wallet 0.8 released
Russ Allbery
rra at stanford.edu
Wed Feb 13 18:03:25 EST 2008
I'm pleased to announce release 0.8 of wallet. This software is
beta-quality and should be treated with caution. It is currently being
tested for production deployment at Stanford.
The wallet is a system for managing secure data, authorization rules to
retrieve or change that data, and audit rules for documenting actions
taken on that data. Objects of various types may be stored in the wallet
or generated on request and retrieved by authorized users. The wallet
tracks ACLs, metadata, and trace information. It is built on top of the
remctl protocol and uses Kerberos GSS-API authentication. One of the
object types it supports is Kerberos keytabs, making it suitable as a
user-accessible front-end to Kerberos kadmind with richer ACL and metadata
operations.
Changes from previous release:
Fix the wallet client to use check instead of exists.
Add file object support to the wallet server.
Correctly handle get of an empty object in the wallet client. The
empty string is valid object content.
Wallet::Config and hence the wallet server now checks for the
environment variable WALLET_CONFIG and loads configuration from the
file specified there instead of /etc/wallet/wallet.conf if it is set.
wallet-backend now supports a -q flag, which disables syslog logging.
wallet-admin now supports registering new object or ACL verifier
implementations in the database.
Remove the restriction that all object implementations must have class
names of Wallet::Object::* and all ACL verifier implementations must
have class names of Wallet::ACL::*.
Add a full end-to-end test suite to catch protocol mismatches between
the client and server, such as the one fixed in this release.
Update the design documentation to reflect the current protocol and
implementation.
You can download it from:
<http://www.eyrie.org/~eagle/software/wallet/>
Please let me know of any problems or feature requests not already listed
in the TODO file.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list