
Dave Koblas added the keyword "password" to the list of options
accepted by op. This requires the user to supply op with a password
before executing the command.  The password can be specified in the
op.access file (with "password=") or the user's personal password may
be required.

Howard Owen added the keyword "securid" to the list of options
accepted by op. This functions similarly to the "password" option,
requiring the user to supply op with his or her current SecurID code before
executing the command. If op is compiled without SecurID support, use
of this option in op.access will result in an error message and a
refusal to execute the corresponding command.

Alec Thomas added support for user@host and group@host based access, as well
as variable expansion in options.

November 22nd 1997 - op 1.1.1
===============================
Break shadow support out from Solaris support. Added SHADOW symbol to the 
build. It works on Linux 2.0.30. Presumably it still works on Solaris. 8)

Cleaned up logging code. It was an uncomfortable mess. Slimmed it down some.

September 13th 2002 - op 1.1.2
==============================
Added user@host and group@host based access as well as variable expansion.
Changed SHADOW to USE_SHADOW so it doesn't conflict with system defines.

April 10th 2003 - op 1.1.3
==========================
Added a max length arugment to GetField to help prevent buffer overflows.
Regular expressions always have ^ prepended and $ appended so that if you put
'a' in an rx field it will not match any string with an 'a'. Old behaviour can
be emulated with '.*a.*'.
Added expiration support to users (user[@host][/expiry]).

April 16th 2003 - op 1.1.4
==========================
Added basic quoted argument passing to exec commands. This allows for complex
shell scripts:

	inetd /bin/sh -c '
			case $1 in
				on) /usr/sbin/inetd -s ;;
				off) /usr/bin/pkill inetd ;;
			esac
			';
		users=ROOTUSERS
		$1=on|off

April 17th 2003 - op 1.1.5
==========================
Added extensive logging to op. All logging is sent to syslog as auth.notice.

22/07/03 - op 1.1.6
===================
Added PAM support.

28/10/03 - op 1.1.7
===================
Logging now uses auth.level, and level is actually useful.

06/11/03 - op 1.1.8
===================
Fixed a fairly substantial bug where command arguments with multiple variables
were not being expanded at all.

24/01/04 - op 1.1.9
===================
Trapping signals (SIGINT, etc.) so that a failed authentication attempt can not
be broken out of.

27/01/04 - op 1.1.10
====================
Applied some of the FreeBSD patches, thanks to Cyrille Lefevre (the previous
FreeBSD port maintainer) for pointing me to these.
Patched a potential buffer overflow, again, picked up by Cyrille.
Added lots of checks for allocation failures.
Added constraints to as many uses of strcpy/strcat as I could find.
Added constraint on number of simultaneous groups a user can be in.

02/02/04 - op 1.20
==================
Fixed a fairly major bug whereby blocked signals were not restored to their
original state upon execv'ing the child process.

Changed version number scheme to match the original op versions, and bumped up
to 1.20. This is part of a collaborative effort between myself and Steve
Simmons, who is going to add Kerberos support to op in the near future. Welcome
Steve.
