krb5-sync 0.7 released
Russ Allbery
rra at stanford.edu
Tue Aug 7 17:56:35 EDT 2007
I'm pleased to announce release 0.7 of krb5-sync.
krb5-sync is a toolkit for updating passwords and account status from an
MIT Kerberos master KDC to Active Directory and/or an AFS kaserver. It is
implemented as a patch to kadmind and a plugin module that will push
password changes and selected account flag changes to Active Directory or
to a kaserver at the same time as they are made to the local KDC database.
krb5-sync is not yet running anywhere in production and should still be
considered beta code.
Changes from previous release:
Log a message to syslog from the plugin when password changes fail
and we have to queue. Otherwise, when the queuing is successful,
we never log the original error.
Work around the behavior of MIT Kerberos's Kerberos v4 compat
libraries that left garbage in the instance field after parsing an
unqualified principal with no instance. Only of interest to users
doing AFS password propagation.
Log krb5-sync operations to LOG_AUTHPRIV (LOG_AUTH if that doesn't
exist) so that they go to the same place as the kadmind logs do by
default.
Rename the provided patch to document that it only applies over top
of the krb5-strength patches and provide a patch that applies to a
stock MIT Kerberos 1.4.4 tree.
You can download it from:
<http://www.eyrie.org/~eagle/software/krb5-sync/>
Please let me know of any problems or feature requests not already listed
in the TODO file.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list