Changes from Release 0.0 to release 0.1
---------------------------------------

You must now say "default attribute = permit" instead of 
default authorization = permit" when configuring service
defaults

You must now say "default svc = permit" instead of "default
authorization = permit" when configuring service defaults for a user.

When authorizing enable requests, the daemon used to prompt for a
username which it then ignored. It no longer prompts for a username.

Fix recursion issues with service and command lookups. They are now
fully recursive c.f. password lookups.

Add debugging output to password verification to provide information
about expiry processing.

Keep track of longest hash chain we create, for fine tuning. Hash all
keywords into a keyword table instead of doing linear lookup.

Update users_guide to reflect the new configuration syntax.

The convert.pl script now generates the new configuration file syntax.

Accounting code now honours the "more" flag.


Changes from Release 0.1 to release 0.2
---------------------------------------

You can now send a SIGHUP to the daemon to cause it to reinitialize
itself and re-read its CONFIG file. There is a new debugging flag
devoted to this section of the code.

Node types are now pretty-printed in debug output.

The conversion script "convert.pl" now will not print out an expires
field if it doesn't think the syntax of the field is correct. It also
now ignores blank lines in its input files.

When doing authorization, the NAS supplied attribute "cmd=" is now
correctly ignored. This would previously have caused exec
authorization to be denied.

Changes from Release 0.2 to release 0.3
---------------------------------------
Warn when not invoked as uid 0.
Improved Usage message
Add make install target

Changes from Release 0.3 to release 0.4
---------------------------------------
Add TAC_PLUS_PIDFILE to makefile per Andy Linton's suggestion.
Fix bug in authorization code (protocol field needs to be
uppercase) which prevented authorization from working.

Changes from Release 0.4 to release 0.5
---------------------------------------
Add pre and post authorization calls to shell commands.
Minor bugfixes and code cleanup
The "More" bit in accounting records is now honoured.
Fix a bug in convert.pl
Redo accounting output routines. You can now name the accounting file
in the configuration file.
Change "svc" to "service" and "proto" to "protocol".
You can use any string to name a ppp protocol, even one which doesn't yet exist.
Add PPP/LCP special case processing
Revised authorization algorithm (see user's guide)
Add hex debug flag to allow skipping hex in packet dumps.
Update user's guide to reflect changes

Changes from Release 0.4 to release 1.0
---------------------------------------
Changed format of syslog messages to make writing scripts easier
Added ability to use cleartext passwords instead of DES passwords
Updated man page to reflect the fact that we use SIGUSR1 to re-read
the config file. SIGHUP is now ignored.
Updated the users guide.

Changes from Release 1.0 to release 1.1
---------------------------------------
Release 1.1 corresponds to RCS version 1.64 of tac_plus 
(see tac_plus -v)

A typo in the Solaris section of the Makefile has been fixed.

The keyword 'des' has been introduced which must be used before all
des encrypted passwords.

The keyword 'password' has been changed to 'login', so
    password = f23sac783n
has become
    login = des f23sac783n

The convert.pl script knows about these changes.

arap and chap now require the keyword 'cleartext' in front of their
passwords.

A cleartext, per-user, global password can now be configured, which
works for login, arap and chap.

The users_guide has been updated to include a list of all A/V pairs
recognised by IOS 10.3(3) code.

Some solaris binaries have been provided as a courtesy.

Changes from Release 1.1 to release 2.0
---------------------------------------
generate_password.pl has been removed in favour of a C program
generate_passwd.c

The version number reported by tac_plus has been changed to agree with the
release number. This is why the version has jumped to 2.0

skey was broken by changes made in 1.1. These are now fixed.

Documentation has been added for the authorization AV pairs supported
by IOS releases 10.3(3) and 11.0.

Changes from Release 2.0 to release 2.1
---------------------------------------
There are now Makefile definitions for most of the major platforms.

Minor changes to remove some spurious debugging output.

A prematurely closed NAS connection will now call the authentication
function with the abort flag set, so that it can do any clean up it
requires.

syslog messages will contain the string "unknown" for usernames and
ports which are NULL, so that the messages always contain a fixed
number of fields.

The authentication code has been rearranged to better reflect the
structure of the API.

The "default user = permit" directive is still accepted but is now
deprecated in favour of "default authorization = permit".

A bug in the handling of substring AV pairs which caused the attribute
"addr" to erroneously match "addr-pool" has been fixed.

Added new files: enable.c generate_passwd.c skey_fn.c 

New #defines have been added to make it easier to port tacacs+ to new
systems.

Many more iterations are allowed before an error is declared.
