| Age | Commit message (Collapse) | Author |
|---|
|
projects.
The configure option requesting AFS kaserver support (and thus
building kasetkey) is now --with-kaserver instead of --with-afs.
If KRB5_CONFIG was explicitly set in the environment, don't use a
different krb5-config based on --with-krb4 or --with-krb5. If
krb5-config isn't executable, don't use it. This allows one to
force library probing by setting KRB5_CONFIG to point to a
nonexistent file.
Sanity-check the results of krb5-config before proceeding and error
out in configure if they don't work.
Stop setting Stanford-specific compile-time defaults for the wallet
server and port.
|
|
library and start the transition of coding style.
|
|
empty string is valid object content.
Add a full end-to-end test suite to catch protocol mismatches between
the client and server, such as the one fixed in this release.
|
|
|
|
states whether a given object exists and the second attempts to create
the object using the default owner rules. Remove default owner
handling from the create interface, which is now for administrators
only. Remove server-side auto-creation of objects on get or store and
instead have the client check for object existence and call autocreate
if necessary. This removes confusion between default ACLs and
administrative object creation for users who are also on the ADMIN
ACL.
|
|
default ACLs. Remove autocreation support from create, which now
requires that one be on the ADMIN ACL, and from get and store. The
wallet client will soon know how to do the right thing.
|
|
already exists.
|
|
srvtab key before merging the keytab into an existing file.
Otherwise, if the new keys had a lower kvno than the old keys
(possible after deleting and recreating the object), the wrong key
would be extracted for the srvtab.
|
|
|
|
credentials for the given user and use those for authentication rather
than using an existing ticket cache.
|
|
exists, unlink it first and then create it safely rather than
truncating it. This is much safer when creating files in a
world-writable directory.
Also add documentation for keytab merging.
|
|
keytab keys into that file rather than moving aside the old keytab and
creating a new keytab with only the new keys.
Also fix get handling in the client for all types other than keytabs.
This isn't visible yet since the server doesn't yet support other types
of objects.
|
|
write the keytab to standard output rather than dying with a cryptic
error.
|
|
|
|
configuration working yet.
|
|
type from krb5.conf as well as from compile-time defaults and
command-line options.
|
|
When writing to a file in the wallet client program, remove an old
backup file before creating a new backup and don't fail if the backup
already exists.
|
|
|
|
|
|
seconds since epoch and returned the same way. Timestamps are now
stored in the database as correct date and time types rather than
seconds since epoch to work properly with MySQL.
|
|
documentation and test it. Update NEWS and TODO for the completion of
the history code.
|
|
documentation. Fix a variety of other problems with the documentation of
the ACLs used and add mentions of getattr and setattr to a few places
where they were missing.
|
|
of the enctypes attribute when the unchanging flag is set.
|
|
that the enctype must be in the database in the keytab object API
documentation.
The README and NEWS files are now done.
|
|
|
|
|
|
|
|
|
|
and license statements in all files. Make sure that some files that were
missing copyright information now have them. Reference LICENSE rather
than README in all notices.
|
|
just attr to match the actual API.
|
|
object when get is called with the -S flag.
|
|
|
|
expansion. Use the fine-grained remctl API instead of the simple one
since in some cases we'll be running multiple commands.
|
|
so that the srvtab and keytab management can share it. Write atomically
to a new file and then link and rename to do an atomic update. Leave a
backup copy of any file that's replaced.
|
|
|
|
additional work and cleanup, particularly support for the sync attribute.
|
|
document them in the user documentation.
|
|
Document locked flag issues when implementing a new object type.
|
|
|
|
Wallet::Server method.
|
|
|
|
|
|
|
|
get and show and pass all commands on to the server. Instead, only
special-case get to write its output to a different location.
|
|
test. Display show output to standard out instead of writing it to a
keytab file. NULL-terminate the commands passed to the server. Don't
constrain the object type to be keytab.
|
|
|
