wallet 1.2 released
Russ Allbery
eagle at eyrie.org
Tue Dec 9 01:24:42 EST 2014
I'm pleased to announce release 1.2 of wallet.
The wallet is a system for managing secure data, authorization rules to
retrieve or change that data, and audit rules for documenting actions
taken on that data. Objects of various types may be stored in the wallet
or generated on request and retrieved by authorized users. The wallet
tracks ACLs, metadata, and trace information. It is built on top of the
remctl protocol and uses Kerberos GSS-API authentication. One of the
object types it supports is Kerberos keytabs, making it suitable as a
user-accessible front-end to Kerberos kadmind with richer ACL and metadata
operations.
Changes from previous release:
The duo object type has been split into several sub-types, each for a
specific type of Duo integration. The old type's functionality has
been moved to duo-pam (Wallet::Object::Duo::PAM), and new types are
supported for Duo's auth proxy configurations for LDAP and Radius, and
their RDP configuration. These types are duo-radius, duo-ldap, and
duo-rdp (Wallet::Object::Duo::RadiusProxy,
Wallet::Object::Duo::LDAPProxy, and Wallet::Object::Duo::RDP). The
old duo type still exists for compatability. To enable these object
types for an existing wallet database, use wallet-admin to register the
new object.
New rename command for file type objects. This will change the name
of the object itself and move any stored data for the file to the
correct location for the new name. Currently, rename is only
supported for file objects, but may be supported by other backends in
the future.
You can download it from:
<http://www.eyrie.org/~eagle/software/wallet/>
This package is maintained using Git; see the instructions on the above
page to access the Git repository.
Please let me know of any problems or feature requests not already listed
in the TODO file.
--
Russ Allbery (eagle at eyrie.org) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list