wallet 1.3

It's been over a year since the last release of the wallet, a system for storing and retrieving secure credentials (currently relying on Kerberos authentication). There were a ton of pending changes, mostly thanks to work from Jon Robertson and Bill MacAllister.

I'm still really itching to rewrite all of this code, which is also part of why I haven't uploaded packages to Debian proper yet. I no longer like the way that I designed it, particularly in the Perl modules used by the server side, and want to rewrite it rather substantially. Thankfully, I'm starting to use it for work again, although only as a supplement to another in-house key management system. I might just barely be able to justify investing some effort in that as part of my job. We'll see. In the meantime, it feels awkward and clunky to work with, which makes me itch when I'm preparing new releases.

In any event, this release adds preliminary support for using Active Directory as a backend for Kerberos keytabs, and adds both nested (ACLs that are groups of other ACLs) and external (run an external command to make authorization decisions) ACLs. It also adds a root instance variant of ldap-attr, and a new object type: password, which will automatically generate a password if one wasn't already stored.

There are a few new wallet commands: update, which will always change the content of an object even if marked unchanging, and acl replace, which will replace all instances of an ACL as an owner field with some other ACL. There are also multiple new wallet reports, and various bug fixes to how ACLs are displayed.

You can get the latest version from the wallet distribution page.