krb5-sync 1.2 released
Russ Allbery
rra at stanford.edu
Tue Dec 25 19:40:26 EST 2007
I'm pleased to announce release 1.2 of krb5-sync.
krb5-sync is a toolkit for updating passwords and account status from an
MIT Kerberos master KDC to Active Directory and/or an AFS kaserver. It is
implemented as a patch to kadmind and a plugin module that will push
password changes and selected account flag changes to Active Directory or
to a kaserver at the same time as they are made to the local KDC database.
Changes from previous release:
Don't call rx_Finalize after every synchronization with an AFS
kaserver. This isn't correct and leaks threads. Only call
rx_Finalize when shutting down the entire module.
The AFS synchronization code is now only built if requested using the
--with-afs flag to configure, allowing the package to be built at
sites that don't use AFS.
Add the purge command to krb5-sync-backend, which removes all queued
actions last modified more than some number of days in the past.
Use the new Kerberos error message APIs to retrieve error messages,
giving more complete errors in current versions of Kerberos. This is
also necessary in the long run for Heimdal support, although the
package in general doesn't support Heimdal yet.
You can download it from:
<http://www.eyrie.org/~eagle/software/krb5-sync/>
Please let me know of any problems or feature requests not already listed
in the TODO file.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list