This is a release-candidate.
As several important pull-requests have been merged, we're starting with a rc, which will be tested in the field for a few days. If no regression or blocking bug is found within ~2 weeks, the next v3.02.00 stable version will be released.
- feat: add support for a PIV-enforced policy (see https://ovh.github.io/the-bastion/using/piv)
- feat: more information in the logs (see https://ovh.github.io/the-bastion/installation/upgrading.html#version-specific-upgrade-instructions and the logs documentation https://ovh.github.io/the-bastion/administration/logs.html)
- feat: realms: use remote bastion MFA validation information for local policy enforcement
- feat: add
LC_BASTION_DETAILS
envvar - feat:
accountModify
: add--osh-only
(closes #97) - enh: satellite scripts: better error handling
- enh: config: better parsing and normalization
- fix: proper sqlite log location for invalid realm accounts
- fix: tests: syslog-logged errors were not counted towards the total
- fix: groupList: remove 9K group limit
- fix: global-log: directly set proper perms on file creation
- fix: realmDelete: bad sudoers configuration
- fix: remove useless warning when there is no guest access
- chore: tests: remove OpenSUSE Leap 15.0 (due to https://bugzilla.opensuse.org/show_bug.cgi?id=1146027)
- chore: a few other fixes & enhancements around tests, documentation, perlcritic et al.