Your message dated Sat, 20 Jul 2024 09:00:12 +0000
with message-id <e1sv5wq-005pt5...@fasolo.debian.org>
and subject line Bug#1070211: fixed in krb5-wallet 1.5-1
has caused the Debian Bug report #1070211,
regarding ITP: krb5-wallet -- The wallet system manages secure data. It is
build on top of remctl. One of the object types it supports is Kerberos
keytabs, making it suitable as a user-accessible front-end to Kerberos kadmind
with richer ACL and metadata operations.
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1070211: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070211
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: wnpp
Severity: wishlist
Owner: Bill MacAllister <b...@ca-zephyr.org>
X-Debbugs-Cc: debian-de...@lists.debian.org
* Package name : krb5-wallet
Version : 1.5
Upstream Contact: Bill MacAllister <b...@ca-zephyr.org>
* URL : https://salsa.debian.org/whm/krb5-wallet
* License : (Expat)
Programming Lang: (C, Perl)
Description : The wallet used remctl to manage secure data.
The wallet is a client/server system using a central server with a
supporting database and a stand-alone client that can be widely
distributed to users. The server runs on a secure host with access to
a local database; tracks object metadata such as ACLs, attributes,
history, expiration, and ownership; and has the necessary access
privileges to create wallet-managed objects in external systems (such
as Kerberos service principals). The client uses the remctl protocol
to send commands to the server, store and retrieve objects, and query
object metadata. The same client can be used for both regular user
operations and wallet administrative actions.
All wallet actions are controlled by a fine-grained set of ACLs. Each
object has an owner ACL and optional get, store, show, destroy, and
flags ACLs that control more specific actions. A global administrative
ACL controls access to administrative actions. An ACL consists of zero
or more entries, each of which is a generic scheme and identifier
pair, allowing the ACL system to be extended to use any existing
authorization infrastructure. Supported ACL types include Kerberos
principal names, regexes matching Kerberos principal names, and LDAP
attribute checks.
Currently, the object types supported are simple files, passwords,
Kerberos keytabs, and Duo integrations. By default, whenever a
Kerberos keytab object is retrieved from the wallet, the key is
changed in the Kerberos KDC and the wallet returns a keytab for the
new key. However, a keytab object can also be configured to preserve
the existing keys when retrieved. Included in the wallet distribution
is a script that can be run via remctl on an MIT Kerberos KDC to
extract the existing key for a principal, and the wallet system will
use that interface to retrieve the current key if the unchanging flag
is set on a Kerberos keytab object for MIT Kerberos. (Heimdal doesn't
require any special support.)
--- End Message ---
--- Begin Message ---
Source: krb5-wallet
Source-Version: 1.5-1
Done: Bill MacAllister <b...@ca-zephyr.org>
We believe that the bug you reported is fixed in the latest version of
krb5-wallet, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1070...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bill MacAllister <b...@ca-zephyr.org> (supplier of updated krb5-wallet package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 06 Jul 2024 16:23:57 -0700
Binary: krb5-keytab-backend krb5-wallet-client krb5-wallet-client-dbgsym
krb5-wallet-server
Source: krb5-wallet
Architecture: all amd64 source
Version: 1.5-1
Distribution: unstable
Urgency: medium
Maintainer: Bill MacAllister <b...@ca-zephyr.org>
Changed-By: Bill MacAllister <b...@ca-zephyr.org>
Closes: 1070211
Description:
krb5-keytab-backend - Provide existing MIT Kerberos keytabs via remctl
krb5-wallet-client - Kerberos-authenticated secure data management client
krb5-wallet-server - Kerberos-authenticated secure data management server
Changes:
krb5-wallet (1.5-1) unstable; urgency=medium
.
[ Bill MacAllister ]
* Upload to Debian. (Closes: #1070211)
* Import new upstream version. This version has a limited set of
patches developed at Dropbox. Most of the Dropbox patches will
be included in a later version of krb5-wallet.
* Update debhelper version dependency to 13.
* Update Debian Policy version to 4.7.0.0. No changes required.
.
[ Russ Allbery ]
* Use a debhelper-compat dependency and drop debian/compat.
* Drop dh_install override to add --fail-missing, now the default.
* Remove Bugs control field now that the package is being uploaded to
Debian proper.
Checksums-Sha1:
1ba0093297253fa159943d11c4e9f24063d624e4 2364 krb5-wallet_1.5-1.dsc
3a38addf432f76da3474ea5dcca1b114453e1c28 357528 krb5-wallet_1.5.orig.tar.xz
3756e50200329e0cf468601384fe39da4734ad10 11412 krb5-wallet_1.5-1.debian.tar.xz
9b5bc102a04f68e446618dcee8386d30f7df226b 37900
krb5-keytab-backend_1.5-1_all.deb
bfc9c3a9f7b68c51a777b7ad5c8cb54707871f7d 58524
krb5-wallet-client-dbgsym_1.5-1_amd64.deb
6308f747ee183da25c52112720c5fdcea336702d 58600
krb5-wallet-client_1.5-1_amd64.deb
27ae55656e944e05fd88679e9924f8024831593d 251972
krb5-wallet-server_1.5-1_all.deb
4b768db927bf5bedbc5019b641a009ab73597f74 12240
krb5-wallet_1.5-1_amd64.buildinfo
Checksums-Sha256:
4cf7dbc90a532dff1c8619a9e07bc48ebc98154cb57a60991e35357d80a08a38 2364
krb5-wallet_1.5-1.dsc
b9fb9e67697b799f45896655f22f1f316dc66efdd97f2d3d87da2d859ecfd2f4 357528
krb5-wallet_1.5.orig.tar.xz
a591f27dcf78ed8af750a54c6d312ee3b5fd2b46b4658f68130619aa84c4fee5 11412
krb5-wallet_1.5-1.debian.tar.xz
5275950cfc11f25eb11913c651a30fa34aba4a8cdc576db6f2652cc76a04f8c6 37900
krb5-keytab-backend_1.5-1_all.deb
68a21ebd8507cccb0295ea5f6a912398e38687b37bc2ee5effad7e4d616dcdbc 58524
krb5-wallet-client-dbgsym_1.5-1_amd64.deb
f82412fc99227d9b0504d47aadb035cba4cb4a95b577ea60d7e9dd1fd34c4ed5 58600
krb5-wallet-client_1.5-1_amd64.deb
3d23334c949a4508fc4da48aaf73f06067cf2731347f2ba6129f7e9f59f81cd8 251972
krb5-wallet-server_1.5-1_all.deb
3cc19e5f1f19a317d68e8604b1be42f157a6ad8512150823ec8e7bf3077e4ed6 12240
krb5-wallet_1.5-1_amd64.buildinfo
Files:
13efc25cf2947e13a73025b92b183385 2364 net optional krb5-wallet_1.5-1.dsc
9b99f477957f9dab332f2dd5695965e7 357528 net optional
krb5-wallet_1.5.orig.tar.xz
f9297bcc48292b2fa250539eee49d8c5 11412 net optional
krb5-wallet_1.5-1.debian.tar.xz
1cbb3a754acc4810d784a5b2b762eba2 37900 net optional
krb5-keytab-backend_1.5-1_all.deb
4a8b9f7a7cdb88de49b1f75eb9f7463f 58524 debug optional
krb5-wallet-client-dbgsym_1.5-1_amd64.deb
4801f845ba0236fa3d9ad571cd1e6918 58600 net optional
krb5-wallet-client_1.5-1_amd64.deb
d1275b6e45536bf7fb0aac967e90bf9c 251972 net optional
krb5-wallet-server_1.5-1_all.deb
369879e0fbbafbe78e43d369b2ce5478 12240 net optional
krb5-wallet_1.5-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEE1zk0tJZ0z1zNmsJ4fYAxXFc23nUFAmaJ1G0ACgkQfYAxXFc2
3nV7uAf8CGwWrEhsrpMYLOxeXKv8Xqr6m9OPRlJDr2KKtdnDP2my760QSTJj9sd0
ahYU5sMSzEZ0DJhtLpkk9aEf8REuB+xfe2naESfWPB3dGsq2BEizTlsY2KsbwLXb
uYx95JxIkdvfO/rGeiZjqXZ1WFzcvipvKeeGuV3WNAqcml/wv2fI4E6DQLuRZgLu
QdS0yAxpapYGbDvUCGPL4Cmi2XpofuWZB4U4O4wW++0bEJjTqQ8TnVAFOuIxq7K4
MudNSm+5WETuIcdZcZr2Vnns74vzgIPrV+3agxRlwhjS4aNr1fUSKYYmnZJDwqCk
7uG5S2edSr5NOlqsUdvLCVetUAdeGw==
=iLR5
-----END PGP SIGNATURE-----
pgpkCLdSjrSIb.pgp
Description: PGP signature
--- End Message ---
