Fred
has posted a diary entry, so I suppose I'd better post one
too! I've been busy preparing for my final year
recital. One of
the interesting projects has been integrating support for
Apple's proprietary keychain technology into PAM. The
keychain lets you lock arbitary passwords (for applications,
websites, etc) under one password: it's one of the more
practical solutions to single-sign. (I would, of course,
prefer the entire world to use Kerberos, but...) Anyway, the
PAM integration lets you use the "use_mapped_pass" and
"try_mapped_pass" options specified in the original PAM RFC
to indicate that a module should retrieve (or attempt to
retrieve, respectively) a user's authentication token from
the keychain. There's also a pam_keychain module which
unlocks the keychain at logon time.
nss_ldap-122 fixes a race condition and a few other bugs.
More exciting is that the IRS support has finally been
exercised, which means support for BSDI, FreeBSD and (believe
it or not) AIX. I didn't even know that AIX had something
akin to the Nameservice Switch (I think it's supposed to look
to the end-user like NSS, even though the underlying
implementation is the BIND IRS), so it's pretty cool when
someone sends you patches to get it work. And, pam_ldap-77 fixes a
few bugs, such as proper support for NDS password changing.
Users of this software seem to be using Bugzilla so I've been addressing some
of those bugs, too.
Other than that, not much to report in the Open Source
department.