krb5-sync 2.3 released

Russ Allbery rra at stanford.edu
Tue Sep 18 16:46:48 EDT 2012 

I'm pleased to announce release 2.3 of krb5-sync.

krb5-sync is a toolkit for synchronizing passwords and account status from
an MIT or Heimdal Kerberos master KDC to Active Directory.  Password
changes are done via the Kerberos password change protocol, and account
status is updated via LDAP.  It provides a plugin for the kadmin libraries
and supporting command-line utilities, as well as a patch for Heimdal and
older versions of MIT Kerberos to add plugin support.

Changes from previous release:

    When handling password changes from MIT Kerberos, quietly ignore
    changes where the password is NULL.  These are key randomizations,
    such as from addprinc -randkey, which this module inherently can't do
    anything with.

    The plugin is now installed in a kadm5_hook subdirectory under
    krb5/plugins (under libdir in turn), matching the plugin layout used
    by MIT Kerberos.

    When krb5-sync-backend is running in silent mode, ignore "Operation
    not permitted" errors from krb5_set_password.  Heimdal 1.5.2 returns
    this error from Active Directory when attempting to change the
    password of an account that does not exist.

    Properly pass Kerberos preprocessor flags to the compiler when
    building the plugin.

    Update to rra-c-util 4.6:

    * Pass --deps to krb5-config except with --enable-reduced-depends.
    * Do not assume string is nul-terminated in replacement strdup.
    * Avoid using local in the shell TAP library for Solaris portability.
    * Silence __attribute__ warnings on more compilers.

    Update to C TAP Harness 1.12:

    * Suppress plan and summary if bail is called before any tests run.
    * Only use feature-test macros when requested or built with gcc -ansi.
    * Drop is_double from the C TAP library to avoid requiring -lm.
    * Avoid using local in the shell libtap.sh library.
    * Silence __attribute__ warnings on more compilers.

You can download it from:

    <http://www.eyrie.org/~eagle/software/krb5-sync/>

This package is maintained using Git; see the instructions on the above
page to access the Git repository.

Debian packages have been uploaded to Debian experimental.

Please let me know of any problems or feature requests not already listed
in the TODO file.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

More information about the Kerberos mailing list