krb5-sync 0.6 released

Russ Allbery rra at stanford.edu
Fri Jul 13 20:13:27 EDT 2007


I'm pleased to announce release 0.6 of krb5-sync.  At this point,
krb5-sync has received more testing and should be considered beta
software, but please be aware that it still is not running anywhere in
production.

krb5-sync is a toolkit for updating passwords and account status from an
MIT Kerberos master KDC to Active Directory and/or an AFS kaserver.  It is
implemented as a patch to kadmind and a plugin module that will push
password changes and selected account flag changes to Active Directory or
to a kaserver at the same time as they are made to the local KDC database.

Changes from previous release:

    Add support for propagating selected non-empty instances into the AFS
    and Active Directory environments rather than ignoring all principals
    with non-empty instances.

    Fix the Active Directory password change component to not overwrite
    the realm of the principal passed from kadmind so that logging of AFS
    password change attempts will contain the local realm instead of the
    AD realm.

    When enabling or disabling accounts in Active Directory, look them up
    by userPrincipalName instead of sAMAccountName.

    Correctly strip the realm for queuing even for principals containing
    escaped @ characters.

    Add Active Directory configuration instructions.  Thanks, Ross
    Wilper.

You can download it from:

    <http://www.eyrie.org/~eagle/software/krb5-sync/>

Please let me know of any problems or feature requests not already listed
in the TODO file.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the Kerberos mailing list