kstart 4.0

Between one thing and another, it had been almost two years since the last kstart release, which surprised me when I finally started working on it again. I'd been intending to put out a new release for some time, but apparently never got around to it. As a result, there were a ton of accumulated features and bug fixes, not to mention a huge update to the testing and portability framework.

The main backward-incompatible change in this release is that I finally dropped k4start from the distribution. I haven't been able to test it for years, no one (or almost no one) is shipping Kerberos v4 libraries any more, and I wanted to do a significant code restructuring. People who really need it can use older releases.

k5start and krenew now both allow arbitrary ticket cache designators to be passed with -k, rather than forcing the argument to -k to be a file cache, and both canonicalize the ticket cache name (by asking the Kerberos library for the real name) before passing it to subprocesses via the environment. These features combined should allow them to work much better with various non-file ticket caches.

k5start and krenew now both, when running as a daemon or when running a command, default to staying running even if authentication fails. This allows them to be more robust against temporary problems with contacting a Kerberos KDC, and is similar to what krenew -i previously did. krenew still exits by default if the ticket cache disappears or if the tickets are no longer renewable; to make it stay running in those situations, use krenew -i as before. Both k5start and krenew have a new -x option that restores the previous behavior of exiting on any error.

k5start, when run with the -o, -g, or -m options, now writes out a temporary ticket cache in the same directory, sets the ownership and permissions, and then does an atomic rename, closing a possible race where a process using that cache could temporarily not have access to it.

k5start and krenew both now propagate SIGINT to the child process when running a command rather than just exiting. Signal handlers are now set with sigaction, rather than signal, which will hopefully fix problems with propagating multiple signals.

The embedded kafs library has been updated to the current rra-c-util release, which adds support for Mac OS X and Solaris 11.

There are also a bunch of minor bug fixes and portability improvements, particularly to the build system.

You can get the latest release from the kstart distribution page.

Posted: 2011-12-29 20:58 — Why no comments?

Last spun 2022-02-06 from thread modified 2013-01-04