kadmin-remctl 2.1 released

Russ Allbery rra at stanford.edu
Fri Apr 25 19:47:29 EDT 2008

I'm pleased to announce release 2.1 of kadmin-remctl.

kadmin-remctl provides a remctl backend that implements basic Kerberos
account administration functions (create, delete, enable, disable, reset
password, examine) plus user password changes and a call to strength-check
a given password.  It can also provide similar management of instances and
creation, deletion, and management of accounts in MIT Kerberos, Active
Directory, and an AFS kaserver where appropriate.  Also included is a
client for privileged users to use for password resets.  Many of the
defaults and namespace checks are Stanford-specific, but it can be
modified for other sites.

Changes from previous release:

    kasetkey now supports examine, enable, and disable, so drop all
    remaining calls to a Kerberos v4 kadmin client and use kasetkey for
    all AFS kaserver integration.

    Honor allowed regex configuration for valid principal names in examine
    as well.

    Improve the library probing and allow for systems where shared library
    dependencies don't work properly.

    If KRB5_CONFIG was explicitly set in the environment, don't use a
    different krb5-config based on --with-krb4 or --with-krb5.  If
    krb5-config isn't executable, don't use it.  This allows one to force
    library probing by setting KRB5_CONFIG to point to a nonexistent file.

    Sanity-check the results of krb5-config before proceeding and error
    out in configure if they don't work.

You can download it from:


Please let me know of any problems or feature requests not already listed
in the TODO file.

Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

More information about the Kerberos mailing list