krb5-sync 2.0 released
Russ Allbery
rra at stanford.edu
Tue Feb 16 02:36:30 EST 2010
I'm pleased to announce release 2.0 of krb5-sync.
krb5-sync is a toolkit for updating passwords and account status from an
MIT or Heimdal Kerberos master KDC to Active Directory. It is implemented
as a patch to libkadm5srv and a plugin module that will push password
changes and selected account flag changes to Active Directory at the same
time as they are made to the local KDC database.
Changes from previous release:
Dropped support for AFS synchronization and all Kerberos v4 support.
This package now only synchronizes with Active Directory.
Add plugin support for the proposed kadmin hooks for Heimdal and
ported the code to Heimdal as well as MIT Kerberos. Add a patch for
Heimdal 1.3.1 to the patches directory. The implementation for
Heimdal is preliminary and will change in later releases.
Add an ad_ldap_base configuration option to specify the base DN for
Active Directory. Patch from Andreas Johansson.
Ignore connection timeouts from AD when running the queue with
krb5-sync-backend in silent mode.
Improve error reporting in the standalone krb5-sync utility.
Enable Automake silent rules. For a quieter build, pass the
--enable-silent-rules option to configure or build with make V=0.
Add portability code for platforms without a working snprintf or other
deficiencies and updated the code to take advantage of those
guarantees.
Update Kerberos Autoconf macros from rra-c-util 2.3:
* Check for networking libraries before Kerberos libraries.
* Sanity-check the results of krb5-config before proceeding.
* Fall back on manual probing if krb5-config doesn't work.
* Prefer KRB5_CONFIG from the environment.
* If krb5-config isn't executable, don't use it.
* Add --with-krb5-lib and --with-krb5-include configure options.
You can download it from:
<http://www.eyrie.org/~eagle/software/krb5-sync/>
This package is maintained using Git; see the instructions on the above
page to access the Git repository.
Please let me know of any problems or feature requests not already listed
in the TODO file.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list