| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2008-02-20 | Report the correct error message when addprinc fails while creating a | Russ Allbery | |
| keytab object. | |||
| 2008-02-13 | Release 0.8. | Russ Allbery | |
| 2008-02-13 | Remove the restriction that all object implementations must have class | Russ Allbery | |
| names of Wallet::Object::* and all ACL verifier implementations must have class names of Wallet::ACL::*. | |||
| 2008-02-13 | Update the design documentation to reflect the current protocol and | Russ Allbery | |
| implementation. | |||
| 2008-02-13 | wallet-admin now supports registering new object or ACL verifier | Russ Allbery | |
| implementations in the database. | |||
| 2008-02-12 | wallet-backend now supports a -q flag, which disables syslog logging. | Russ Allbery | |
| 2008-02-12 | Correctly handle get of an empty object in the wallet client. The | Russ Allbery | |
| empty string is valid object content. Add a full end-to-end test suite to catch protocol mismatches between the client and server, such as the one fixed in this release. | |||
| 2008-02-09 | Add file object support to the wallet server. | Russ Allbery | |
| 2008-02-08 | Wallet::Config and hence the wallet server now checks for the | Russ Allbery | |
| environment variable WALLET_CONFIG and loads configuration from the file specified there instead of /etc/wallet/wallet.conf if it is set. | |||
| 2008-02-08 | Fix the wallet client to use check instead of exists. | Russ Allbery | |
| 2008-02-08 | Release 0.7. | Russ Allbery | |
| 2008-02-07 | Include news message for previous commit. | Russ Allbery | |
| 2008-02-07 | Correctly enable syslog logging in wallet-backend. | Russ Allbery | |
| 2008-02-07 | The current version of Net::Remctl can't handle explicit undef or the | Russ Allbery | |
| empty string as a principal argument. Be careful not to provide a principal argument if no principal was set. This workaround can be removed once we depend on a later version of Net::Remctl. | |||
| 2008-02-07 | When creating a srvtab based on a just-downloaded keytab, extract the | Russ Allbery | |
| srvtab key before merging the keytab into an existing file. Otherwise, if the new keys had a lower kvno than the old keys (possible after deleting and recreating the object), the wrong key would be extracted for the srvtab. | |||
| 2008-02-06 | Check naming policy on wallet object creation before checking the | Russ Allbery | |
| default ACLs to avoid creating and stranding an ACL when the naming policy check fails. | |||
| 2008-02-05 | Fix the example remctl configuration for keytab-backend to use the | Russ Allbery | |
| correct script name. | |||
| 2008-02-01 | keytab-backend now passes kadmin.local ktadd its options in a specific | Russ Allbery | |
| order to satisfy the picky option parser. | |||
| 2008-01-28 | Release 0.6.release/0.6 | Russ Allbery | |
| 2008-01-28 | Minor NEWS updates for wallet-report and the new configure option. | Russ Allbery | |
| 2008-01-24 | Add a wallet-admin program which can initialize and destroy the | Russ Allbery | |
| database and list all objects and ACLs in the database. | |||
| 2008-01-19 | The wallet client now supports a -u option, saying to obtain Kerberos | Russ Allbery | |
| credentials for the given user and use those for authentication rather than using an existing ticket cache. | |||
| 2008-01-19 | Note that the file writing change is a security issue. | Russ Allbery | |
| 2008-01-19 | If -f is used and the output file name with ".new" appended already | Russ Allbery | |
| exists, unlink it first and then create it safely rather than truncating it. This is much safer when creating files in a world-writable directory. Also add documentation for keytab merging. | |||
| 2008-01-19 | When downloading a keytab to a file that already exists, merge the new | Russ Allbery | |
| keytab keys into that file rather than moving aside the old keytab and creating a new keytab with only the new keys. Also fix get handling in the client for all types other than keytabs. This isn't visible yet since the server doesn't yet support other types of objects. | |||
| 2008-01-17 | Support enforcing a naming policy for wallet objects via a Perl | Russ Allbery | |
| function in the wallet server configuration file. | |||
| 2008-01-17 | When getting a keytab with the client with no -f option, correctly | Russ Allbery | |
| write the keytab to standard output rather than dying with a cryptic error. | |||
| 2008-01-05 | The wallet client can now get the server, port, principal, and remctl | Russ Allbery | |
| type from krb5.conf as well as from compile-time defaults and command-line options. | |||
| 2008-01-04 | The build system now probes for GSS-API, Kerberos v5 and v4, and AFS | Russ Allbery | |
| libraries as necessary rather than hard-coding libraries. Building on systems without strong shared library dependencies and building against static libraries should now work. Building kasetkey (for AFS kaserver synchronization) is now optional and not enabled by default. Pass --with-afs to enable it. This allows wallet to be easily built in an environment without AFS. | |||
| 2007-12-07 | Release 0.5. | Russ Allbery | |
| 2007-12-07 | Check a default creation ACL first before the ADMIN ACL when deciding | Russ Allbery | |
| whether we can auto-create a non-existent ACL, since creating one with the ADMIN ACL doesn't create a useful object. Allow @ in wallet-backend arguments so that principal names can be passed in. | |||
| 2007-12-07 | Correctly implement the documented intention that setting an attribute | Russ Allbery | |
| to the empty string clears the attribute values. | |||
| 2007-12-07 | Allow the empty string in wallet-backend arguments. | Russ Allbery | |
| When writing to a file in the wallet client program, remove an old backup file before creating a new backup and don't fail if the backup already exists. | |||
| 2007-12-07 | Load the Perl modules for ACL verifiers and object types dynamically | Russ Allbery | |
| now that we're reading the class from the database. | |||
| 2007-12-06 | Fix the keytab principal validation regex to allow instances | Russ Allbery | |
| containing periods. Otherwise, it's hard to manage host keytabs. Add a missing test suite for that method. | |||
| 2007-12-06 | Release 0.4. | Russ Allbery | |
| 2007-12-05 | Various coding style fixes and cleanup based on a much-appreciated | Russ Allbery | |
| code audit by Simon Cozens. I didn't take all of his advise, and he shouldn't be blamed for any remaining issues. | |||
| 2007-12-05 | Maintain a global cache of ACL verifiers in Wallet::ACL and reuse them | Russ Allbery | |
| over the life of the process if we see another ACL line from the same scheme, rather than only reusing ACL verifiers within a single ACL. | |||
| 2007-12-05 | Determine the class for object and ACL schema implementations from the | Russ Allbery | |
| database rather than a hard-coded list and provide Wallet::Schema methods for adding new class mappings. Add a missing class mapping for the netdb ACL schema verifier. | |||
| 2007-12-04 | Add a subclass of the NetDB ACL verifier that requires the principal | Russ Allbery | |
| have an instance of "root" and strips that instance before checking NetDB roles. | |||
| 2007-12-04 | Update the release date for 0.3. | Russ Allbery | |
| 2007-12-01 | Release 0.3. | Russ Allbery | |
| 2007-12-01 | Add news entry for MySQL support. | Russ Allbery | |
| 2007-12-01 | Expiration dates are now expressed in YYYY-MM-DD HH:MM:SS instead of | Russ Allbery | |
| seconds since epoch and returned the same way. Timestamps are now stored in the database as correct date and time types rather than seconds since epoch to work properly with MySQL. | |||
| 2007-12-01 | The wallet backend test suite now supports using a database other than | Russ Allbery | |
| SQLite for testing. Also start a new Util.pm module for the test suite and move the contents sub into that module. More to follow. | |||
| 2007-11-20 | Attempt to create the object with a default owner on get and store | Russ Allbery | |
| when the object doesn't exist. | |||
| 2007-11-20 | Add support for running a user-defined function whenever an object is | Russ Allbery | |
| created by a non-ADMIN user and using the default owner ACL returned by that function provided that the calling user is authorized by that ACL. This permits dynamic creation of new objects based on a default owner ACL programmatically determined from the name of the object. | |||
| 2007-11-15 | Add an ACL verifier that checks access against NetDB roles using the | Russ Allbery | |
| NetDB remctl interface. | |||
| 2007-11-14 | The wallet backend script now logs all commands and errors to syslog. | Russ Allbery | |
| 2007-10-11 | Add an acl history function to the server backend and the client | Russ Allbery | |
| documentation and test it. Update NEWS and TODO for the completion of the history code. | |||
 |
index : krb5-wallet.git | |
| Unnamed repository; edit this file 'description' to name the repository. | www-data |
| summaryrefslogtreecommitdiff |