[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Ganymede developer pre-release 5, dev5.tar.gz, is now available from
ftp://ftp.arlut.utexas.edu/pub/ganymede/
or
ftp://129.116.212.1/pub/ganymede/
if your client has trouble resolving a proper address for
ftp.arlut.utexas.edu.
--
This GUI code in this pre-release has been reworked for compatibilty
with Swing 1.1 beta 3 and later, which use the javax.swing package for
the Swing libraries. This version of the Ganymede client will not
work with older versions of Swing, that do not use the javax.swing
package name.
This pre-release includes a number of important server and client
fixes, and includes enhancements to the password field to make it
possible to (relatively) securely handle password data for both UNIX
and NT.
At this point I consider the Ganymede system to be feature-complete
and ready for production trials. Over the next month or so my main
focus will be on getting our local ARL schema polished up and ready to
take over for GASH here at the lab.
I expect there may be a number of alphabet increments to dev5 as we
find bugs in our initial internal deployment of Ganymede, but I don't
expect any very significant changes between here and 1.0 except for
some schema development, continuing client polishing, documentation,
and the resolution of the licensing issues.
We're going to be presenting Ganymede at the USENIX LISA 1998
conference in Boston, on December 10th. Hopefully, I'll get to meet
some of you there.
-------------------- Changes from dev4f to dev5 -------------------
Ganymede Developer Release 5
October 8, 1998
CHANGES
RELEASE DATE: October 8, 1998
1. [SERVER/SCHEMA EDITOR] Enhanced the password field
Password fields can now be configured in the schema editor to remember
plain text passwords while the server is up. That is, a password
field can be configured such that when a password is entered into
that password field and, in the case of the password field in the
user account object, whenever a password is authenticated for
Ganymede login, the field will remember the plaintext password in
memory.
This is intended to be used to support NT and UNIX integration.
Currently, ARL is synchronizing our UNIX passwords to our NT primary
domain controller by running a Perl script on NT via RSH. The Perl
script is fed a list of changes, including the passwords for the NT
users. Because NT can't use UNIX-crypt()'ed passwords, it is
necessary to include the plaintext of any passwords that have changed.
Since the beginning, the Ganymede server was able to handle passwords
using either UNIX's crypt() password hashing function or plain text
passwords. Now, a password field can store both in memory (if both
crypted and plain-text are selected for a password field in the schema
editor), but plaintext passwords will never be saved to disk if the
crypted option was also selected. That is, Ganymede uses crypted
passwords for its own authentication and unless it has NO OTHER
CHOICE, it will only save the encrypted passwords to disk. In addition,
the Ganymede server provides no means for a client to get access to
the plain text of a password stored in the server. Only local code
directly linked with the server (built tasks) can get access to the
plain text of the passwords.
The idea is that the NT primary domain controller is perfectly capable
of remembering the NT-hashed passwords once set, and Ganymede need not
risk security by keeping the plaintext passwords around on disk.
By default, all Ganymede passwords are encrypted using the UNIX crypt
function. An adopter must explicitly configure a password field to
have the server retain plaintext passwords in memory during execution.
2. [EVERYTHING] Updated all code to work with JDK 1.1.7, Swing 1.1b3
Swing 1.1 beta 3 has had all of the Swing classes moved from
com.sun.java.swing to javax.swing. For compatibility with the future
releases of Swing (beta and otherwise), all of the Ganymede clients
and admin console code has been moved over to the javax.* package
naming. This means that from this point on, the Ganymede client will
require Swing 1.1 beta 3 or later.
3. [CLIENT] Fixed invid/string vector selector so that pop-up menus work again
At some point the right mouse button stopped selecting items in the
Swing JList class. This broke the popup menu in the client's
string/invid selector. The problem was that the lack of selection
caused the right-mouse-button pop up menu to not be able to identify
the item in the list that it needed to pass up to the containerPanel.
4. [CLIENT] Fixed scalar invid chooser refresh
The JInvidChooser GUI component's refresh logic, as changed in dev4f,
wasn't taking into account the possibility that an invid field's
choices() might not include the value currently set in the invid
field. This left the invid chooser blank after a change was made, as
the server immediately requests a refresh of the field.
5. [CLIENT] Tweaked the open object/create object dialogs
The Swing libraries, up to and including Swing 1.1 beta 3, have some
serious problems with pop-up menus in dialogs. That is to say, Swing
is currently incapable of displaying a pop-up menu that goes outside
of the dialog. In dev4f and before, we tried to encourage Swing to
try to do this, with the result being that the pop-up menu just gets
truncated in the dialog. In dev5, we have modified our dialogs with
pop-down menus so that they don't try to extend the menus past the
bounds of the dialog.
All of which is to say, we've made it look a _little_ bit better now,
but we're going to have to remember to keep an eye on later Swing
releases and try to make this a bit better when we can.
6. [SERVER/CLIENT] Field choice listing improved
Previously, the list of choices provided when one edited an invid
field only listed the set of objects that could be directly edited,
and did not take into account the DBEditObject anonymousLinkOK()
method that can provide for an exception to the normal editability
determination. Now, objects that can be linked by virtue of the
remote object type's anonymousLinkOK() method will also be shown
in the client's list of possible choices.
The server and client have been elaborated a bit so that the client's
results caching system won't be confused by this.
7. [SERVER/SCHEMAS] Removed the 'throws RemoteException' from DBEditObject constructors
Part of change dev4b.11 (the big optimization) was to make it so that
the DBObject and DBField classes no longer subclassed from
java.rmi.UnicastRemoteObject, which automatically exported them on
creation. Since this change, it has not been necessary to have the
'throws RemoteException' any more. Since the optimization has been
working perfectly for over a month now, I've gone ahead and gone
through the code and removed these vestigal code bits.
I also removed the try..catch.. that was surrounding code in the
server that was responsible for creating instances of DBEditObject,
as well.
The upshot of this is that you'll want to use the new custom jar
file corresponding to whatever schema kit you've been testing with,
and if you've written any custom DBEditObject subclasses, you'll
want to go ahead and lop the 'throws RemoteException' off of your
constructor definitions.
The documentation for DBEditObject customization has been amended to
reflect the dropping of the 'throws RemoteException' from the
constructors.
8. [SERVER] adminPersona custom code modified
The plug-in for the admin persona object has been modified so that the
user field is not presented for editing for the supergash and monitor
personas.
9. [SCHEMA] Fix-ups to the GASH schema
The GASH schema was not correctly updated in dev4f. The
ganymede.schema file included with the GASH schema kit now has all of
the fields required for the new admin persona schema.
10. [PASSWORD] Brought the password client(s) up to date
The password client has not been up-to-date with changes to the server
over the last several releases.
-------------------------------------------------------------------------------
Jonathan Abbey jonabbey@arlut.utexas.edu
Applied Research Laboratories The University of Texas at Austin
-------------------------------------------------------------------------------
----------------------------------------------------------------------------
To make changes to your subscription to the ganymede mailing list, send
mail to majordomo@arlut.utexas.edu.
To unsubcribe, include the line
unsubscribe ganymede
in the body of your mail message
Download ganymede from ftp.arlut.utexas.edu/pub/ganymede/.
To see the latest design specs for Ganymede, visit the Ganymede web page
at http://www.arlut.utexas.edu/gash2/
----------------------------------------------------------------------------