krb5-wallet.git/NEWS, branch debian/1.0-3

Fix several bugs in Wallet::Object::Keytab enctype handling

2013-11-05T20:34:28+00:00

There was a missing resultset() call in one place and the wrong resultset used in a different place, causing the enctype management code to not work. Change-Id: I796169c5968ec164f90f3cd75541dd346dd50fdf Reviewed-on: https://gerrit.stanford.edu/1070 Reviewed-by: Russ Allbery Tested-by: Russ Allbery

Add NEWS entry and doc reference to Wallet::Policy::Stanford

2013-03-28T00:28:20+00:00

Change-Id: If833e4a6434362e04e738274a6f7fb276a9efe51 Reviewed-on: https://gerrit.stanford.edu/988 Reviewed-by: Russ Allbery Tested-by: Russ Allbery

Document the new WebAuth keyring object type

2013-03-27T23:24:54+00:00

Add a mention to NEWS and to the REQUIREMENTS section of README. Change-Id: I560f737e9cb899046f7fe3c8d2c8c648d31041e7 Reviewed-on: https://gerrit.stanford.edu/985 Reviewed-by: Russ Allbery Tested-by: Russ Allbery

Release 1.0

2013-03-27T22:17:54+00:00

Change-Id: Idf9876ef781340ec45e113fd555a0f2c5f05a3a9 Reviewed-on: https://gerrit.stanford.edu/976 Reviewed-by: Russ Allbery Tested-by: Russ Allbery

Add NEWS entry for the DBIx::Class transition

2013-03-27T22:17:45+00:00

Change-Id: Ie8ee7f8b2f430ca9b5f38d2e060659f48dacc35f Reviewed-on: https://gerrit.stanford.edu/975 Reviewed-by: Russ Allbery Tested-by: Russ Allbery

Allow owners of objects to destroy them by default

2013-03-27T19:52:58+00:00

Owners of wallet objects are now allowed to destroy them. In previous versions, a special destroy ACL had to be set and the owner ACL wasn't used for destroy actions, but operational experience at Stanford has shown that letting owners destroy their own objects is a better model. Change-Id: I0e97d7a000e62cf5321add7b44140db6edc6769f Reviewed-on: https://gerrit.stanford.edu/973 Reviewed-by: Russ Allbery Tested-by: Russ Allbery

Update to rra-c-util 4.8 and C TAP Harness 1.12

2013-02-28T00:52:32+00:00

Update to rra-c-util 4.8: * Look for krb5-config in /usr/kerberos/bin after the user's PATH. * Kerberos library probing fixes without transitive shared libraries. * Fix Autoconf warnings when probing for AIX's bundled Kerberos. * Avoid using krb5-config if --with-{krb5,gssapi}-{include,lib} given. * Correctly remove -I/usr/include from Kerberos and GSS-API flags. * Build on systems where krb5/krb5.h exists but krb5.h does not. * Pass --deps to krb5-config unless --enable-reduced-depends was used. * Do not use krb5-config results unless gssapi is supported. * Fix probing for Heimdal's libroken to work with older versions. * Update warning flags for GCC 4.6.1. * Update utility library and test suite for newer GCC warnings. * Fix broken GCC attribute markers causing compilation problems. * Suppress warnings on compilers that support gcc's __attribute__. * Add notices to all files copied over from rra-c-util. * Fix warnings when reporting memory allocation failure in messages.c. * Fix message utility library compiler warnings on 64-bit systems. * Include strings.h for additional POSIX functions where found. * Use an atexit handler to clean up after Kerberos tests. * Kerberos test configuration now goes in tests/config. * The principal of the test keytab is determined automatically. * Simplify the test suite calls for Kerberos and remctl tests. * Check for a missing ssize_t. * Improve the xstrndup utility function. * Checked asprintf variants are now void functions and cannot fail. * Fix use of long long in portable/mkstemp.c. * Fix test suite portability to Solaris. * Substantial improvements to the POD syntax and spelling checks. Update to C TAP Harness 1.12: * Fix compliation of runtests with more aggressive warnings. * Add a more complete usage message and a -h command-line flag. * Flush stderr before printing output from tests. * Better handle running shell tests without BUILD and SOURCE set. * Fix runtests to honor -s even if BUILD and -b aren't given. * runtests now frees all allocated resources on exit. * Only use feature-test macros when requested or built with gcc -ansi. * Drop is_double from the C TAP library to avoid requiring -lm. * Avoid using local in the shell libtap.sh library. * Suppress warnings on compilers that support gcc's __attribute__. Change-Id: I394294d5486ac1ce265c7713bec71a148aaaf1ce Reviewed-on: https://gerrit.stanford.edu/841 Reviewed-by: Russ Allbery Tested-by: Russ Allbery

Add new acl check command

2012-11-04T18:38:29+00:00

Add a new acl check command which, given an ACL ID, prints yes if that ACL already exists and no otherwise. This is parallel to the check command for objects. Also fix some documentation errors in the wallet client documentation, saying that the check command doesn't require any ACL and fixing one place where "show" was used instead of "store".

Add NEWS entry for new object type and ACL scheme documentation

2012-07-16T23:58:37+00:00

Add initial LDAP attribute ACL verifier

2012-04-04T03:40:01+00:00

A new ACL type, ldap-attr (Wallet::ACL::LDAP::Attribute), is now supported. This ACL type grants access if the LDAP entry corresponding to the principal contains the attribute name and value specified in the ACL. The Net::LDAP and Authen::SASL Perl modules are required to use this ACL type. New configuration settings are required as well; see Wallet::Config for more information. To enable this ACL type for an existing wallet database, use wallet-admin to register the new verifier.