kadmin-remctl 3.0 released

Russ Allbery rra at stanford.edu
Wed Feb 17 23:29:01 EST 2010 

I'm pleased to announce release 3.0 of kadmin-remctl.

kadmin-remctl provides a remctl backend that implements basic Kerberos
account administration functions (create, delete, enable, disable, reset
password, examine) plus user password changes and a call to strength-check
a given password.  It can also provide similar management of instances and
creation, deletion, and management of accounts in Heimdal, MIT Kerberos,
Active Directory, and an AFS kaserver where appropriate.  Also included is
a client for privileged users to use for password resets.  Many of the
defaults and namespace checks are Stanford-specific, but it can be
modified for other sites.

Changes from previous release:

    Add kadmin-backend-heim, which duplicates the kadmin-backend
    functionality for Heimdal.  The examine function of this backend
    duplicates the output of the MIT getprinc function so that the output
    is compatible with the output of kadmin-backend.  This separate script
    is a temporary measure until both scripts can be refactored as Perl
    modules and use a better method to avoid code duplication.

    Use the Heimdal external program API for password strength checking in
    kadmin-backend-heim and check password strength on create if strength
    checking is enabled for that instance, since the Heimdal kadmin API
    doesn't enforce password strength on passwords changed by
    administrators.

    Allow - in principal names for the examine function.

    Add new config item for each instance, locked.  This optional value
    contains an array of a command and any arguments to it, which is 
    called to determine if the instance is locked for some external 
    policy reason.  If so, the enable command will fail for this instance.

    Significantly improve the error reporting in ksetpass and
    passwd_change by using modern Kerberos error functions where
    available, and avoid Kerberos API calls that are deprecated on
    Heimdal.

You can download it from:

    <http://www.eyrie.org/~eagle/software/kadmin-remctl/>

This package is maintained using Git; see the instructions on the above
page to access the Git repository.

Please let me know of any problems or feature requests not already listed
in the TODO file.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

More information about the Kerberos mailing list