wallet 0.5 released
Russ Allbery
rra at stanford.edu
Fri Dec 7 01:42:23 EST 2007
I'm pleased to announce release 0.5 of wallet. This version is now
working in internal test at Stanford, and the frequency of releases should
drop off again now. It's now at a point where other people should be able
to play with it, although initial setup can still use some work.
The wallet is a system for managing secure data, authorization rules to
retrieve or change that data, and audit rules for documenting actions
taken on that data. Objects of various types may be stored in the wallet
or generated on request and retrieved by authorized users. The wallet
tracks ACLs, metadata, and trace information. It is built on top of the
remctl protocol and uses Kerberos GSS-API authentication. One of the
object types it supports is Kerberos keytabs, making it suitable as a
user-accessible front-end to Kerberos kadmind with richer ACL and metadata
operations.
Changes from previous release:
Allow the empty string in wallet-backend arguments.
Allow @ in wallet-backend arguments so that principal names can be
passed in.
Load the Perl modules for ACL verifiers and object types dynamically
now that we're reading the class from the database.
Correctly implement the documented intention that setting an attribute
to the empty string clears the attribute values.
Fix the keytab principal validation regex to allow instances
containing periods. Otherwise, it's hard to manage host keytabs. Add
a missing test suite for that method.
When writing to a file in the wallet client program, remove an old
backup file before creating a new backup and don't fail if the backup
already exists.
Check a default creation ACL first before the ADMIN ACL when deciding
whether we can auto-create a non-existent ACL, since creating one with
the ADMIN ACL doesn't create a useful object.
You can download it from:
<http://www.eyrie.org/~eagle/software/wallet/>
Please let me know of any problems or feature requests not already listed
in the TODO file.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list