diff options
| -rw-r--r-- | LICENSE | 42 | ||||
| -rw-r--r-- | README | 40 | ||||
| -rw-r--r-- | client/wallet.1 | 2 | ||||
| -rw-r--r-- | contrib/wallet-summary.8 | 2 | ||||
| -rw-r--r-- | server/keytab-backend.8 | 2 | ||||
| -rw-r--r-- | server/wallet-admin.8 | 2 | ||||
| -rw-r--r-- | server/wallet-backend.8 | 2 | ||||
| -rw-r--r-- | server/wallet-report.8 | 2 | ||||
| -rw-r--r-- | tests/client/basic-t.in | 2 |
9 files changed, 51 insertions, 45 deletions
@@ -1,7 +1,7 @@ The wallet package as a whole is: - Copyright 2006, 2007, 2008 Board of Trustees, Leland Stanford Jr. - University. All rights reserved. + Copyright 2006, 2007, 2008, 2009, 2010 Board of Trustees, Leland + Stanford Jr. University. All rights reserved. and released under the following license: @@ -28,10 +28,10 @@ files. Collected copyright notices for the entire package: Copyright 1994, 1998, 1999, 2000, 2002, 2003, 2004, 2005, 2006, 2007, - 2008 Board of Trustees, Leland Stanford Jr. University - Copyright 2000, 2001, 2004, 2006, 2007, 2008 + 2008, 2009, 2010 Board of Trustees, Leland Stanford Jr. University + Copyright 2000, 2001, 2004, 2006, 2007, 2008, 2009 Russ Allbery <rra@stanford.edu> - Copyright 2004, 2005, 2006, 2007 + Copyright 2004, 2005, 2006, 2007, 2008, 2009 by Internet Systems Consortium, Inc. ("ISC") Copyright 1991, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003 by The Internet Software Consortium and Rich Salz @@ -42,18 +42,25 @@ Collected copyright notices for the entire package: Copyright 1998 Andrew Tridgell <tridge@samba.org> Copyright 2000, 2005 Hrvoje Niksic <hniksic@xemacs.org> Copyright 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, - 2002, 2003, 2004, 2005, 2006, 2007, 2008 + 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc. Copyright 1994 X Consortium +The files portable/asprintf.c, portable/dummy.c, portable/macros.h, +portable/stdbool.h, portable/strlcat.c, portable/strlcpy.c, +portable/uio.h, and util/concat.c have been placed in the public domain by +their author. + The files tests/libtest.c, tests/libtest.h, tests/portable/snprintf-t.c, tests/portable/strlcat-t.c, tests/portable/strlcpy-t.c, tests/util/concat-t.c, tests/util/messages-t.c, tests/util/xmalloc-t, and tests/util/xmalloc.c are released under the following copyright and license: - Copyright 2008 Board of Trustees, Leland Stanford Jr. University - Copyright (c) 2004, 2005, 2006, 2007 + Copyright 2009 Russ Allbery <rra@stanford.edu> + Copyright 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 + Board of Trustees, Leland Stanford Jr. University + Copyright (c) 2004, 2005, 2006, 2007, 2008, 2009 by Internet Systems Consortium, Inc. ("ISC") Copyright (c) 1991, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003 by The Internet Software Consortium and Rich Salz @@ -73,11 +80,6 @@ license: ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -The files portable/asprintf.c, portable/dummy.c, portable/macros.h, -portable/stdbool.h, portable/strlcat.c, portable/strlcpy.c, -portable/uio.h, and util/concat.c have been placed in the public domain by -their author. - The file portable/snprintf.c is released under the following license: This code is based on code written by Patrick Powell (papowell@astart.com) @@ -87,7 +89,7 @@ The file portable/snprintf.c is released under the following license: The file tests/runtests.c is released under the following copyright and license: - Copyright 2000, 2001, 2004, 2006, 2007, 2008 + Copyright 2000, 2001, 2004, 2006, 2007, 2008, 2009 Russ Allbery <rra@stanford.edu> Permission is hereby granted, free of charge, to any person obtaining a @@ -113,7 +115,7 @@ The files Makefile.in and aclocal.m4 are generated by GNU Automake and released under the following copyright and license: Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, - 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. + 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc. This file is free software; the Free Software Foundation gives unlimited permission to copy and/or distribute it, with or without modifications, as long as this notice is preserved. @@ -127,16 +129,16 @@ The file configure is generated by GNU Autoconf and is released under the following copyright and license: Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, - 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc. - This configure script is free software; the Free Software Foundation - gives unlimited permission to copy, distribute and modify it. + 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, + Inc. This configure script is free software; the Free Software + Foundation gives unlimited permission to copy, distribute and modify it. The files build-aux/compile, build-aux/depcomp, and build-aux/missing are taken from GNU Automake and are released under the following copyright and license: - Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006 - Free Software Foundation, Inc. + Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006, + 2007, 2008, 2009 Free Software Foundation, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the @@ -45,14 +45,16 @@ DESCRIPTION infrastructure. Currently, the only ACL type supported matches a single Kerberos principal name, but this will be extended in future releases. - Currently, the only object type supported is a Kerberos keytab. By - default, whenever a Kerberos keytab object is retrieved from the wallet, - the key is changed in the Kerberos KDC and the wallet returns a keytab - for the new key. However, also included in the wallet distribution is a - script that can be run via remctl on the Kerberos KDC to extract the - existing key for a principal, and the wallet system will use that - interface to retrieve the current key if the unchanging flag is set on a - Kerberos keytab object. + Currently, the object types supported are simple files and Kerberos + keytabs. By default, whenever a Kerberos keytab object is retrieved + from the wallet, the key is changed in the Kerberos KDC and the wallet + returns a keytab for the new key. However, a keytab object can also be + configured to preserve the existing keys when retrieved. Included in + the wallet distribution is a script that can be run via remctl on an MIT + Kerberos KDC to extract the existing key for a principal, and the wallet + system will use that interface to retrieve the current key if the + unchanging flag is set on a Kerberos keytab object for MIT Kerberos. + (Heimdal doesn't require any special support.) REQUIREMENTS @@ -90,15 +92,15 @@ REQUIREMENTS to create, modify, and delete principals from the KDC (as configured in kadm5.acl on an MIT Kerberos KDC). - To support the unchanging flag on keytab objects, the Net::Remctl Perl - module (shipped with remctl) must be installed on the server and the - keytab-backend script must be runnable via remctl on the KDC. This - script also requires an MIT Kerberos kadmin.local binary that supports - the -norandkey option to ktadd. This option will be included in MIT - Kerberos 1.7 and later. + To support the unchanging flag on keytab objects with an MIT Kerberos + KDC, the Net::Remctl Perl module (shipped with remctl) must be installed + on the server and the keytab-backend script must be runnable via remctl + on the KDC. This script also requires an MIT Kerberos kadmin.local + binary that supports the -norandkey option to ktadd. This option is + included in MIT Kerberos 1.7 and later. To support the NetDB ACL verifier (only of interest at sites using NetDB - to manage DNS), the Net::Remctl Perl module must be installed on the + to manage DNS), the Net::Remctl Perl module must be installed on the server. To run the test suite, you must have Perl 5.8 or later and the Perl DBI @@ -114,10 +116,10 @@ REQUIREMENTS checked. The full test suite also requires the Test::Pod Perl module (available from CPAN), that remctld be installed and available on the user's path or in /usr/local/sbin or /usr/sbin, that test cases can run - services on and connect to ports 14373 and 14444 on 127.0.0.1, and that - kinit and kvno (which come with Kerberos) be installed and available on - the user's path. The full test suite also requires a local keytab and - some additional configuration. + services on and connect to port 14373 on 127.0.0.1, and that kinit and + either kvno or kgetcred (which come with Kerberos) be installed and + available on the user's path. The full test suite also requires a local + keytab and some additional configuration. To bootstrap from a Git checkout, or if you change the Automake files and need to regenerate Makefile.in, you will need Automake 1.11 or diff --git a/client/wallet.1 b/client/wallet.1 index 1b25ec9..5d5a8bf 100644 --- a/client/wallet.1 +++ b/client/wallet.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "WALLET 1" -.TH WALLET 1 "2010-02-20" "0.10" "wallet" +.TH WALLET 1 "2010-02-21" "0.10" "wallet" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/contrib/wallet-summary.8 b/contrib/wallet-summary.8 index 088f307..b857d48 100644 --- a/contrib/wallet-summary.8 +++ b/contrib/wallet-summary.8 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "WALLET-SUMMARY 8" -.TH WALLET-SUMMARY 8 "2010-02-20" "0.10" "wallet" +.TH WALLET-SUMMARY 8 "2010-02-21" "0.10" "wallet" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/server/keytab-backend.8 b/server/keytab-backend.8 index 9dd4e76..41f9a89 100644 --- a/server/keytab-backend.8 +++ b/server/keytab-backend.8 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "KEYTAB-BACKEND 8" -.TH KEYTAB-BACKEND 8 "2010-02-20" "0.10" "wallet" +.TH KEYTAB-BACKEND 8 "2010-02-21" "0.10" "wallet" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/server/wallet-admin.8 b/server/wallet-admin.8 index 4d262dc..8e1ad12 100644 --- a/server/wallet-admin.8 +++ b/server/wallet-admin.8 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "WALLET-ADMIN 8" -.TH WALLET-ADMIN 8 "2010-02-20" "0.10" "wallet" +.TH WALLET-ADMIN 8 "2010-02-21" "0.10" "wallet" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/server/wallet-backend.8 b/server/wallet-backend.8 index 4369ba4..2283da0 100644 --- a/server/wallet-backend.8 +++ b/server/wallet-backend.8 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "WALLET-BACKEND 8" -.TH WALLET-BACKEND 8 "2010-02-20" "0.10" "wallet" +.TH WALLET-BACKEND 8 "2010-02-21" "0.10" "wallet" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/server/wallet-report.8 b/server/wallet-report.8 index 147617a..106f47d 100644 --- a/server/wallet-report.8 +++ b/server/wallet-report.8 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "WALLET-REPORT 8" -.TH WALLET-REPORT 8 "2010-02-20" "0.10" "wallet" +.TH WALLET-REPORT 8 "2010-02-21" "0.10" "wallet" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/tests/client/basic-t.in b/tests/client/basic-t.in index 1ae3a70..86e24d5 100644 --- a/tests/client/basic-t.in +++ b/tests/client/basic-t.in @@ -46,8 +46,10 @@ fi # Test setup. kerberos_setup if [ $? != 0 ] ; then + rm krb5.conf skip_all 'Kerberos tests not configured' elif [ -z '@REMCTLD@' ] ; then + rm krb5.conf skip_all 'No remctld found' else plan 36 |