Posts for December 2014

2014-12-08: wallet 1.2

wallet is a system for secure credential management and distribution.

This release renames the duo object type to duo-pam (since it really only handles PAM integrations) and adds new object types duo-radius, duo-ldap, and duo-rdp to handle other types of Duo Security integrations.

It also adds a rename command, which can be used to rename existing objects without destroying them and recreating them. Currently, this only supports file objects.

My only role in this release was to do the final release management and a bit of release testing. The new code was implemented by Jon Robertson (who's also done a lot of work on wallet in the past).

You can get the latest release from the wallet distribution page.

2014-12-25: C TAP Harness 3.2

This is a fairly minor release, mostly to have a release of files that I'm updating in rra-c-util. Most of the changes are typos and other cosmetic fixes. But I hate releasing a new version of something without a little bit of new functionality, so I implemented comment support in test lists. The runtests driver now ignores comments (lines starting with #) and blank lines in test list files, and leading whitespace in front of test names.

You can get the latest version from the C TAP Harness distribution page.

2014-12-25: rra-c-util 5.6

rra-c-util is my personal collection of infrastructure for C and Perl packages. This release has a quite-large accumulation of small fixes, mostly from work Julien √ČLIE has done on merging it into INN and testing INN's portability on a wide variety of platforms.

The highlights:

You can get the latest version from the rra-c-util distribution page.

2014-12-25: pam-krb5 4.7

It's been a long, long time since the last upstream release. Rather too long, as the changes to the portability and test framework were larger than the changes to the module itself. But there are a few bug fixes here and one new feature.

The new feature is a new option, no_update_user, which disables the normal update of PAM_USER for the rest of the PAM stack to the canonicalized local username. This allows users to do things like enter Kerberos principals into the login prompt and have the right thing happen, but sometimes it's important to keep the authentication credentials as originally entered and not canonicalize, even if there's a local canonicalization available. This new option allows that.

In the bug-fix department, the module now suppresses spurious password prompts from Heimdal while using PKINIT and understands more Kerberos errors for purposes of try_first_pass support and returning better PAM errors.

The documentation now notes next to each option the version of pam-krb5 at which it was introduced with its current meaning.

You can get the latest version from the pam-krb5 distribution page.

Last modified and spun 2017-03-25