I'm pleased to announce release 0.5 of krb5-sync.

krb5-sync is a toolkit for updating passwords and account status from an
MIT Kerberos master KDC to Active Directory and/or an AFS kaserver. It is
implemented as a patch to kadmind and a plugin module that will push
password changes and selected account flag changes to Active Directory or
to a kaserver at the same time as they are made to the local KDC database.

Changes from previous release:

Obtain new AFS tokens for each operation rather than reusing the
existing token since ka_GetAdminToken isn't smart enough to realize
that the old token has expired.

Queue AD password changes rather than rejecting the change if the
error message from the password change may indicate that the user
doesn't exist in AD.

Queue AD password changes if there is already an AD password change
queued rather than rejecting the change.

Include the username in status messages from the krb5-sync
command-line utility.

You can download it from:

Please let me know of any problems or feature requests not already listed
in the TODO file.

Russ Allbery (rra@stanford.edu)
Kerberos mailing list Kerberos@mit.edu