wallet 0.12 released
Russ Allbery
rra at stanford.edu
Wed Aug 25 22:43:12 EDT 2010
I'm pleased to announce release 0.12 of wallet.
The wallet is a system for managing secure data, authorization rules to
retrieve or change that data, and audit rules for documenting actions
taken on that data. Objects of various types may be stored in the wallet
or generated on request and retrieved by authorized users. The wallet
tracks ACLs, metadata, and trace information. It is built on top of the
remctl protocol and uses Kerberos GSS-API authentication. One of the
object types it supports is Kerberos keytabs, making it suitable as a
user-accessible front-end to Kerberos kadmind with richer ACL and metadata
operations.
Changes from previous release:
New client program wallet-rekey that, given a list of keytabs on the
command line, requests new keytab objects for each principal in the
local realm and then merges the new objects into that keytab. The
current implementation only acquires new keys and doesn't purge any
old keys.
A new ACL type, krb5-regex, is now supported. This ACL type is the
same as krb5 except that the identifier is interpreted as a Perl
regular expression and matched against the authenticated identity
attempting to run a wallet command. Patch from Ian Durkacz.
Add a objects unused report to wallet-report and Wallet::Report,
returning all objects that have never been downloaded (in other words,
have never been the target of a get command).
Add an acls duplicate report to wallet-report and Wallet::Report,
returning sets of ACLs that have exactly the same entries.
Add a help command to wallet-report, which returns a summary of all
available commands.
Update to C TAP Harness 1.5:
* Better reporting of fatal errors in the test suite.
* Summarize results at the end of test execution.
* Add tests/HOWTO from docs/writing-tests in C TAP Harness.
Update to rra-c-util 2.6:
* Fix portability to bundled Heimdal on OpenBSD.
* Improve checking for krb5_kt_free_entry with older MIT Kerberos.
* Fix portability for missing krb5_get_init_creds_opt_free.
* Fix header guard for util/xwrite.h.
* Restore default compiler configuration after GSS-API library probe.
You can download it from:
<http://www.eyrie.org/~eagle/software/wallet/>
This package is maintained using Git; see the instructions on the above
page to access the Git repository.
Please let me know of any problems or feature requests not already listed
in the TODO file.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list