kadmin-remctl 3.5

No, I still haven't written the generic Perl bindings for Kerberos that I really want to write (although I have made a bit more forward progress in writing the beginnings of some of the add-ons to Config::AutoConf that I would need in order to do so). This is just another bug-fix release for our remctl backend for doing kadmin actions.

Most of the fixes this time are around password changes. kadmin-remctl does password changes by running kpasswd under Expect, but its timeouts weren't long enough for our production environment under some conditions (particularly when propagating passwords into Active Directory). This release both fixes that and clears up some Perl warnings if we still hit timeouts. It also recognizes the new form of Heimdal kpasswd prompts in the upcoming 1.6 release and stops mapping password quality errors to more generic error messages. (I'm fixing that problem in krb5-strength instead.)

Also in this release, the Heimdal backend has been improved to use get rather than list to check whether a principal exists (not sure why it was ever using list), and to check the existence of a principal before enabling or disabling so that it can produce better error messages.

You can get the latest release from the kadmin-remctl distribution page.

Posted: 2013-10-10 20:03 — Why no comments?

Last modified and spun 2013-10-11