wallet 0.9 released
rra at stanford.edu
Thu Apr 24 20:35:35 EDT 2008
I'm pleased to announce release 0.9 of wallet. This is mostly a build
system fix with improvements to kasetkey (which hopefully no one else ever
has to use).
The wallet is a system for managing secure data, authorization rules to
retrieve or change that data, and audit rules for documenting actions
taken on that data. Objects of various types may be stored in the wallet
or generated on request and retrieved by authorized users. The wallet
tracks ACLs, metadata, and trace information. It is built on top of the
remctl protocol and uses Kerberos GSS-API authentication. One of the
object types it supports is Kerberos keytabs, making it suitable as a
user-accessible front-end to Kerberos kadmind with richer ACL and metadata
Changes from previous release:
The wallet command-line client now reads the data for store from a
file (using -f) or from standard input (if -f wasn't given) when the
data isn't specified on the command line. The data still must not
contain nul characters.
Add support for enabling and disabling principals (clearing or setting
the NOTGS flag) and examining principals to kasetkey. This
functionality isn't used by wallet (and probably won't be) but is
convenient for other users of kasetkey such as kadmin-remctl.
Report the correct error message when addprinc fails while creating a
The configure option requesting AFS kaserver support (and thus
building kasetkey) is now --with-kaserver instead of --with-afs.
If KRB5_CONFIG was explicitly set in the environment, don't use a
different krb5-config based on --with-krb4 or --with-krb5. If
krb5-config isn't executable, don't use it. This allows one to
force library probing by setting KRB5_CONFIG to point to a
Sanity-check the results of krb5-config before proceeding and error
out in configure if they don't work.
Fix Autoconf syntax error when probing for libkrb5support. Thanks,
wallet can now be built in a different directory than the source
Stop setting Stanford-specific compile-time defaults for the wallet
server and port.
Perl 5.8 is required to run the test suite, but IO::String is not.
Include Stanford's wallet.conf as an example (examples/stanford.conf).
You can download it from:
Please let me know of any problems or feature requests not already listed
in the TODO file.
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos