| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
Move options up with other keytab backend options except for the
bucket for keytabs, which does belong in the section on retrieving
existing keytabs.
|
|
|
|
* Make sure userPrincipalName is created for all keytabs and use it to
search for entries in AD.
* Allow the creation of any service principal. This requires making
sure that the cn used to create AD entries for service accounts not
be any longer than 20 characters.
|
|
* This ad-keytab is useful in the initial setup of AD as a keytab
store for wallet.
* Change configuration variables to correctly reflect that some values
are relative distinguished names.
* Add a configuration variable for the base distinguished name for
ActiveDirectory.
|
|
|
|
The versions of all of the wallet Perl modules now match the overall
package version except for Wallet::Schema, which is used to version
the database schema.
Import the test from rra-c-util 5.10 and exclude Wallet::Schema from
the tests.
Go through all Perl modules and standardize the syntax for setting the
version and indicating the required version of Perl. Fix a few other
syntax issues while I'm in there.
|
|
|
|
Also remove some configuration checks that aren't required, and
unify handling of some configuration options.
|
|
This requires changing the ACL verifier plumbing to pass object
type and name all the way through when verifying ACLs. Hopefully
I caught everything.
|
|
A new ACL type, external (Wallet::ACL::External), is now supported.
This ACL runs an external command to check if access is allowed, and
passes the principal and the ACL identifier to that command. To
enable this ACL type for an existing wallet database, use wallet-admin
to register the new verifier.
Change-Id: I21b72b4373eefc92985aca1505e2d1a1ec699602
|
|
"wallet-report objects host <hostname>" reports on all objects that
belong to the given host. This can be used to query things for retiring
systems.
Change-Id: Ib1c8e5978fed141d54ecc8504b56b43c037f9b17
|
|
The password type inherits almost everything from the file object, but
if you try to get a password object that has never been stored, we
generate a random string to put in the object rather than just
erroring out. The maximum and minimum length of the string can be set
in the wallet config.
If a password object was stored earlier and then cleared out, we don't
generate another random string.
Change-Id: I17a65ca7dac9d4430e8a731f417297890ee612bb
|
|
Change-Id: I818be125f3195316b44e650ba6e05b8e0b831ea6
|
|
Fix strictness issues across the whole code base, and ensure that
all Perl scripts enable warnings. (Hopefully enabling warnings
won't cause problems for the server.)
Change-Id: I4dee49f7a6bcbeeee21d74bf61a1fd26514f832c
Reviewed-on: https://gerrit.stanford.edu/1532
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
The wallet server now requires Perl 5.8 or later (instead of 5.006 in
previous versions) and is now built with Module::Build instead of
ExtUtils::MakeMaker. This should be transparent to anyone not working
with the source code, since Perl 5.8 was released in 2002, but
Module::Build is now required to build the wallet server. It is
included in some versions of Perl, or can be installed separately from
CPAN, distribution packages, or other sources.
Also reorganize the test suite to use subdirectories.
Change-Id: Id06120ba2bad1ebbfee3d8a48ca2f25869463165
Reviewed-on: https://gerrit.stanford.edu/1530
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
