Release 0.5: - New co-maintainer, Olaf Flebbe - Support service accounts in addition to computer accounts - Add option to set the samba secret password - Add option ("--realm") to specify a custom realm - Various build fixes - Add support for clients behind a NAT firewall Release 0.4.2: - New co-maintainer, Mark Pröhl - Increase computer name character limit from 18 to 19 characters, matching AD's own limits. - Add option ("-N") to disable reverse lookups on DCs - Add option ("--old-account-password") to use the old computer account password to create a new keytab on a host. - Return the proper error code when krb5_change_password fails. - Better autodetection for krb5-config location. - Compatibility with autoconf >= 2.68. - Build fixes for Red Hat and Ubuntu. - Update documentation for single-DES and AFS. Release 0.4.1: - Ken Dreyer took over maintainance, based upon master at http://repo.or.cz/w/msktutil.git - Build fixes for Red Hat Release 0.4: - James Y Knight took over maintainance, based upon msktutil_0.3.16-7 downloaded from: http://download.systemimager.org/~finley/msktutil/ - Made most functionality work properly with only the machine account credentials. - Adds COMPUTERNAME$ to the keytab, and authenticates with that, so that setting userPrincipalName to host/COMPUTERNAME.DOMAIN@REALM isn't necessary. (since userPrincipalName isn't settable without admin perms) - Now attempts to authenticate with the default machine account password so that AD "reset account" is functional. - Gets the default LDAP OU to create new machines in from the magic GUID from AD, instead of assuming CN=Computers. - Added --precreate option to allow an administrator to script creation of accounts without touching a local keytab. - Added --auto-update for use from a crontab to auto-rotate password. - No longer attempts to disable password expiry by default: So note, you need to either run --auto-update from cron or else pass the (new) argument --dont-expire-password when creating the account. - Added --remove-service argument. - Fixed old kvno expiration policy so that it keeps old principals around in the keytab for a week, instead of just keeping the immediately-prior kvno. - Disabled use of DES keys by default. You will have to explicitly request them with --enctypes if you want them. - Removed --des-only option, you can use --enctypes if you really want to use single DES. (which, of course, you shouldn't, given that it's now 2010 and Single DES was known to be utterly broken for over 10 years by now!) - Fixed salting to lowercase the account name, as the AD server does. - Switched languages from C to C++. - Lots of other cleanup and various bugfixes. **** Changelog of non-packaging changes from previous releases: msktutil 0.3.16-7 * fix keytab bug in 0.3.16-6 -- Doug Engert <deengert@anl.gov> Fri, 17 Apr 2009 10:48:00 -0500 msktutil 0.3.16-6 * Work with W2008 without hotfix 951191 * SASL ssf varied depending on TLS to circumvent another W2008 bug * added --enctypes N where N is defind with W2008 http://msdn.microsoft.com/en-us/library/cc223853(PROT.10).aspx msDs-supportedEncrtptionTypes. 1=DES, 2=DES, 4=RC4, 8=AES128 16=AES256. N is sum of these. * Use /dev/urandom and 63 character password. * --verbose --verbose turns on LDAP debugging * #ifdef for use with Solairs LDAP * Cleanup of other ldap code and error handing * msktutil.interactive updated to work on Solaris and use msktutil from same directory. -- Doug Engert <deengert@anl.gov> Tue, 14 Apr 2009 11:16:53 -0500 msktutil (0.3.16-5) * Updated msktutil.interactive example script. -- Brian Elliott Finley <brian@thefinleys.com> Mon, 07 Aug 2006 16:59:24 -0500 msktutil (0.3.16-4) * Updated msktutil.interactive example script. -- Brian Elliott Finley <brian@thefinleys.com> Thu, 27 Jul 2006 16:31:17 -0500