wallet 0.9 released

Russ Allbery rra at stanford.edu
Thu Apr 24 20:35:35 EDT 2008

I'm pleased to announce release 0.9 of wallet.  This is mostly a build
system fix with improvements to kasetkey (which hopefully no one else ever
has to use).

The wallet is a system for managing secure data, authorization rules to
retrieve or change that data, and audit rules for documenting actions
taken on that data.  Objects of various types may be stored in the wallet
or generated on request and retrieved by authorized users.  The wallet
tracks ACLs, metadata, and trace information.  It is built on top of the
remctl protocol and uses Kerberos GSS-API authentication.  One of the
object types it supports is Kerberos keytabs, making it suitable as a
user-accessible front-end to Kerberos kadmind with richer ACL and metadata

Changes from previous release:

    The wallet command-line client now reads the data for store from a
    file (using -f) or from standard input (if -f wasn't given) when the
    data isn't specified on the command line.  The data still must not
    contain nul characters.

    Add support for enabling and disabling principals (clearing or setting
    the NOTGS flag) and examining principals to kasetkey.  This
    functionality isn't used by wallet (and probably won't be) but is
    convenient for other users of kasetkey such as kadmin-remctl.

    Report the correct error message when addprinc fails while creating a
    keytab object.

    The configure option requesting AFS kaserver support (and thus
    building kasetkey) is now --with-kaserver instead of --with-afs.

    If KRB5_CONFIG was explicitly set in the environment, don't use a
    different krb5-config based on --with-krb4 or --with-krb5.  If
    krb5-config isn't executable, don't use it.  This allows one to
    force library probing by setting KRB5_CONFIG to point to a
    nonexistent file.

    Sanity-check the results of krb5-config before proceeding and error
    out in configure if they don't work.

    Fix Autoconf syntax error when probing for libkrb5support.  Thanks,
    Mike Garrison.

    wallet can now be built in a different directory than the source

    Stop setting Stanford-specific compile-time defaults for the wallet
    server and port.

    Perl 5.8 is required to run the test suite, but IO::String is not.

    Include Stanford's wallet.conf as an example (examples/stanford.conf).

You can download it from:


Please let me know of any problems or feature requests not already listed
in the TODO file.

Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

More information about the Kerberos mailing list