Russ Allbery

Lintian

Lintian dissects Debian packages and reports bugs and policy violations. It contains automated checks for many aspects of Debian policy as well as some checks for common errors.

INN

InterNetNews is a complete Usenet system. The cornerstone of the package is innd, an NNTP server that multiplexes all I/O. Newsreading is handled by a separate server, nnrpd, that is spawned for each client. Both innd and nnrpd have some slight variances from the NNTP protocol.

pam-krb5

pam-krb5 is a Kerberos v5 PAM module for either MIT Kerberos or Heimdal. It supports ticket refreshing by screen savers, configurable authorization handling, authentication of non-local accounts for network services, password changing, and password expiration, as well as all the standard expected ... [More] PAM features. It works correctly with OpenSSH, even with ChallengeResponseAuthentication and PrivilegeSeparation enabled, and supports configuration either by PAM options or in krb5.conf or both. This is the package in Gentoo named sys-auth/pam_krb5. [Less]

remctl

remctl is a client/server application that supports remote execution of specific commands, using Kerberos v5 GSS-API for authentication. Authorization is controlled by a configuration file and ACL files and can be set separately for each command, unlike with rsh. remctl is like a ... [More] Kerberos-authenticated simple CGI server, or a combination of Kerberos rsh and sudo without most of the features and complexity of either. [Less]

Stanford WebAuth

WebAuth is a comprehensive system for authenticating web users, built on top of Apache 2.0. It relies on a login server (the WebKDC) to which users are redirected at their first attempt to access a protected web site and can use whatever initial authentication mechanism is convenient to establish ... [More] the user's identity. Once authenticated, the user can visit multiple protected sites without re-authenticating. Kerberos credential delegation is supported, as is user authorization based on entitlements in an LDAP directory. [Less]

pam-afs-session

pam-afs-session is a PAM module intended for use with a Kerberos v5 PAM module to obtain an AFS PAG and AFS tokens on login. It puts every new session in a PAG regardless of whether it was authenticated with Kerberos and either uses Heimdal's libkafs or runs a configurable external program to ... [More] obtain tokens. It supports using Heimdal's libkafs for the AFS interface and falls back to an internal implementation if libkafs isn't available. [Less]

kstart

k4start, k5start, and krenew are modified versions of kinit which add support for running as a daemon to maintain a ticket cache, running a command with credentials from a keytab and maintaining a ticket cache until that command completes, obtaining AFS tokens (via an external aklog) after obtaining ... [More] tickets, and creating an AFS PAG for a command. They are primarily useful in conjunction with long-running jobs; for moving ticket handling code out of servers, cron jobs, or daemons; and to obtain tickets and AFS tokens with a single command. [Less]

C TAP Harness

C TAP Harness is a pure-C implementation of TAP, the Test Anything Protocol. TAP is the text-based protocol used by Perl's test suite. This package provides a harness similar to Perl's Test::Harness for running tests, with some additional features useful for test suites in packages that ... [More] use Autoconf and Automake, and C and shell libraries to make writing TAP-compliant test programs easier. [Less]

Term::ANSIColor (Perl)

Term::ANSIColor provides constants and simple functions for sending ANSI text attributes, most notably colors. It can be used to set the current text attributes or to apply a set of attributes to a string and reset the current text attributes at the end of that string.

wallet

The wallet is a system for managing secure data, authorization rules to retrieve or change that data, and audit rules for documenting actions taken on that data. Objects of various types may be stored in the wallet or generated on request and retrieved by authorized users. The wallet tracks ACLs ... [More] , metadata, and trace information. It is built on top of the remctl protocol and uses Kerberos GSS-API authentication. One of the object types it supports is Kerberos keytabs, making it suitable as a user-accessible front-end to Kerberos kadmind with richer ACL and metadata operations. [Less]