wallet 0.4 released

[Russ Allbery]

I'm pleased to announce release 0.4 of wallet.  This still isn't ready for
production use, but now can be considered beta code.

The wallet is a system for managing secure data, authorization rules to
retrieve or change that data, and audit rules for documenting actions
taken on that data.  Objects of various types may be stored in the wallet
or generated on request and retrieved by authorized users.  The wallet
tracks ACLs, metadata, and trace information.  It is built on top of the
remctl protocol and uses Kerberos GSS-API authentication.  One of the
object types it supports is Kerberos keytabs, making it suitable as a
user-accessible front-end to Kerberos kadmind with richer ACL and metadata
operations.

Changes from previous release:

    Maintain a global cache of ACL verifiers in Wallet::ACL and reuse them
    over the life of the process if we see another ACL line from the same
    scheme, rather than only reusing ACL verifiers within a single ACL.

    Add a subclass of the NetDB ACL verifier that requires the principal
    have an instance of "root" and strips that instance before checking
    NetDB roles.

    Determine the class for object and ACL schema implementations from the
    database rather than a hard-coded list and provide Wallet::Schema
    methods for adding new class mappings.

    Add a missing class mapping for the netdb ACL schema verifier.

    Various coding style fixes and cleanup based on a much-appreciated
    code audit by Simon Cozens.  I didn't take all of his advise, and he
    shouldn't be blamed for any remaining issues.

You can download it from:

    <http://www.eyrie.org/~eagle/software/wallet/>

Please let me know of any problems or feature requests not already listed
in the TODO file.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>