diff options
| author | Russ Allbery <rra@stanford.edu> | 2010-03-08 10:57:43 -0800 |
|---|---|---|
| committer | Russ Allbery <rra@stanford.edu> | 2010-03-08 10:57:43 -0800 |
| commit | bc74e98546f6d291c8b4fde55d2d3b62ac876831 (patch) | |
| tree | 4810b8a40368d84cc11e18a07fb2401c85314b7c /NEWS | |
| parent | 98ba541f3b5e3d63604d29412847ec4d807e8e16 (diff) | |
| parent | 602ff7584d3668c36b1bf5fd43988e6f45eceb48 (diff) | |
Merge commit 'upstream/0.11' into debian
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 30 |
1 files changed, 30 insertions, 0 deletions
@@ -1,5 +1,35 @@ User-Visible wallet Changes +wallet 0.11 (2010-03-08) + + When deleting an ACL on the server, verify that the ACL is not + referenced by any object first. Database referential integrity should + also catch this, but not all database backends may enforce referential + integrity. This also allows us to return a better error message + naming an object that's still using that ACL. + + Wallet::Config now supports an additional local function, + verify_acl_name, which can be used to enforce ACL naming policies. If + set, it is called for any ACL creation or rename and can reject the + new ACL name. + + Add an audit command to wallet-report and two audits: acls name, which + returns all ACLs that do not pass the local naming policy, and objects + name, which does the same for objects. The corresponding + Wallet::Report method is audit(). + + Add the acls unused report to wallet-report and Wallet::Report, + returning all ACLs not referenced by any database objects. + + Wallet::Config::verify_name may now be called with an undefined third + argument (normally the user attempting to create an object). This + calling convention is used when auditing, and the local policy + function should select the correct policy to apply for useful audit + results. + + Fix portability to older Kerberos libraries without + krb5_free_error_message. + wallet 0.10 (2010-02-21) Add support for Heimdal KDCs as well as MIT Kerberos KDCs. There is |