve; urgency=medium
+
+ * improve CSRF verification compatibility with newer PVE
+
+ -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2019 20:24:35 +0200
+
+libpve-access-control (6.0-1) pve; urgency=medium
+
+ * ticket: properly verify exactly 5 minute old tickets
+
+ * use hmac_sha256 instead of sha1 for CSRF token generation
+
+ -- Proxmox Support Team <support@proxmox.com> Mon, 24 Jun 2019 18:14:45 +0200
+
+libpve-access-control (6.0-0+1) pve; urgency=medium
+
+ * bump for Debian buster
+
+ * fix #2079: add periodic auth key rotation
+
+ -- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2019 21:31:15 +0200
+
+libpve-access-control (5.1-10) unstable; urgency=medium
+
+ * add /access/user/{id}/tfa api call to get tfa types
+
+ -- Proxmox Support Team <support@proxmox.com> Wed, 15 May 2019 16:21:10 +0200
+
+libpve-access-control (5.1-9) unstable; urgency=medium
+
+ * store the tfa type in user.cfg allowing to get it without proxying the call
+ to a higher priviledged daemon.
+
+ * tfa: realm required TFA should lock out users without TFA configured, as it
+ was done before Proxmox VE 5.4
+
+ -- Proxmox Support Team <support@proxmox.com> Tue, 30 Apr 2019 14:01:00 +0000
+
+libpve-access-control (5.1-8) unstable; urgency=medium
+
+ * U2F: ensure we save correct public key on registration
+
+ -- Proxmox Support Team <support@proxmox.com> Tue, 09 Apr 2019 12:47:12 +0200
+
+libpve-access-control (5.1-7) unstable; urgency=medium
+
+ * verify_ticket: allow general non-challenge tfa to be run as two step
+ call
+
+ -- Proxmox Support Team <support@proxmox.com> Mon, 08 Apr 2019 16:56:14 +0200
+
+libpve-access-control (5.1-6) unstable; urgency=medium
+
+ * more general 2FA configuration via priv/tfa.cfg
+
+ * add u2f api endpoints
+
+ * delete TFA entries when deleting a user
+
+ * allow users to change their TOTP settings
+
+ -- Proxmox Support Team <support@proxmox.com> Wed, 03 Apr 2019 13:40:26 +0200
+
+libpve-access-control (5.1-5) unstable; urgency=medium
+
+ * fix vnc ticket verification without authkey lifetime
+
+ -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 10:43:17 +0100
+
+libpve-access-control (5.1-4) unstable; urgency=medium
+
+ * fix #1891: Add zsh command completion for pveum
+
+ * ground work to fix #2079: add periodic auth key rotation. Not yet enabled
+ to avoid issues on upgrade, will be enabled with 6.0
+
+ -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 09:12:05 +0100
+
+libpve-access-control (5.1-3) unstable; urgency=medium
+
+ * api/ticket: move getting cluster name into an eval
+
+ -- Proxmox Support Team <support@proxmox.com> Thu, 29 Nov 2018 12:59:36 +0100
+
+libpve-access-control (5.1-2) unstable; urgency=medium
+
+ * fix #1998: correct return properties for read_role
+
+ -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:22:40 +0100
+
+libpve-access-control (5.1-1) unstable; urgency=medium
+
+ * pveum: introduce sub-commands
+
+ * register userid with completion
+
+ * fix #233: return cluster name on successful login
+
+ -- Proxmox Support Team <support@proxmox.com> Thu, 15 Nov 2018 09:34:47 +0100
+
+libpve-access-control (5.0-8) unstable; urgency=medium
+
+ * fix #1612: ldap: make 2nd server work with bind domains again
+
+ * fix an error message where passing a bad pool id to an API function would
+ make it complain about a wrong group name instead
+
+ * fix the API-returned permission list so that the GUI knows to show the
+ 'Permissions' tab for a storage to an administrator apart from root@pam
+
+ -- Proxmox Support Team <support@proxmox.com> Thu, 18 Jan 2018 13:34:50 +0100
+
+libpve-access-control (5.0-7) unstable; urgency=medium
+
+ * VM.Snapshot.Rollback privilege added
+
+ * api: check for special roles before locking the usercfg
+
+ * fix #1501: pveum: die when deleting special role
+
+ * API/ticket: rework coarse grained permission computation
+
+ -- Proxmox Support Team <support@proxmox.com> Thu, 5 Oct 2017 11:27:48 +0200
+
libpve-access-control (5.0-6) unstable; urgency=medium
* Close #1470: Add server ceritifcate verification for AD and LDAP via the
projects / pve-access-control.git / blobdiff