krb5-sync 0.5 released

Russ Allbery rra at stanford.edu
Thu Mar 22 23:15:02 EDT 2007


I'm pleased to announce release 0.5 of krb5-sync.

krb5-sync is a toolkit for updating passwords and account status from an
MIT Kerberos master KDC to Active Directory and/or an AFS kaserver.  It is
implemented as a patch to kadmind and a plugin module that will push
password changes and selected account flag changes to Active Directory or
to a kaserver at the same time as they are made to the local KDC database.

Changes from previous release:

    Obtain new AFS tokens for each operation rather than reusing the
    existing token since ka_GetAdminToken isn't smart enough to realize
    that the old token has expired.

    Queue AD password changes rather than rejecting the change if the
    error message from the password change may indicate that the user
    doesn't exist in AD.

    Queue AD password changes if there is already an AD password change
    queued rather than rejecting the change.

    Include the username in status messages from the krb5-sync
    command-line utility.

You can download it from:

    <http://www.eyrie.org/~eagle/software/krb5-sync/>

Please let me know of any problems or feature requests not already listed
in the TODO file.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the Kerberos mailing list