diff options
| author | Russ Allbery <rra@stanford.edu> | 2010-02-09 13:14:41 -0800 |
|---|---|---|
| committer | Russ Allbery <rra@stanford.edu> | 2010-02-09 13:14:41 -0800 |
| commit | b037770195ef0bd98d6655a65873b25d90e36032 (patch) | |
| tree | ee8d0977ef2f65072f0583d0838e61b8feb55e7d | |
| parent | 59455fd5e6a47a66a2a84779f42928fd66ec9747 (diff) | |
Document and make case-insensitive KEYTAB_KRBTYPE
KEYTAB_KRBTYPE wasn't documented in Wallet::Config. Add it and the
variable declaration. Also document the new mandatory setting in
NEWS and add the Heimdal::Kadm5 requirement to README. Remove some
of the language in README that implies that only MIT Kerberos is
supported.
Make the setting case-insensitive and improve the error message from
Wallet::Kadmin if it isn't set.
| -rw-r--r-- | NEWS | 8 | ||||
| -rw-r--r-- | README | 18 | ||||
| -rw-r--r-- | perl/Wallet/Config.pm | 9 | ||||
| -rw-r--r-- | perl/Wallet/Kadmin.pm | 9 |
4 files changed, 27 insertions, 17 deletions
@@ -2,6 +2,12 @@ wallet 0.10 (unreleased) + Add support for Heimdal KDCs as well as MIT Kerberos KDCs. There is + now a mandatory new setting in Wallet::Config: $KEYTAB_KRBTYPE. It + should be set to either "MIT" or "Heimdal" depending on the Kerberos + KDC implementation used. The Heimdal support requires the + Heimdal::Kadm5 Perl module. + Remove kaserver synchronization support. It is no longer tested, and retaining the code was increasing the complexity of wallet, and some specific requirements (such as different realm names between kaserver @@ -28,8 +34,6 @@ wallet 0.10 (unreleased) Report ACL names as well as numbers in object history. - Add support for Heimdal KDCs as well as MIT Kerberos KDCs. - wallet 0.9 (2008-04-24) The wallet command-line client now reads the data for store from a @@ -88,12 +88,13 @@ REQUIREMENTS Perl module, which comes with recent versions of Perl and is available on CPAN for older versions. - The keytab support in the wallet server requires the kadmin client - program be installed and currently assumes that it follows the syntax of - the MIT Kerberos kadmin client. It also requires that the wallet server - have a keytab for a principal with appropriate access to create, modify, - and delete principals from the KDC (as configured in kadm5.acl on an MIT - Kerberos KDC). + The keytab support in the wallet server supports either Heimdal or MIT + Kerberos KDCs. The Heimdal support requires the Heimdal::Kadm5 Perl + module. The MIT Kerberos support requires the MIT Kerberos kadmin + client program be installed. In either case, wallet also requires that + the wallet server have a keytab for a principal with appropriate access + to create, modify, and delete principals from the KDC (as configured in + kadm5.acl on an MIT Kerberos KDC). To support the unchanging flag on keytab objects, the Net::Remctl Perl module (shipped with remctl) must be installed on the server and the @@ -106,11 +107,6 @@ REQUIREMENTS to manage DNS), the Net::Remctl Perl module must be installed on the server. - To support synchronization with an AFS kaserver, the server must have - the Authen::Krb5 Perl module installed. AFS kaserver synchronization - support also requires building kasetkey, which requires AFS and Kerberos - v4 libraries. - To run the test suite, you must have Perl 5.8 or later and the Perl DBI module installed. You will also need a DBD module installed for the database backend you want to use (currently, either DBD::SQLite or diff --git a/perl/Wallet/Config.pm b/perl/Wallet/Config.pm index 7198c07..ae8cf9c 100644 --- a/perl/Wallet/Config.pm +++ b/perl/Wallet/Config.pm @@ -250,6 +250,15 @@ default PATH. our $KEYTAB_KADMIN = 'kadmin'; +=item KEYTAB_KRBTYPE + +The Kerberos KDC implementation type, either C<Heimdal> or C<MIT> +(case-insensitive). KEYTAB_KRBTYPE must be set to use keytab objects. + +=cut + +our $KEYTAB_KRBTYPE; + =item KEYTAB_PRINCIPAL The principal whose key is stored in KEYTAB_FILE. The wallet will diff --git a/perl/Wallet/Kadmin.pm b/perl/Wallet/Kadmin.pm index b3a630e..5c01ee3 100644 --- a/perl/Wallet/Kadmin.pm +++ b/perl/Wallet/Kadmin.pm @@ -1,7 +1,7 @@ # Wallet::Kadmin -- Kadmin module wrapper for the wallet. # # Written by Jon Robertson <jonrober@stanford.edu> -# Copyright 2009 Board of Trustees, Leland Stanford Jr. University +# Copyright 2009, 2010 Board of Trustees, Leland Stanford Jr. University # # See LICENSE for licensing terms. @@ -34,14 +34,15 @@ sub new { my ($kadmin); if (not $Wallet::Config::KEYTAB_KRBTYPE) { die "keytab object implementation not configured\n"; - } elsif ($Wallet::Config::KEYTAB_KRBTYPE eq 'MIT') { + } elsif (lc ($Wallet::Config::KEYTAB_KRBTYPE) eq 'mit') { require Wallet::Kadmin::MIT; $kadmin = Wallet::Kadmin::MIT->new; - } elsif ($Wallet::Config::KEYTAB_KRBTYPE eq 'Heimdal') { + } elsif (lc ($Wallet::Config::KEYTAB_KRBTYPE) eq 'heimdal') { require Wallet::Kadmin::Heimdal; $kadmin = Wallet::Kadmin::Heimdal->new; } else { - die "keytab krb server type not set to a valid value\n"; + my $type = $Wallet::Config::KEYTAB_KRBTYPE; + die "unknown KEYTAB_KRBTYPE setting: $type\n"; } return $kadmin; |