wallet 1.4 released
Russ Allbery
eagle at eyrie.org
Sun Jun 3 22:39:27 EDT 2018
I'm pleased to announce release 1.4 of wallet.
The wallet is a system for managing secure data, authorization rules to
retrieve or change that data, and audit rules for documenting actions
taken on that data. Objects of various types may be stored in the wallet
or generated on request and retrieved by authorized users. The wallet
tracks ACLs, metadata, and trace information. It is built on top of the
remctl protocol and uses Kerberos GSS-API authentication. One of the
object types it supports is Kerberos keytabs, making it suitable as a
user-accessible front-end to Kerberos kadmind with richer ACL and metadata
operations.
Changes from previous release:
Substantial improvements to Active Directory support: Add a
contrib/ad-keytab script that assists with initial setup and examining
the Active Directory objects, rename some configuration variables to
reflect that they are relative distinguished names, add a
configuration variable for the base DN, make sure userPrincipalName is
created for all keytabs and use it to search, allow creation of a
service principal, and truncate and make unique long names in AD if
necessary. This support should still be considered experimental.
When getting configuration values from krb5.conf, pass the default
local realm into the Kerberos appdefault functions. This will produce
more correct results with krb5.conf files that specify wallet
configuration for multiple realms.
Remove stray references to strlcpy and strlcat that broke builds on
platforms where those functions are part of libc. Thanks to Karl
Kornel for the report.
Detect the path to Perl during configure, allowing an override by
setting the PERL environment or configure variable, and use that path
for all Perl scripts. This allows wallet to use a version of Perl at
a non-standard path. Patches from Karl Kornel.
Rename the script to bootstrap from a Git checkout to bootstrap,
matching the emerging consensus in the Autoconf world.
Add SPDX-License-Identifier headers to all substantial source files.
Update to rra-c-util 7.2:
* Improve configure output for krb5-config testing.
* Define UINT32_MAX for systems that don't have it.
* Add SPDX-License-Identifier headers to all substantial source files.
* Fix new warnings from GCC 7 and Clang warnings.
* Require Test::Strict 0.25 or later to run those tests.
* Fix off-by-one error in return-value checks for snprintf.
* Use Autoconf to probe for supported warning flags.
* Fix running module-version-t -u with current versions of Perl.
* Use C_TAP_SOURCE and C_TAP_BUILD instead of SOURCE and BUILD.
Update to C TAP Harness 4.3:
* Add support for valgrind and libtool in test lists.
* Report test failures as left and right, not wanted and expected.
* Fix string comparisons with NULL pointers and the string "(null)".
* Add SPDX-License-Identifier headers to all substantial source files.
* Avoid zero-length realloc allocations in breallocarray.
* Fix new warnings from GCC 7 and Clang warnings.
* Use C_TAP_SOURCE and C_TAP_BUILD instead of SOURCE and BUILD.
You can download it from:
<https://www.eyrie.org/~eagle/software/wallet/>
This package is maintained using Git; see the instructions on the above
page to access the Git repository.
Please let me know of any problems or feature requests not already listed
in the TODO file.
--
Russ Allbery (eagle at eyrie.org) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list