------------------------------------------------------------------- Mon Jun 8 13:51:18 UTC 2015 - i@marguerite.su - set isolated-workers to false since we didn't build w/ seccomp yet - change systemd socket ports as well ------------------------------------------------------------------- Sun Jun 7 04:47:47 UTC 2015 - i@marguerite.su - update version 0.10.5 * Added tgt-freshness-time option for gssapi/Kerberos authentication option. That allows to specify the maximum number of seconds after which a reauthentication with Kerberos is required to login to VPN. * main/sec-mod: impose long timeouts on reads from sec-mod. That would prevent issues when reading in a blocked in authentication sec-mod. * radius: When using radius accounting with certificate authentication, properly notify of user session termination. * radius: On definitely terminated sessions contact the radius server as soon as possible. For sessions that can still be resumed the radius server is contacted periodically after the cookies expire. * radius: consider Acct-Interim-Interval when seen by the server. That will be taken into account if groupconfig=true in radius subconfig. * Added configuration options persistent-cookies and session-timeout. * radius: added support for Route-IPv6-Information, Delegated-IPv6-Prefix, NAS-IPv6-Address, NAS-IP-Address, Session-Timeout. * Corrected desync of main and sec-mod by introducing a synchronous communication socket. Reported by Mani Behrouz. * PAM: forward the actual prompt to worker process, and not only informational messages. - drop ocserv-str_init.patch, upstream fixed. ------------------------------------------------------------------- Fri Feb 13 11:28:14 UTC 2015 - i@marguerite.su - add user.tmpl, for certificate login - tweak default config more - add README.SUSE as setup instructions ------------------------------------------------------------------- Mon Feb 2 10:04:45 UTC 2015 - i@marguerite.su - initial version 0.9.0.1 * Added native support for radius. That adds the new auth configuration option "radius", which has as parameters the freeradius-client configuration file and optionally the groupconfig option which instructs to read configuration from radius; the stats-report-time option enables interim-updates. That adds the dependency to freeradius-client (see doc/README.radius). * Reply using the same address that received UDP packets are sent. * Simplify the input of IPv6 network addresses. * Use a separate IPC and PID namespace in Linux systems for worker processes. That effectively puts each worker process in a separate container. This can be enabled at compile time using --enable-linux-namespaces. * Configuration option 'use-seccomp' was replaced by 'isolate-workers', which in addition to seccomp it enables the Linux namespaces restrictions. * Added support for stateless compression using LZ4 and LZS. This is disabled by default. - disable dbus interface because currently it provides less function than unix socket - add patch: ocserv-str_init.patch - add patch: ocserv-enable-systemd.patch - add patch: ocserv.config.patch