wallet 1.2 released

Russ Allbery eagle at eyrie.org
Tue Dec 9 01:24:42 EST 2014

I'm pleased to announce release 1.2 of wallet.

The wallet is a system for managing secure data, authorization rules to
retrieve or change that data, and audit rules for documenting actions
taken on that data.  Objects of various types may be stored in the wallet
or generated on request and retrieved by authorized users.  The wallet
tracks ACLs, metadata, and trace information.  It is built on top of the
remctl protocol and uses Kerberos GSS-API authentication.  One of the
object types it supports is Kerberos keytabs, making it suitable as a
user-accessible front-end to Kerberos kadmind with richer ACL and metadata

Changes from previous release:

    The duo object type has been split into several sub-types, each for a
    specific type of Duo integration.  The old type's functionality has
    been moved to duo-pam (Wallet::Object::Duo::PAM), and new types are
    supported for Duo's auth proxy configurations for LDAP and Radius, and
    their RDP configuration.  These types are duo-radius, duo-ldap, and
    duo-rdp (Wallet::Object::Duo::RadiusProxy,
    Wallet::Object::Duo::LDAPProxy, and Wallet::Object::Duo::RDP).  The
    old duo type still exists for compatability.  To enable these object
    types for an existing wallet database, use wallet-admin to register the
    new object.

    New rename command for file type objects.  This will change the name
    of the object itself and move any stored data for the file to the
    correct location for the new name.  Currently, rename is only
    supported for file objects, but may be supported by other backends in
    the future.

You can download it from:


This package is maintained using Git; see the instructions on the above
page to access the Git repository.

Please let me know of any problems or feature requests not already listed
in the TODO file.

Russ Allbery (eagle at eyrie.org)              <http://www.eyrie.org/~eagle/>

More information about the Kerberos mailing list