wallet To-Do List Required to replace leland_srvtab: * Write a test suite for the sanity checking in wallet-backend and keytab-backend. * Add an ACL list function to display an ACL in human-readable form and call it from wallet-backend. * Display ACL details when displaying objects. * Write new files atomically in the wallet client and save backups unless told not to (write to file.new, link the old file to file.old, and do an atomic rename). * Implement creation of srvtabs from keytabs in the wallet client. * Add kasetkey support to the keytab object backend. * Implement flag setting and retrieval. * Implement support for the unchanging flag on keytabs and the backend remctl calls to retrieve the existing keytab. * Implement the locked flag. * Write the remctl configuration and finish Debian packaging of the wallet client and server. Future work: * Provide some way of getting at the history tables. Need to get object and ACL history either by object or for all objects, at least. * Log all actions to syslog. * Write the NetDB ACL verifier. * Write the LDAP entitlement ACL verifier. * Write the PTS ACL verifier. * Add a help function to wallet-backend listing the commands. * Support displaying and possibly specifying dates in some format more normal than seconds since epoch. * Log failures in the wallet-backend properly, which also requires catching all exceptions. * Implement default ACL policy to allow dynamic object creation on first request for keytabs. * Implement special handling for keytabs in the wallet client. * Use the class names in the database tables when loading object and ACL verifier implementations. * Error messages from ACL operations should refer to the ACLs by name instead of by ID. * The ACL implementation is currently rather inefficient for ACL verifiers that need to maintain state (such as LDAP binds). Now they're created and destroyed when verifying each ACL. We need to somehow return global verifiers, probably through a factory implementation. * There is a lot of duplicate code in wallet-backend. Convert that to use some sort of data-driven model with argument count and flags so that the method calls can be written only once. * There's a lot of code duplication in the dispatch functions in the Wallet::Server class. Find a way to rewrite that so that the dispatch doesn't duplicate the same code patterns. * Remove the hard-coded ADMIN ACL in the server with something more configurable, perhaps a global ACL table or something. * Add the database schema version to a global table so that we can use it to support schema upgrades in the future. * Write a wallet-admin program to provide an interface to things like database initialization and, eventually, upgrades. * Add a function to wallet-admin to purge expired entries. Possibly also check expiration before allowing anyone to get or store objects. * Compiling kasetkey should be optional and probably not enabled by default. * Add a comment field for objects that can be set by the owner. * Add details to design-api on how to write one's own ACL verifiers and object implementations. * Add readline support to the wallet client to make it easier to issue multiple commands. * The keytab backend currently only supports MIT Kerberos. Add support for Heimdal. * The wallet-backend and wallet documentation share the COMMANDS section. Work out some means to assemble the documentation without duplicating content.