wallet 0.3 released

Russ Allbery rra at stanford.edu
Mon Dec 3 20:24:07 EST 2007


I'm pleased to announce release 0.3 of wallet.  This is still an
alpha-quality release, but is much closer to being ready to run in a
production environment.

The wallet is a system for managing secure data, authorization rules to
retrieve or change that data, and audit rules for documenting actions
taken on that data.  Objects of various types may be stored in the wallet
or generated on request and retrieved by authorized users.  The wallet
tracks ACLs, metadata, and trace information.  It is built on top of the
remctl protocol and uses Kerberos GSS-API authentication.  One of the
object types it supports is Kerberos keytabs, making it suitable as a
user-accessible front-end to Kerberos kadmind with richer ACL and metadata
operations.

Changes from previous release:

    MySQL is now a supported database backend and the full test suite
    passes with MySQL.

    Add support for running a user-defined function whenever an object is
    created by a non-ADMIN user and using the default owner ACL returned
    by that function provided that the calling user is authorized by that
    ACL.  This permits dynamic creation of new objects based on a default
    owner ACL programmatically determined from the name of the object.

    Attempt to create the object with a default owner on get and store
    when the object doesn't exist.

    Add support for displaying the history of objects and ACLs.

    Add an ACL verifier that checks access against NetDB roles using the
    NetDB remctl interface.

    The wallet backend script now logs all commands and errors to syslog.

    The keytab backend now supports limiting generated keytabs to
    particular enctypes by setting an attribute on the object.

    Expiration dates are now expressed in YYYY-MM-DD HH:MM:SS instead of
    seconds since epoch and returned the same way.  Timestamps are now
    stored in the database as correct date and time types rather than
    seconds since epoch to work properly with MySQL.

    The wallet backend test suite now supports using a database other than
    SQLite for testing.

You can download it from:

    <http://www.eyrie.org/~eagle/software/wallet/>

Please let me know of any problems or feature requests not already listed
in the TODO file.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the Kerberos mailing list