Posts for June 2012

2012-06-01: podlators 2.4.2

This release only contains test suite fixes. The new Pod::Simple (correctly) diagnoses a missing =encoding as a warning, but one part of the test suite didn't include an =encoding declaration. The test was for handling of POD source without =encoding, which is now always a warning, so I just removed the test.

You can get the latest release from the podlators distribution page.

2012-06-02: pam-krb5 4.6

This is the "catch up on external patches" release and has tons of new options.

First, there's a new anon_fast option, thanks to Yair Yarom, which will attempt to obtain anonymous credentials and use them as FAST armor rather than requiring an existing ticket cache. Note that anonymous authentication requires that your Kerberos KDC and client be configured for PKINIT and then support anonymous authentication.

Also from Yair Yarom is a new no_prompt option, which suppresses any PAM prompting and defers prompting to the Kerberos library. This can be helpful with some preauth mechanisms that want something other than passwords.

Finally, Yair Yarom provided a silent option, which forces behavior equivalent to when the application passes in PAM_SILENT, suppressing informational Kerberos library messages.

Roland C. Dowdeswell provided a patch for a new user_realm option, which sets the realm for unqualified user principals (like realm), but doesn't change the default realm for other purposes such as credential validation and principal mapping.

I also added a new trace option, which enables trace logging if the Kerberos libraries support it (which currently requires a very new MIT Kerberos release).

There are several fixes for alt_auth_map support, including fixing realm handling, allowing a realm to be specified in the map, and fixing some memory leaks. I also fixed a doubled colon in password prompts for Heimdal, avoided a segfault (NULL pointer dereference) if krb5_init_context fails, fixed initialization of time values on platforms where krb5_deltat is not a long, closed a memory leak in search_k5login, fixed some bogus error messages from the realm option, and improved the retry logic in try_first_pass.

You can get the latest release from the pam-krb5 distribution page. I'm now distributing both *.tar.gz and *.tar.xz files, since there seems to be significant movement towards xz and it produces substantial space savings (and I wanted to use it as the basis for the Debian packages). I will continue to distribute a *.tar.gz file for the forseeable future.

2012-06-17: Early summer haul

I'm just back from Canada, where I was for a lovely week of vacation both escaping the heat and enjoying Vancouver Island. I didn't get out as much this time, though, since most of the vacation was spent playing multiplayer Minecraft.

I love how many different ways there are to play Minecraft, and that makes it even more fun to use a shared world and to play together when all the people playing are in the same room. People like doing different things; one will go exploring or set up animal pens and colored sheep, while another dives to level 8 and starts branch mining.

I got to indulge my favorite thing to do in Minecraft, which is to take the path down to the mine face through the local cavern system and smooth it out and beautify it, make it look intentional, and scatter little bits of art and balconies with good views throughout it. And all the materials that I needed for that (diamonds for good tools, lots of colored wool for decoration, glass for windows) just turned up from what other people were doing, so I could just focus on building for as long as I had new ideas.

The Minecraft playing will drop off a lot now that I'm back, sadly, since I have a huge backlog of things that I need to do and I have only one system capable of playing it (due to the 3D requirements). But hopefully I can continue to drop into a multiplayer world from time to time.

Anyway, just before I left, I put in another book order for things that I'm anxious to read, and that arrived while I was gone.

Ann Aguirre — Grimspace (sff)
Elizabeth Bear — ad eternum (sff)
Andre Norton — Forerunner (sff)
Bruce Schneier — Liars and Outliers (non-fiction)
Karl Schroeder — Ashes of Candesce (sff)
Peter Tyson — Getting Started with Dwarf Fortress (non-fiction)
Catherynne M. Valente — The Girl Who Circumnavigated Fairyland (sff)

I'm now eight reviews behind (six books and two magazines), due to a wide variety of different factors. One goal for the next week is to do some serious catch-up.

2012-06-19: remctl 3.2

The primary new feature in this release is the beginnings of service discovery and dynamic help support.

There are two new remctld configuration options to support this: summary and help. summary defines an argument to a command that will summarize its various commands and their arguments. help defines an argument to a command that, when given the command and subcommand as further arguments, will provide documentation for that command in particular.

If those options are set, remctld will respond to the help command with summary information for all commands that the user is allowed to run, or with detailed documentation of a specific command (if the user would be allowed to run it). This is a formalization, and an integration with the ACL system, of some help conventions that we've been following at Stanford with remctl backends.

The remctld server now also doesn't segfault when no commands are defined and always closes connections from clients after low-level network errors, which should make it more robust. The error handling on Solaris has also been improved.

Finally, the build system has been fixed to better deal with GSS-API header probes when using a non-standard GSS-API location, and multiple portability issues in the test suite have been fixed.

You can get the latest version from the remctl distribution page.

Last modified and spun 2017-02-20