krb5-sync 1.0 released
Russ Allbery
rra at stanford.edu
Tue Aug 14 00:17:28 EDT 2007
I'm pleased to announce release 1.0 of krb5-sync. This package is still
less than ideal for other sites (it requires the AFS libraries to build,
for instance, even if you're not using K4 synchronization, and the patch
requires some effort to apply), but it's now in production at Stanford and
should no longer be considered beta.
krb5-sync is a toolkit for updating passwords and account status from an
MIT Kerberos master KDC to Active Directory and/or an AFS kaserver. It is
implemented as a patch to kadmind and a plugin module that will push
password changes and selected account flag changes to Active Directory or
to a kaserver at the same time as they are made to the local KDC database.
Changes from previous release:
Add a new option to krb5-sync-backend to tell process to filter out
successful messages from krb5-sync and common errors that mean the
account doesn't exist in Active Directory. Also add support for the
-h flag.
Fix the logging output from Active Directory account status changes
to not append the realm twice.
Send krb5-sync logging to LOG_AUTH instead of LOG_AUTHPRIV to
really match what kadmind does.
You can download it from:
<http://www.eyrie.org/~eagle/software/krb5-sync/>
Please let me know of any problems or feature requests not already listed
in the TODO file.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list