diff options
| author | Russ Allbery <eagle@eyrie.org> | 2018-06-03 16:58:02 -0700 |
|---|---|---|
| committer | Russ Allbery <eagle@eyrie.org> | 2018-06-03 16:58:02 -0700 |
| commit | edf31eba414d9a105791c076fb1444a78d210dff (patch) | |
| tree | 2bac18fa3b71593e616061a0fbcbfdd6ab26a255 /docs/metadata/requirements | |
| parent | 4b3f858ef567c0d12511e7fea2a56f08f2729635 (diff) | |
| parent | 68c4b05c268cd6e358cc41c8feb44bc2c7fcb898 (diff) | |
New upstream version 1.4
Diffstat (limited to 'docs/metadata/requirements')
| -rw-r--r-- | docs/metadata/requirements | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/docs/metadata/requirements b/docs/metadata/requirements new file mode 100644 index 0000000..b82a52c --- /dev/null +++ b/docs/metadata/requirements @@ -0,0 +1,57 @@ +The wallet client requires the C +[remctl](https://www.eyrie.org/~eagle/software/remctl/) client library and +a Kerberos library. It will build with either MIT Kerberos or Heimdal. + +The wallet server is written in Perl and requires Perl 5.8.0 or later plus +the following Perl modules: + +* Date::Parse (part of the TimeDate distribution) +* DBI +* DBIx::Class +* Module::Build +* SQL::Translator + +You will also need a DBD Perl module for the database backend that you +intend to use, and the DateTime::Format::* module corresponding to that +DBD module (such as DateTime::Format::SQLite or DateTime::Format::PG). + +Currently, the server has only been tested against SQLite 3, MySQL 5, and +PostgreSQL, and prebuilt SQL files (for database upgrades) are only +provided for those servers. It will probably not work fully with other +database backends. Porting is welcome. + +The wallet server is intended to be run under `remctld` and use `remctld` +to do authentication. It can be ported to any other front-end, but doing +so will require writing a new version of `server/wallet-backend` that +translates the actions in that protocol into calls to the Wallet::Server +Perl object. + +The keytab support in the wallet server supports Heimdal and MIT Kerberos +KDCs and has experimental support for Active Directory. The Heimdal +support requires the Heimdal::Kadm5 Perl module. The MIT Kerberos support +requires the MIT Kerberos `kadmin` client program be installed. The +Active Directory support requires the Net::LDAP, Authen::SASL, and +IPC::Run Perl modules and the `msktutil` client program. + +To support the unchanging flag on keytab objects with an MIT Kerberos KDC, +the Net::Remctl Perl module (shipped with remctl) must be installed on the +server and the `keytab-backend` script must be runnable via remctl on the +KDC. This script also requires an MIT Kerberos `kadmin.local` binary that +supports the `-norandkey` option to `ktadd`. This option is included in +MIT Kerberos 1.7 and later. + +The WebAuth keyring object support in the wallet server requires the +WebAuth Perl module from WebAuth 4.4.0 or later. + +The Duo integration object support in the wallet server requires the +Net::Duo, JSON, and Perl6::Slurp Perl modules. + +The password object support in the wallet server requires the +Crypt::GeneratePassword Perl module. + +The LDAP attribute ACL verifier requires the Authen::SASL and Net::LDAP +Perl modules. This verifier only works with LDAP servers that support +GSS-API binds. + +The NetDB ACL verifier (only of interest at sites using NetDB to manage +DNS) requires the Net::Remctl Perl module. |