krb5-sync 2.1 released
Russ Allbery
rra at stanford.edu
Thu Aug 26 21:37:19 EDT 2010
I'm pleased to announce release 2.1 of krb5-sync.
krb5-sync is a toolkit for updating passwords and account status from an
MIT or Heimdal Kerberos master KDC to Active Directory. It is implemented
as a patch to libkadm5srv and a plugin module that will push password
changes and selected account flag changes to Active Directory at the same
time as they are made to the local KDC database.
Changes from previous release:
Queue password changes on any failure to change the password in Active
Directory, rather than only on failures returned as an error in the
password change protocol. Heimdal 1.3.2 will return an error about a
missing service location plugin instead of the last error from Active
Directory, causing the plugin to fail the whole password change rather
than queuing it as intended for unknown users.
Fix suppression of some error messages in krb5-sync-backend when the
-s flag was given. This was broken by adding the krb5-sync: prefix to
error messages from krb5-sync.
Suppress the Heimdal service_locator plugin error message in
krb5-sync-backend when the -s flag was given.
Add a version of the krb5-sync patch for MIT Kerberos 1.8.3. This is
a simple forward-port of the 1.4.4 patch and doesn't use any of the
new plugin capabilities or configuration. Thanks to Sam Hartman for
the port.
The Active Directory status manipulation code no longer uses
deprecated OpenLDAP library functions.
Update to rra-c-util 2.6:
* Fix portability to bundled Heimdal on OpenBSD.
* Fix portability for missing krb5_get_init_creds_opt_free.
You can download it from:
<http://www.eyrie.org/~eagle/software/krb5-sync/>
This package is maintained using Git; see the instructions on the above
page to access the Git repository.
Please let me know of any problems or feature requests not already listed
in the TODO file.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list