I'm pleased to announce the initial public release of krb5-sync.

krb5-sync is a toolkit for updating passwords and account status from an
MIT Kerberos master KDC to Active Directory and/or an AFS kaserver. It is
implemented as a patch to kadmind and a plugin module that will push
password changes and selected account flag changes to Active Directory or
to a kaserver at the same time as they are made to the local KDC database.

Please note that this is a toolkit, not a simple application. You will at
a minimum need to patch MIT Kerberos and build a new kadmin server library
to make use of it, and the code has various peculiarities local to
Stanford and will likely need changes for any other site. We're making it
available for feedback and to help other people with similar problems.

My long-term hope is to standardize on a plugin interface that MIT is
willing to incorporate, and then make this a more normal package that
provides that plugin. This is still some distance away, however.

You can download it from:

Please let me know of any problems or feature requests not already listed
in the TODO file.

Russ Allbery (rra@stanford.edu)