kadmin-remctl 3.2 released

Russ Allbery rra at stanford.edu
Thu Jun 9 18:22:23 EDT 2011 

I'm pleased to announce release 3.2 of kadmin-remctl.

kadmin-remctl provides a remctl backend that implements basic Kerberos
account administration functions (create, delete, enable, disable, reset
password, examine) plus user password changes and a call to strength-check
a given password.  It can also provide similar management of instances and
creation, deletion, and management of accounts in Heimdal, MIT Kerberos,
Active Directory, and an AFS kaserver where appropriate.  Also included is
a client for privileged users to use for password resets.  Many of the
defaults and namespace checks are Stanford-specific, but it can be
modified for other sites.

Changes from previous release:

    Add support for a separate blacklist of principals whose passwords
    cannot be changed with reset_passwd but who do not themselves have the
    ability to reset passwords.

    Properly handle incorrect password errors from Heimdal's kpasswd.
    Previously, if change_passwd failed because the original password was
    incorrect, kadmin-remctl-heim would output a confusing Expect error.

    When creating principals for Heimdal, set a default set of attributes
    before making the principal.  Heimdal::Kadm5 doesn't seem to be
    working properly with the default attributes from the default
    principal.  This currently hard-codes enabling pre-auth for new
    principals and needs to be revisited.

    Update to rra-c-util 3.6:

    * Check for krb5-config in /usr/kerberos/bin as well as user's PATH.
    * Add replacement for krb5_appdefault_* functions for AIX Kerberos.
    * Fix broken GCC attribute markers.
    * Fix Kerberos library probing without transitive shared libraries.
    * Suppress warnings when probing for AIX-only Kerberos headers.
    * Support Heimdal GSS-API on OpenBSD without a separate libroken.
    * Update GCC warning flags for GCC 4.6.1.

You can download it from:

    <http://www.eyrie.org/~eagle/software/kadmin-remctl/>

This package is maintained using Git; see the instructions on the above
page to access the Git repository.

Debian packages are available from my personal repository.  See the link
in the distribution pages above.

Please let me know of any problems or feature requests not already listed
in the TODO file.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

More information about the Kerberos mailing list