Life update

I see that I've gone quiet again, so it's about time for a general update on what's going on.

I hit the right mood to do some intensive coding, so I've been taking advantage of that for everything it's worth. I hadn't done much on some major work projects for the past couple of weeks, so the catchup was much needed.

Last Friday, I got password synchronization finally working in our test K5 realm with test AD and AFS kaserver. Monday, I got account status synchronization to AD also working, and then decided to reorganize and substantially rework the code for maintainability and public distribution. I started that Tuesday, worked on it spottily Wednesday, and then mostly finished in a marathon coding session Thursday. I'm just waiting on some administrivia and then I'll release version 0.3 of that toolkit to the public.

Before we go into production, I still have to add support for queuing failed changes, reviewing and processing the queue, and adding password changes to the queue (so that we can handle queuing a password change in Active Directory for a new account and just retrying that change until the account exists). Those will be in 0.4, or in 0.3 if I don't hear back soon enough and end up implementing them first.

Today, I decided to finally merge Douglas Engert's patch to do PKINIT in my Kerberos v5 PAM module and then do the major code refactoring that I wanted to do for a 3.0 release. That took longer than I expected, but I finished all the work just now (so about eleven hours of work on that today). I still need to test before I can release, and testing will probably take two or three hours given how much code I touched and how much I added, but once this release is out, I will have an almost empty TODO file for the module. (And I may do the one remaining bit just for the hell of it.)

In addition to the PKINIT stuff (which may not compile since I don't have access to a Heimdal release candidate with which to test it and I jiggered it around a lot), this release features some bug fixes and a workaround for a bug in MIT Kerberos 1.3, new banner and expose_account options to control the password prompts, a ticket_lifetime option, and a keytab option to specify a different keytab to use to validate user credentials. It also handles some things more cleanly and more strictly correct, such as freeing memory inside the Kerberos prompter properly and honoring PAM_SILENT in all cases.

Most everyone at work is already gone on vacation and various friends that I talk to on-line are also travelling or have other plans, so it's quite quiet right now. I'm planning on taking advantage of that to be able to focus on things for extended periods of time (as with the PAM module today). It's a nice feeling.