kadmin-remctl 2.0 released

Russ Allbery rra at stanford.edu
Wed Mar 26 00:37:54 EDT 2008


I'm pleased to announce release 2.0 of kadmin-remctl.

kadmin-remctl provides a remctl backend that implements basic Kerberos
account administration functions (create, delete, enable, disable, reset
password, examine) plus user password changes and a call to strength-check
a given password.  It can also provide similar management of instances and
creation, deletion, and management of accounts in MIT Kerberos, Active
Directory, and an AFS kaserver where appropriate.  Also included is a
client for privileged users to use for password resets.  Many of the
defaults and namespace checks are Stanford-specific, but it can be
modified for other sites.

Changes from previous release:

    Significantly rework kadmin-backend.  The configuration variable for
    instance management has been renamed to %CONFIG and now must be set.
    It controls both instances and principals without instances.  Many of
    the global settings have been moved into that hash and can be set
    per-instance.  Particular instances may now be configured to only
    exist in Active Directory and bypass Kerberos v5 entirely.

    Add the ksetpass client, which sets a Kerberos password via the
    password change protocol using an existing Kerberos ticket cache.
    Support using it for password resets in Active Directory and to work
    around a Windows Server 2008 bug that prevents setting passwords at
    the time of account creation when using GSS-API authentication.  Based
    on work by Dmitri Priimak.

    Support enable and disable commands for instance management as well.

    Recognize instance list errors from kadmin correctly.  kadmin returns
    errors prefixed by get_principals, not list_principals.

    Allow for kadmin binaries that print error messages in two parts by
    waiting for the end of the line before extracting the error message.

    When checking against ACLs, support include commands with the same
    syntax as remctld.

    Change some kadmin-backend defaults to be less Stanford-specific.

You can download it from:

    <http://www.eyrie.org/~eagle/software/kadmin-remctl/>

Please let me know of any problems or feature requests not already listed
in the TODO file.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the Kerberos mailing list