Unnamed repository; edit this file 'description' to name the repository. https://git.gnuabordo.com.br/krb5-wallet.git/atom?h=release%2F0.11 2010-03-08T18:19:03+00:00 2010-03-08T18:19:03+00:00 Russ Allbery rra@stanford.edu 2010-03-08T18:19:03+00:00 urn:sha1:bc105004b8e88e1ede75dae0028d3ef10c15b57a Parallel to objects name, add an acls name audit that returns all ACLs that do not follow the site naming standard. 2010-03-06T01:25:50+00:00 Russ Allbery rra@stanford.edu 2010-03-06T01:25:50+00:00 urn:sha1:fd7f47ed7dccb3ee01ddaa7e24b8bd7bffb6a1c6 Wallet::Config now supports an additional local function, verify_acl_name, which can be used to enforce ACL naming policies. If set, it is called for any ACL creation or rename and can reject the new ACL name. 2010-03-06T00:56:47+00:00 Russ Allbery rra@stanford.edu 2010-03-06T00:56:47+00:00 urn:sha1:0e3df4c4159650e6de7fdcf6a0f0b661f25c03f7 Add the acls unused report to wallet-report and Wallet::Report, returning all ACLs not referenced by any database objects. 2010-03-05T20:00:31+00:00 Russ Allbery rra@stanford.edu 2010-03-05T20:00:31+00:00 urn:sha1:bb9f9d6d57ea09ef8fdcf81bcc77da8f1da5b41d 2010-03-04T06:44:53+00:00 Russ Allbery rra@stanford.edu 2010-03-04T06:44:53+00:00 urn:sha1:acc73c988b845448230942de0f07263546763420 Do this only in the main text, not in the SEE ALSO section, since the latter is more for conventional man pages. This will produce better results for some POD to HTML converters (although not mine, yet). 2010-03-04T06:37:18+00:00 Russ Allbery rra@stanford.edu 2010-03-04T06:37:18+00:00 urn:sha1:a131c767d1eee7b98170962f7f9d4063be69e576 Add an audit command to wallet-report and one audit: objects name, which returns all objects that do not pass the local naming policy. The corresponding Wallet::Report method is audit(). Wallet::Config::verify_name may now be called with an undefined third argument (normally the user attempting to create an object). This calling convention is used when auditing, and the local policy function should select the correct policy to apply for useful audit results. 2010-03-04T05:06:41+00:00 Russ Allbery rra@stanford.edu 2010-03-04T05:06:41+00:00 urn:sha1:6c1f7d325239f305b9bf6a4503165cefae1ee3d8 When deleting an ACL on the server, verify that the ACL is not referenced by any object first. Database referential integrity should also catch this, but not all database backends may enforce referential integrity. This also allows us to return a better error message naming an object that's still using that ACL. 2010-02-21T05:52:38+00:00 Russ Allbery rra@stanford.edu 2010-02-21T05:52:38+00:00 urn:sha1:3b3e387b6bca35a00a86ad41e39874eeadcb78b9 Update the wallet client, wallet-backend, and Wallet::Object::File documentation for the support for storing data containing nul characters using the new stdin support in remctld. Add this to NEWS. 2010-02-19T09:21:48+00:00 Russ Allbery rra@stanford.edu 2010-02-19T09:21:48+00:00 urn:sha1:345333f027be0b34318584b3f1b5e3e12adcaa98 Move all reporting from Wallet::Admin to Wallet::Report and simplify the method names since they're now part of a dedicated reporting class. Similarly, create a new wallet-report script to wrap Wallet::Report, moving all reporting commands to it from wallet-admin, and simplify the commands since they're for a dedicated reporting script. Remove the contrib script wallet-report to wallet-summary so that it doesn't conflict with the new reporting backend script. 2010-02-19T06:06:17+00:00 Russ Allbery rra@stanford.edu 2010-02-19T06:06:17+00:00 urn:sha1:93eb5f8fe8d05398dd6fb364680e40eb8dae23e4 Change the API for keytab_rekey to match keytab, returning the keytab as data instead of writing it to a file. This simplifies the wallet object implementation and moves the logic for reading the temporary file into Wallet::Kadmin and its child classes. (Eventually, there may be a kadmin backend that doesn't require using a temporary file.) Setting KEYTAB_TMP is now required to instantiate either the ::MIT or ::Heimdal Wallet::Kadmin classes.