diff options
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 37 | 
1 files changed, 35 insertions, 2 deletions
| @@ -2,10 +2,33 @@  wallet 1.3 (unreleased) +    A new ACL type, nested (Wallet::ACL::Nested), is now supported.  The +    identifier of this ACL names another ACL, and access is granted if +    that ACL would grant access.  This lets one combine multiple other +    ACLs and apply the union to an object.  To enable this ACL type for an +    existing wallet database, use wallet-admin to register the new +    verifier. + +    A new ACL type, external (Wallet::ACL::External), is now supported. +    This ACL runs an external command to check if access is allowed, and +    passes the principal and the ACL identifier to that command.  To +    enable this ACL type for an existing wallet database, use wallet-admin +    to register the new verifier. + +    A new variation on the ldap-attr ACL type, ldap-attr-root +    (Wallet::ACL::LDAP::Attribute::Root), is now supported.  This is +    similar to netdb-root (compared to netdb): the authenticated principal +    must end in /root, and the LDAP entry checked will be for the same +    principal without the /root component.  This is useful for limiting +    access to certain privileged objects to Kerberos root instances.  To +    enable this ACL type for an existing wallet database, use wallet-admin +    to register the new verifier. +      A new object type, password (Wallet::Object::Password), is now      supported.  This is a subclass of the file object that will randomly      generate content for the object if you do a get before storing any -    content inside it. +    content inside it.  To enable this object type for an existing +    database, use wallet-admin to register the new object.      Add a new command to wallet-backend, update.  This will update the      contents of an object before running a get on it, and is only valid @@ -17,7 +40,8 @@ wallet 1.3 (unreleased)      warrants.      Add an acl replace command, to change all objects owned by one ACL to -    be owned by another. +    be owned by another.  This currently only handles owner, not any of +    the more specific ACLs.      All ACL operations now refer to the ACL by name rather than ID. @@ -25,11 +49,20 @@ wallet 1.3 (unreleased)      help for the existing unused report that implied it showed unstored as      well as unused. +    Add reports that list all object types (types) and all ACL schemes +    (schemes) currently registered in the wallet database. + +    Add a report of all ACLs that nest a given ACL.  This requires some +    additional local configuration (and probably some code).  See +    Wallet::Config for more information. +      Took contributions from Commerzbank AG to improve wallet history.  Add      a command to dump all object history for searching on to      wallet-report, and add a new script for more detailed object history      operations to the contrib directory. +    Displays of ACLs and ACL entries are now sorted correctly. +      Initial support for using Active Directory as the KDC for keytab      creation.  The interface to Active Directory uses a combination of      direct LDAP queries and the msktutil utility.  This version does | 
