kadmin-remctl 3.1 released

Russ Allbery rra at stanford.edu
Wed Jul 21 19:17:27 EDT 2010 

I'm pleased to announce release 3.1 of kadmin-remctl.

kadmin-remctl provides a remctl backend that implements basic Kerberos
account administration functions (create, delete, enable, disable, reset
password, examine) plus user password changes and a call to strength-check
a given password.  It can also provide similar management of instances and
creation, deletion, and management of accounts in Heimdal, MIT Kerberos,
Active Directory, and an AFS kaserver where appropriate.  Also included is
a client for privileged users to use for password resets.  Many of the
defaults and namespace checks are Stanford-specific, but it can be
modified for other sites.

Changes from previous release:

    In the Heimdal backend, don't set KADM5_POLICY_NORMAL_MASK or
    KADM5_POLICY_CLR as attributes when creating a new principal.  These
    are not valid attribute values and end up setting or clearing large
    numbers of other attributes.

    In the Heimdal backend, don't unconditionally set the preauth required
    attribute on newly created principals.  This should be handled using
    the "default" principal in Heimdal to configure the desired default
    principal lifetime and attributes.

    kadmin-backend for an MIT Kerberos server no longer has the boolean
    checking configuration parameter, which said whether to do password
    checking.  Instead, there is a new policy configuration parameter
    which, if set, sets that password policy for newly created accounts.
    To duplicate the previous behavior when checking was true, set policy
    to "standard".

    Add an expiration command, which sets the expiration date of a
    principal.  Based on a patch from Garrett Wollman.

    Add a pwexpiration command, which sets the expiration date of the
    password of a principal.

    Add a check_expire command, which returns the expiration date of
    either a principal or a password.

    kadmin backend for an MIT Kerberos server now supports the create_opts
    configuration parameter, which adds additional options that are passed
    to kadmin addprinc when a principal is created.  Based on a patch by
    Garrett Wollman.

    Allow underscores in principal names by default in the examine
    function.

    Update to rra-c-util 2.5:

    * Restore default settings after probing for GSS-API libraries.
    * Support the *BSD build of Heimdal in the Kerberos probes.
    * Fix krb5_free_error_message replacement for older Kerberos libraries.

You can download it from:

    <http://www.eyrie.org/~eagle/software/kadmin-remctl/>

This package is maintained using Git; see the instructions on the above
page to access the Git repository.

Please let me know of any problems or feature requests not already listed
in the TODO file.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

More information about the Kerberos mailing list