diff options
| author | Bill MacAllister <whm@dropbox.com> | 2016-01-05 08:18:37 +0000 |
|---|---|---|
| committer | Bill MacAllister <whm@dropbox.com> | 2016-01-05 08:18:37 +0000 |
| commit | 9e1b210844faaa451cee3b9c0afa738120062e79 (patch) | |
| tree | 04dc0116e6db1af234359b2f92bc6c280eb7b2ff /NEWS | |
| parent | 2a03ce35be9b900cc0fd5f305dec54ebcf3fed5a (diff) | |
| parent | 802e47e8d84530d191817b2d86978a0b09803186 (diff) | |
Merge branch 'master' into ad-keytabs
Conflicts:
NEWS
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 37 |
1 files changed, 35 insertions, 2 deletions
@@ -2,10 +2,33 @@ wallet 1.3 (unreleased) + A new ACL type, nested (Wallet::ACL::Nested), is now supported. The + identifier of this ACL names another ACL, and access is granted if + that ACL would grant access. This lets one combine multiple other + ACLs and apply the union to an object. To enable this ACL type for an + existing wallet database, use wallet-admin to register the new + verifier. + + A new ACL type, external (Wallet::ACL::External), is now supported. + This ACL runs an external command to check if access is allowed, and + passes the principal and the ACL identifier to that command. To + enable this ACL type for an existing wallet database, use wallet-admin + to register the new verifier. + + A new variation on the ldap-attr ACL type, ldap-attr-root + (Wallet::ACL::LDAP::Attribute::Root), is now supported. This is + similar to netdb-root (compared to netdb): the authenticated principal + must end in /root, and the LDAP entry checked will be for the same + principal without the /root component. This is useful for limiting + access to certain privileged objects to Kerberos root instances. To + enable this ACL type for an existing wallet database, use wallet-admin + to register the new verifier. + A new object type, password (Wallet::Object::Password), is now supported. This is a subclass of the file object that will randomly generate content for the object if you do a get before storing any - content inside it. + content inside it. To enable this object type for an existing + database, use wallet-admin to register the new object. Add a new command to wallet-backend, update. This will update the contents of an object before running a get on it, and is only valid @@ -17,7 +40,8 @@ wallet 1.3 (unreleased) warrants. Add an acl replace command, to change all objects owned by one ACL to - be owned by another. + be owned by another. This currently only handles owner, not any of + the more specific ACLs. All ACL operations now refer to the ACL by name rather than ID. @@ -25,11 +49,20 @@ wallet 1.3 (unreleased) help for the existing unused report that implied it showed unstored as well as unused. + Add reports that list all object types (types) and all ACL schemes + (schemes) currently registered in the wallet database. + + Add a report of all ACLs that nest a given ACL. This requires some + additional local configuration (and probably some code). See + Wallet::Config for more information. + Took contributions from Commerzbank AG to improve wallet history. Add a command to dump all object history for searching on to wallet-report, and add a new script for more detailed object history operations to the contrib directory. + Displays of ACLs and ACL entries are now sorted correctly. + Initial support for using Active Directory as the KDC for keytab creation. The interface to Active Directory uses a combination of direct LDAP queries and the msktutil utility. This version does |