wallet status

Man, it was like pulling teeth to get any work done today. I'm not really sure why, although it probably has something to do with my lack of a weekend last weekend catching up with me. I had most of the weekend off, but getting up at 6am really messes with me these days when I do it three days in one week (and don't get into bed as early as I should).

I did, however, get some work done on the new wallet system (which will be our new keytab distribution system). Infrastructure work, not really getting close to finishing it, but there's now a basic test suite for the wallet client, which currently can download keytabs and show information about them if there were a server backend against which it could work. The server that I'm going to use for this isn't ready for me yet, so I think I'm going to continue working on the client for the time being, or perhaps on the remctl backend used to extract selected existing keys from the KDC.

Testing of remctl 2.1 on Solaris turned up various additional issues, and it looks like I'm going to want the remctl Perl bindings for the wallet sooner rather than later (for the wallet server to pull selected keys from the KDC), so I may move away from the wallet briefly to add Perl bindings to remctl and release remctl 2.2 with that and the Solaris fixes.

Basically, what's left before I have a keytab distribution system is writing the remctl code to extract existing keys from the KDC using a kadmin.local modification to optionally not randomize keys (replacing our existing srvtab/keytab caching); writing enough of the basic server framework to implement the keytab storage backend, Kerberos principal and principal group ACLs, and the core code to plug it together; adding additional keytab management to the client, including merging together keytabs and removing keys with old kvnos; and writing the conversion scripts to take the existing data and transfer it into the new MySQL schema. It's looking more tractable the more design I do, and I expect I'll hit my code-complete target of the 15th of next month unless something unforseen comes up, particularly since that doesn't include keytab merging or the conversion scripts. The time-consuming part is writing the test suite.

No review tonight; I was over at a friend's house talking instead. Hopefully a magazine review tomorrow and then another book review Friday. I'm still working on reading A Feast for Crows, slowly.