diff options
| author | Russ Allbery <eagle@eyrie.org> | 2016-01-03 15:21:30 -0800 |
|---|---|---|
| committer | Russ Allbery <eagle@eyrie.org> | 2016-01-03 15:21:30 -0800 |
| commit | 3b8a786a0e4d77bfc63cc8d4373972ef578115ea (patch) | |
| tree | 97429c8d854e2f7c6a53076f7467e5710861a79e /NEWS | |
| parent | 45fa535256e8272511d1f6769069536248b565dd (diff) | |
Flesh out NEWS and update TODO for merged changes
Change-Id: I714a6298c36e6fd7eca6ee3acb01637a96773647
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 35 |
1 files changed, 31 insertions, 4 deletions
@@ -2,10 +2,27 @@ wallet 1.3 (unreleased) - A new object type, password (Wallet::Object::Password), is now - supported. This is a subclass of the file object that will randomly + A new ACL type, nested (Wallet::ACL::Nested), is now supported. The + identifier of this ACL names another ACL, and access is granted if + that ACL would grant access. This lets one combine multiple other + ACLs and apply the union to an object. To enable this ACL type for an + existing wallet database, use wallet-admin to register the new + verifier. + + A new variation on the ldap-attr ACL type, ldap-attr-root + (Wallet::ACL::LDAP::Attribute::Root), is now supported. This is + similar to netdb-root (compared to netdb): the authenticated principal + must end in /root, and the LDAP entry checked will be for the same + principal without the /root component. This is useful for limiting + access to certain privileged objects to Kerberos root instances. To + enable this ACL type for an existing wallet database, use wallet-admin + to register the new verifier. + + A new object type, password (Wallet::Object::Password), is now + supported. This is a subclass of the file object that will randomly generate content for the object if you do a get before storing any - content inside it. + content inside it. To enable this object type for an existing + database, use wallet-admin to register the new object. Add a new command to wallet-backend, update. This will update the contents of an object before running a get on it, and is only valid @@ -17,7 +34,8 @@ wallet 1.3 (unreleased) warrants. Add an acl replace command, to change all objects owned by one ACL to - be owned by another. + be owned by another. This currently only handles owner, not any of + the more specific ACLs. All ACL operations now refer to the ACL by name rather than ID. @@ -25,11 +43,20 @@ wallet 1.3 (unreleased) help for the existing unused report that implied it showed unstored as well as unused. + Add reports that list all object types (types) and all ACL schemes + (schemes) currently registered in the wallet database. + + Add a report of all ACLs that nest a given ACL. This requires some + additional local configuration (and probably some code). See + Wallet::Config for more information. + Took contributions from Commerzbank AG to improve wallet history. Add a command to dump all object history for searching on to wallet-report, and add a new script for more detailed object history operations to the contrib directory. + Displays of ACLs and ACL entries are now sorted correctly. + wallet 1.2 (2014-12-08) The duo object type has been split into several sub-types, each for a |