I'm pleased to announce release 1.4 of wallet. The wallet is a system for managing secure data, authorization rules to retrieve or change that data, and audit rules for documenting actions taken on that data. Objects of various types may be stored in the wallet or generated on request and retrieved by authorized users. The wallet tracks ACLs, metadata, and trace information. It is built on top of the remctl protocol and uses Kerberos GSS-API authentication. One of the object types it supports is Kerberos keytabs, making it suitable as a user-accessible front-end to Kerberos kadmind with richer ACL and metadata operations.
Changes from previous release: Substantial improvements to Active Directory support: Add a contrib/ad-keytab script that assists with initial setup and examining the Active Directory objects, rename some configuration variables to reflect that they are relative distinguished names, add a configuration variable for the base DN, make sure userPrincipalName is created for all keytabs and use it to search, allow creation of a service principal, and truncate and make unique long names in AD if necessary. This support should still be considered experimental. When getting configuration values from krb5.conf, pass the default local realm into the Kerberos appdefault functions. This will produce more correct results with krb5.conf files that specify wallet configuration for multiple realms. Remove stray references to strlcpy and strlcat that broke builds on platforms where those functions are part of libc. Thanks to Karl Kornel for the report. Detect the path to Perl during configure, allowing an override by setting the PERL environment or configure variable, and use that path for all Perl scripts. This allows wallet to use a version of Perl at a non-standard path. Patches from Karl Kornel. Rename the script to bootstrap from a Git checkout to bootstrap, matching the emerging consensus in the Autoconf world. Add SPDX-License-Identifier headers to all substantial source files. Update to rra-c-util 7.2: * Improve configure output for krb5-config testing. * Define UINT32_MAX for systems that don't have it. * Add SPDX-License-Identifier headers to all substantial source files. * Fix new warnings from GCC 7 and Clang warnings. * Require Test::Strict 0.25 or later to run those tests. * Fix off-by-one error in return-value checks for snprintf. * Use Autoconf to probe for supported warning flags. * Fix running module-version-t -u with current versions of Perl. * Use C_TAP_SOURCE and C_TAP_BUILD instead of SOURCE and BUILD. Update to C TAP Harness 4.3: * Add support for valgrind and libtool in test lists. * Report test failures as left and right, not wanted and expected. * Fix string comparisons with NULL pointers and the string "(null)". * Add SPDX-License-Identifier headers to all substantial source files. * Avoid zero-length realloc allocations in breallocarray. * Fix new warnings from GCC 7 and Clang warnings. * Use C_TAP_SOURCE and C_TAP_BUILD instead of SOURCE and BUILD. You can download it from: <https://www.eyrie.org/~eagle/software/wallet/> This package is maintained using Git; see the instructions on the above page to access the Git repository. Please let me know of any problems or feature requests not already listed in the TODO file. -- Russ Allbery (ea...@eyrie.org) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos