User-Visible wallet Changes wallet 0.4 (unreleased) Maintain a global cache of ACL verifiers in Wallet::ACL and reuse them over the life of the process if we see another ACL line from the same scheme, rather than only reusing ACL verifiers within a single ACL. Add a subclass of the NetDB ACL verifier that requires the principal have an instance of "root" and strips that instance before checking NetDB roles. Determine the class for object and ACL schema implementations from the database rather than a hard-coded list and provide Wallet::Schema methods for adding new class mappings. Add a missing class mapping for the netdb ACL schema verifier. Various coding style fixes and cleanup based on a much-appreciated code audit by Simon Cozens. I didn't take all of his advise, and he shouldn't be blamed for any remaining issues. wallet 0.3 (2007-12-03) MySQL is now a supported database backend and the full test suite passes with MySQL. Add support for running a user-defined function whenever an object is created by a non-ADMIN user and using the default owner ACL returned by that function provided that the calling user is authorized by that ACL. This permits dynamic creation of new objects based on a default owner ACL programmatically determined from the name of the object. Attempt to create the object with a default owner on get and store when the object doesn't exist. Add support for displaying the history of objects and ACLs. Add an ACL verifier that checks access against NetDB roles using the NetDB remctl interface. The wallet backend script now logs all commands and errors to syslog. The keytab backend now supports limiting generated keytabs to particular enctypes by setting an attribute on the object. Expiration dates are now expressed in YYYY-MM-DD HH:MM:SS instead of seconds since epoch and returned the same way. Timestamps are now stored in the database as correct date and time types rather than seconds since epoch to work properly with MySQL. The wallet backend test suite now supports using a database other than SQLite for testing. wallet 0.2 (2007-10-08) First public alpha release. Only tested with SQLite 3, no history support, no object list support, and only keytab object and krb5 ACL support. wallet 0.1 (2007-03-08) Internal release containing only kasetkey, a stub client, and design documentation.