Changes:
- feat: transmit PIV enforcement status to remote realms, so that the remote policy can be enforced (#33)
- feat: add
groupGenerateEgressKeyandgroupDelEgressKey(#135) - feat: auto-add hostname as comment in
groupAddServerandselfAddPersonalAccesss(side-note in #60) - enh:
groupAddGuestAccessnow supports setting a comment (#17, #18) - enh:
groupAddServer: augment the returned JSON with the added server details - enh: move unexpected-sudo messages from
securitytocode-warningtype - enh: egress ssh key: compute an ID so that keys can be pointed to and deleted
- fix:
groupDelGuestAccess: deleting a guest access returned an error on TTL-forced groups - fix: groupSetRole(): pass sudo param to subfuncs to avoid a security warning
- fix: execute(): remove osh_warn on tainted params to avoid exposing arguments on coding error
- fix:
groupModify: deny early if user is not an owner of the group - enh:
groupInfo: nicer message when no egress key exists - enh:
install: use in-place overwrite for sudoers files, the 3-seconds wait by default has been removed (and the--no-waitparameter is now a no-op) - fix:
interactive: omit inactivity message warning when set to 0 seconds - a few other internal fixes here and there
General upgrade instructions: How to upgrade
Specific upgrade instructions: none