| < krb5-sync 0.7 | Russ Allbery > Eagle's Path > August 2007 | Latest haul > |
This is the first announced release of kadmin-remctl, although it's been available from my archives site for a while. This is a remctl front-end to the Kerberos kadmin functions to create, delete, enable, and disable accounts, change passwords, and so forth. We export this via a remctl interface for the use of other middleware at Stanford that can't cope with the direct kadmin protocol easily. We also provide a tool that will (after Saturday's upgrade) be based on remctl that the Help Desk uses to reset passwords for users, with various security checks.
This is the code that we're going into production with on Saturday and it works reasonably well, although it still leaves something to be desired in cleanliness and structure. For example, it uses the command-line OpenLDAP clients to modify Active Directory rather than using a native Perl LDAP implementation.
Hopefully, I'll have time to clean it up and improve it in the future. There's also a bit more work that needs to be done to support instance creation to work around iPass's completely broken security model.
You can get the latest version from the kadmin-remctl distribution page.
Posted: 2007-08-08 20:55 — Why no comments?
| < krb5-sync 0.7 | Russ Allbery > Eagle's Path > August 2007 | Latest haul > |