wallet 0.12

I was hoping that this release would be the long-awaited 1.0 release, but I want to ensure that the server has database upgrade handling before I declare a 1.0 release. I ran out of time to finish that, so this is another beta release, although it's in production at Stanford.

The main change in this release is the addition of the wallet-rekey client program, which takes a keytab and retrieves new keys for every principal listed in that keytab that's in the local realm. The new keys are then merged back into the keytab. This is designed to make it easier to do periodic rekeying of service keytabs.

Thanks to Ian Durkacz, this version includes a new ACL type, krb5-regex, which is similar to krb5 but takes a Perl regular expression matching the authenticated principal instead of a simple string match.

There are two new reports in this version: objects unused, which returns all objects that have never been downloaded; and acls duplicate, which returns all sets of ACLs that have exactly the same entries. The wallet-report backend also now supports a help command which provides a summary of commands.

You can get the latest release from the wallet distribution page. I've uploaded new Debian packages to my personal Debian repository, although they're nearly ready to make it into Debian.

Posted: 2010-08-25 19:24 — Why no comments?

Last spun 2013-07-01 from thread modified 2013-01-04