krb5-wallet.git/docs, branch upstream/1.3

Pass object type and name to external ACL verifiers

2016-01-16T23:35:49+00:00

This requires changing the ACL verifier plumbing to pass object type and name all the way through when verifying ACLs. Hopefully I caught everything.

Add Wallet::ACL::External ACL type

2016-01-04T03:29:20+00:00

A new ACL type, external (Wallet::ACL::External), is now supported. This ACL runs an external command to check if access is allowed, and passes the principal and the ACL identifier to that command. To enable this ACL type for an existing wallet database, use wallet-admin to register the new verifier. Change-Id: I21b72b4373eefc92985aca1505e2d1a1ec699602

Document the new ACL schemes in docs/design-acl

2016-01-03T22:58:20+00:00

Change-Id: Idd2e1038fc02dd51aab9a9ffdd5b3400db2b106f

Updated documentation for duo and password objects

2015-06-08T22:24:34+00:00

The documentation now includes information about the Duo file types, and the new password types. This is both the general information, and the Stanford-specific naming docs. Change-Id: Iae256224a063ce42f22cd933ef7bb3ab402e0e2d

Add new object type for Duo integrations

2014-07-12T02:02:12+00:00

A new object type, duo (Wallet::Object::Duo), is now supported. This creates an integration with the Duo Security cloud multifactor authentication service and allows retrieval of the integration key, secret key, and admin hostname. Currently, only UNIX integration types are supported. The Net::Duo Perl module is required to use this object type. New configuration settings are required as well; see Wallet::Config for more information. To enable this object type for an existing wallet database, use wallet-admin to register the new object. Change-Id: I2c0dac75e81f526b34d6b509c4bdaecb43dd4a9d Reviewed-on: https://gerrit.stanford.edu/1516 Reviewed-by: Russ Allbery Tested-by: Russ Allbery

Clarify use of the tivoli-key file type in Stanford policy

2013-09-15T01:45:37+00:00

tivoli-key used to always contain the entirety of the TSM.PWD file, but it's more useful to store only the encryption key in password form. Change-Id: Id770691fb756b7675ec0fe2eee1308a8974c9c3f Reviewed-on: https://gerrit.stanford.edu/1309 Reviewed-by: Russ Allbery Tested-by: Russ Allbery

Further clarify the ssl-key Stanford naming policy

2013-04-13T02:39:09+00:00

Adam requested some clarification on whether the name of the object should be fully-qualified or not (since we didn't in the legacy naming scheme). Change-Id: I52fcab71e54aee38f0c03eff774f927c5836ad03 Reviewed-on: https://gerrit.stanford.edu/1054 Reviewed-by: Russ Allbery Tested-by: Russ Allbery

Add NEWS entry and doc reference to Wallet::Policy::Stanford

2013-03-28T00:28:20+00:00

Change-Id: If833e4a6434362e04e738274a6f7fb276a9efe51 Reviewed-on: https://gerrit.stanford.edu/988 Reviewed-by: Russ Allbery Tested-by: Russ Allbery

Allow owners of objects to destroy them by default

2013-03-27T19:52:58+00:00

Owners of wallet objects are now allowed to destroy them. In previous versions, a special destroy ACL had to be set and the owner ACL wasn't used for destroy actions, but operational experience at Stanford has shown that letting owners destroy their own objects is a better model. Change-Id: I0e97d7a000e62cf5321add7b44140db6edc6769f Reviewed-on: https://gerrit.stanford.edu/973 Reviewed-by: Russ Allbery Tested-by: Russ Allbery

Add license statements to all textual documentation in docs

2013-02-28T00:53:58+00:00

Change-Id: Id5af9714e3d4f516cf7391c869eff89521e145c5 Reviewed-on: https://gerrit.stanford.edu/849 Reviewed-by: Russ Allbery Tested-by: Russ Allbery