wallet 0.2 released

Russ Allbery rra at stanford.edu
Mon Oct 8 19:44:06 EDT 2007


I'm pleased to announce the first public release of wallet.

The wallet is a system for managing secure data, authorization rules to
retrieve or change that data, and audit rules for documenting actions
taken on that data.  Objects of various types may be stored in the wallet
or generated on request and retrieved by authorized users.  The wallet
tracks ACLs, metadata, and trace information.  It is built on top of the
remctl protocol and uses Kerberos GSS-API authentication.  One of the
object types it supports is Kerberos keytabs, making it suitable as a
user-accessible front-end to Kerberos kadmind with richer ACL and metadata
operations.

This is an alpha release, essentially a technology preview.  Many required
features are not yet implemented (such as all auditing functionality), the
build system is still hard-coding some library decisions, only MIT
Kerberos is supported, and there are various other known problems.  This
release is primarily to make available the API and documentation and to
make people aware of the work I've done so far and provide a preview of
what will be coming in later releases.

The code passes its own test suite for what features have been implemented
and is probably usable as a basic keytab distribution system now, but is
not running anywhere in production and has not been tested outside of its
own test suite.  It also has only been tested with SQLite 3, and I
anticipate needing to do a bit of porting to make it work properly with
MySQL.

You can download it from:

    <http://www.eyrie.org/~eagle/software/wallet/>

Please note the extensive TODO list.  Development is still actively
underway and I expect the next few releases to change rapidly.  I'm happy
to take any problem reports or feature requests not already noted in the
TODO list, but note that my top priorities will be those items listed
under replacing leland_srvtab (an internal Stanford system) and release
0.3 and I probably won't get to anything else until closer to December or
January.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the Kerberos mailing list