Jun 1, 2002
-----------
- Add updated patch, for pam mount 0.3.2 (due to John Langford).

Jun 8, 2001
-----------
- Add support for different login and filesystem passwords. If try_firstpass
  is specified as an options to pam_mount in the pam.conf file, we first
  try to mount the volume using the user's login password. If that fails, we
  prompt the user for an alternate password, and try again. This depends on
  proper conversation support from the application using PAM. I've tested
  login and gdm without trouble. ssh (from openssh) doesn't seem to work. I
  believe there are some issues with xdm and kdm, but do not recall what they
  were.

- Add support for local mounts. My particular use of this is for mounting
  an encrypted filesystem using the loopback device. If the local mount is
  specified in the user config file, then the user must own the device of
  file being mounted (in addition to owning the mount point).
  	
- Add options filters (options_allow, options_deny directives). Options filters
  are used to restrict the options users can specify in the user config file.
  The motivation for this is to prevent users from exploiting the ability to
  mount arbitrary filesystems with suid files. It then occurred to me that
  users shouldn't be able to mount arbitrary filesystems with devices on them
  either. The details of these directives are given in the pam_mount.conf file.
  
  To enforce "secure by default" behavior, luserconf directives are ignored
  unless some options filter is specified.

- Add required options. To protect against suid and dev abuse, it is not
  sufficient to disallow the suid and dev options. This is because,
  filesystems are mounted with suid and dev enabled by default (unless the
  user option is specified). For this reason, the global pam_mount.conf file
  can specify that certain options (we want nosuid and nodev here) must be
  included in any volume directive from a user config file.

- In order to support different passwords for login and filesystem mounting,
  we always wait for mount to complete (not just when we're mounting the
  user's home directory). This is so that we know whether or not mounting with
  the login password succeeded.

- The previous version attempted to access the user config file by opening
  "~/<luserconf>". On my system, this doesn't work. So I added the code
  to expand ~ using getpwnam. (I tested the problem with ~ using stat.c.)
