diff options
| -rw-r--r-- | README | 99 |
1 files changed, 84 insertions, 15 deletions
@@ -3,10 +3,10 @@ Written by Russ Allbery <rra@stanford.edu> - Copyright 2006, 2007, 2008, 2009, 2010 Board of Trustees, Leland - Stanford Jr. University. This software is distributed under a BSD-style - license. Please see the file LICENSE in the distribution for more - information. + Copyright 2006, 2007, 2008, 2009, 2010, 2012, 2013 The Board of Trustees + of the Leland Stanford Junior University. This software is distributed + under a BSD-style license. Please see the section LICENSE below for + more information. BLURB @@ -42,16 +42,16 @@ DESCRIPTION infrastructure. Currently, the only ACL type supported matches a single Kerberos principal name, but this will be extended in future releases. - Currently, the object types supported are simple files and Kerberos - keytabs. By default, whenever a Kerberos keytab object is retrieved - from the wallet, the key is changed in the Kerberos KDC and the wallet - returns a keytab for the new key. However, a keytab object can also be - configured to preserve the existing keys when retrieved. Included in - the wallet distribution is a script that can be run via remctl on an MIT - Kerberos KDC to extract the existing key for a principal, and the wallet - system will use that interface to retrieve the current key if the - unchanging flag is set on a Kerberos keytab object for MIT Kerberos. - (Heimdal doesn't require any special support.) + Currently, the object types supported are simple files, Kerberos + keytabs, and WebAuth keyrings. By default, whenever a Kerberos keytab + object is retrieved from the wallet, the key is changed in the Kerberos + KDC and the wallet returns a keytab for the new key. However, a keytab + object can also be configured to preserve the existing keys when + retrieved. Included in the wallet distribution is a script that can be + run via remctl on an MIT Kerberos KDC to extract the existing key for a + principal, and the wallet system will use that interface to retrieve the + current key if the unchanging flag is set on a Kerberos keytab object + for MIT Kerberos. (Heimdal doesn't require any special support.) REQUIREMENTS @@ -252,7 +252,7 @@ CONFIGURATION remctld to run the wallet-backend program. Before setting up the wallet server, review the Wallet::Config - docuemntation (with man Wallet::Config or perldoc Wallet::Config). + documentation (with man Wallet::Config or perldoc Wallet::Config). There are many customization options, some of which must be set. You may also need to create a Kerberos keytab for the keytab object backend and give it appropriate ACLs, and set up keytab-backend and its remctld @@ -262,6 +262,38 @@ CONFIGURATION system krb5.conf file. For more information, see the CONFIGURATION section of the wallet client man page (man wallet). +SUPPORT + + The wallet web page at: + + http://www.eyrie.org/~eagle/software/wallet/ + + will always have the current version of this package, the current + documentation, and pointers to any additional resources. + + New releases of the wallet are announced on the kerberos@mit.edu mailing + list and discussion of the wallet (particularly the keytab components) + are welcome there. + + I welcome bug reports and patches for this package at rra@stanford.edu. + However, please be aware that I tend to be extremely busy and work + projects often take priority. I'll save your mail and get to it as soon + as I can, but it may take me a couple of months. + +SOURCE REPOSITORY + + The wallet is maintained using Git. You can access the current source + by cloning the repository at: + + git://git.eyrie.org/kerberos/wallet.git + + or view the repository on the web at: + + http://git.eyrie.org/?p=kerberos/wallet.git + + When contributing modifications, patches (possibly generated by + git-format-patch) are preferred to Git pull requests. + THANKS To Roland Schemers for the original idea that kicked off this project @@ -282,3 +314,40 @@ THANKS To Jon Robertson for the refactoring of Wallet::Kadmin, Heimdal support, many of the wallet server-side reports, and the initial wallet-rekey implementation. + +LICENSE + + The wallet distribution as a whole is covered by the following copyright + statement and license: + + Copyright 2006, 2007, 2008, 2009, 2010, 2012, 2013 + The Board of Trustees of the Leland Stanford Junior University + + Permission is hereby granted, free of charge, to any person obtaining + a copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to + permit persons to whom the Software is furnished to do so, subject to + the following conditions: + + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + All individual files without an explicit exception below are released + under this license. Some files may have additional copyright holders as + noted in those files. There is detailed information about the licensing + of each file in the LICENSE file in this distribution. + + Some files in this distribution are individually released under + different licenses, all of which are compatible with the above general + package license but which may require preservation of additional + notices. All required notices are preserved in the LICENSE file. |