blob: e97c03490f5433ca0380dfab6b3ab0c53d539fa3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
Krb5-auth-dialog is a tray applet for the [GNOME](http://gnome.org) Desktop that monitors [Kerberos](http://web.mit.edu/kerberos/www/) tickets.
[[!toc ]]
### Features
* It can alert the user via [notifications](http://www.galago-project.org/specs/notification/) when the ticket is about to expire
* Renewable tickets are being refreshed automatically
* Tickets can be acquired/refreshed at any time by clicking on the tray icon
* The ticket cache can be removed via the context menu
* A [DBus][] API for applications to acquire a Kerberos ticket and to remove the credentials cache is provided. [virt-manager][] is using this and [here](http://honk.sigxcpu.org/unsorted-patches/offlineimap_acquire-tgt.diff)'s a patch for [offlineimap][].
* [DBus][] signals notify applications about acquired, renewed and expired tickets. This can be used to e.g. run [aklog](http://docs.openafs.org/Reference/1/aklog.html) via this [example](http://git.gnome.org/browse/krb5-auth-dialog/commit/?id=c374a7f8dbe6ef40c65752e3f35635d50d6b9260).
* It supports PKinit (e.g. via SmartCard) when built against [Heimdal](http://h5l.org).
* Current tickets in the credential cache can be listed.
* It can be extended using [plugins](http://git.gnome.org/browse/krb5-auth-dialog/tree/plugins/ka-plugin-dummy.c). This can be used to extend krb5-auth-dialog to e.g. handle things like [kx509](https://bugzilla.gnome.org/show_bug.cgi?id=347034). A plugin to acquire AFS tickets is available as well as a sample plugin.
<a href="http://flattr.com/thing/48094/krb5-auth-dialog" target="_blank">
<img src="https://api.flattr.com/button/button-compact-static-100x17.png" alt="Flattr this" title="Flattr this" border="0" /></a>
### Source Code
The source code is available and browseable via [GNOMEs GIT](http://git.gnome.org/cgit/krb5-auth-dialog/):
git clone git://git.gnome.org/krb5-auth-dialog
### Releases
Releases are availale from [download.gnome.org](http://download.gnome.org/sources/krb5-auth-dialog/). The current stable release is [0.17](http://download.gnome.org/sources/krb5-auth-dialog/0.17/).
### Debian Packages
Debian packges are available from [debian.org](http://packages.debian.org/search?keywords=krb5-auth-dialog).
### Screenshots
The tray icon can be seen [here](http://honk.sigxcpu.org/con/krb5_auth_dialog_updates.html) and [here](http://honk.sigxcpu.org/con/krb5_auth_dialog__new_icon.html). Below are pictures of the password and preferences dialogs:
<div class="screenshots">
[[!img pwdialog.png size="x150" alt="password dialog"]]
[[!img prefs.png size="x150" alt="preferences dialog"]]
</div>
### Plugins
There are currently three plugins available:
* dummy - example plugin
* pam - invoke PAM modules
* afs - call aklog or afslog
### Todo
* Add gnome keyring support ([567701](http://bugzilla.gnome.org/show_bug.cgi?id=567701))
* Remove all wakeups, rely on our gio watch of the ticket cache
* Add cache version, etc. to ticket dialog
* Add fast principal switching
* Let more applications use the DBUS API to make Kerberos a smooth experience on the desktop:
* [libsoup](https://bugzilla.gnome.org/show_bug.cgi?id=587145) - used by nautilus and evolution for calendars
* [Thunderbird](https://bugzilla.mozilla.org/show_bug.cgi?id=524698)
* Evolution IMAP and SMTP
* ssh client
#### GNOME 3 Readiness
##### GNOME-Shell integration
Better integration into gnome-shell would be nice:
* We could spare the tray icon if the user has a valid ticket and only show it if the ticket is about to expire/expited.
* The functions like "List tickets" and "Acquire ticket" would then need to be added to the "Account information..." (gnome-about-me) or similar in gnome-shell.
##### GNOME Goals
Status of current [Gnome goals][] in krb5-auth-dialog:
* [Deprecated GLib symbols][] - done
* [Deprecated Gtk+ symbols][] - done
* [Clean up GLib and GTK+ includes][] - done
* [Use GtkBuilder instead of libglade][] - done
* [Use a correct Generic Name][] - done
* [Add GObject Introspection Support][] - TBD
* [Use GSeal][] - done
* [Migrate to GSettings / dconf][] - TBD
* [Migrate to GDBus][] - TBD
### Authors
krb5-auth-dialog was originally written by Christopher Aillon and is now maintained by Guido Günther <<agx@sigxcpu.org>>.
### License
krb5-auth-dialog is free software and licensed under the GPL Version 2.
[DBus]: http://dbus.freedesktop.org/
[offlineimap]: http://software.complete.org/software/projects/show/offlineimap
[virt-manager]: http://virt-manager.et.redhat.com/
[Gnome goals]: http://live.gnome.org/GnomeGoals
[Deprecated Glib symbols]: http://live.gnome.org/GnomeGoals/RemoveDeprecatedSymbols/Glib
[Deprecated Gtk+ symbols]: http://live.gnome.org/GnomeGoals/RemoveDeprecatedSymbols/GTK%2B
[Use GtkBuilder instead of libglade]: http://live.gnome.org/GnomeGoals/RemoveLibGladeUseGtkBuilder
[Use GSeal]: http://live.gnome.org/GnomeGoals/UseGseal
[Clean up GLib and GTK+ includes]: http://live.gnome.org/GnomeGoals/CleanupGTKIncludes
[Add GObject Introspection Support]: http://live.gnome.org/GnomeGoals/AddGObjectIntrospectionSupport
[Migrate to GSettings / dconf]: http://live.gnome.org/GnomeGoals/GSettingsMigration
[Use a correct Generic Name]: http://live.gnome.org/GnomeGoals/CorrectDesktopFiles
[Migrate to GDBus]: https://bugzilla.gnome.org/show_bug.cgi?id=622885
|
