kadmin-remctl 3.5 released

Russ Allbery rra at stanford.edu
Thu Oct 10 23:33:09 EDT 2013 

I'm pleased to announce release 3.5 of kadmin-remctl.

kadmin-remctl provides a remctl backend that implements basic Kerberos
account administration functions (create, delete, enable, disable, reset
password, examine) plus user password changes and a call to strength-check
a given password.  It can also provide similar management of instances and
creation, deletion, and management of accounts in Heimdal, MIT Kerberos,
Active Directory, and an AFS kaserver where appropriate.  Also included is
a client for privileged users to use for password resets and a simple
client for password chnages via the Kerberos password change protocol.
Many of the defaults and namespace checks are Stanford-specific, but it
can be modified for other sites.

Changes from previous release:

    Increase the timeout for initial authentication during a kpasswd
    password change to ten seconds, and the timeout for a successful
    password change to sixty seconds.  The previous timeouts of two
    seconds and thirty seconds was occasionally too short in production.
    Also fix Perl warnings if the initial authentication or password
    change time out.

    In the Heimdal backend, use get instead of list to check whether a
    given principal already exists.  list requires a complete database
    traversal and is much more resource-intensive.

    In the Heimdal backend, recognize the new form of the Heimdal kpasswd
    prompt to repeat the new password.

    Stop mapping password quality errors in the Heimdal kpasswd backend.
    Instead, remove any prefix about an external password quality program
    and pass the rest of the error message back to the user.

    Check the existence of the principal before enabling or disabling it
    in the Heimdal backend so that nonexistent principals report a clearer
    error message instead of an internal error about getAttributes
    failure.

    Update to rra-c-util 4.10:

    * Remove some unnecessary includes.

You can download it from:

    <http://www.eyrie.org/~eagle/software/kadmin-remctl/>

This package is maintained using Git; see the instructions on the above
page to access the Git repository.

Please let me know of any problems or feature requests not already listed
in the TODO file.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

More information about the Kerberos mailing list