directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dran...@apache.org
Subject directory-kerby git commit: Refined KDC side APIs and codes
Date Mon, 29 Jun 2015 03:19:12 GMT
Repository: directory-kerby
Updated Branches:
  refs/heads/master 02bb04248 -> 30a8ef33c


Refined KDC side APIs and codes


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/30a8ef33
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/30a8ef33
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/30a8ef33

Branch: refs/heads/master
Commit: 30a8ef33c2d73e16f7de859e363b166f9b48b0a3
Parents: 02bb042
Author: Drankye <drankye@gmail.com>
Authored: Mon Jun 29 11:18:04 2015 +0800
Committer: Drankye <drankye@gmail.com>
Committed: Mon Jun 29 11:18:04 2015 +0800

----------------------------------------------------------------------
 .../kerby/kerberos/kdc/GssInteropTestBase.java  |   1 -
 .../kerby/kerberos/kdc/JsonBackendKdcTest.java  |   5 +-
 .../apache/kerby/kerberos/kdc/KerbyKdcTest.java |   3 +-
 .../kdc/OnlyTcpForNettyKdcNetworkTest.java      |   5 +-
 .../kdc/OnlyUdpForNettyKdcNetworkTest.java      |   8 +-
 .../kerberos/kdc/ZookeeperBackendKdcTest.java   |   5 +-
 kerby-kdc/pom.xml                               |   5 +
 .../kerby/kerberos/kdc/KerbyKdcServer.java      | 120 +++++--------------
 .../kerberos/kdc/impl/NettyKdcServerImpl.java   |   5 +
 .../kerby/kerberos/kerb/admin/AdminHelper.java  |  36 ------
 .../kerby/kerberos/kerb/admin/Kadmin.java       |  94 ++++++++-------
 .../kerby/kerberos/kerb/common/KrbUtil.java     |  11 ++
 .../kerby/kerberos/kerb/server/KdcTestBase.java |   3 +-
 .../kerberos/kerb/server/GssInteropTest.java    |   1 -
 .../kerberos/kerb/server/InternalKdcServer.java |  58 ---------
 .../kerby/kerberos/kerb/server/KdcServer.java   | 117 ++++++++++--------
 .../kerberos/kerb/server/KdcServerOption.java   |   3 -
 .../kerby/kerberos/kerb/server/KdcSetting.java  |  18 ++-
 .../kerby/kerberos/kerb/server/KdcUtil.java     |  80 +++++++++++++
 .../server/impl/AbstractInternalKdcServer.java  | 110 ++++-------------
 .../impl/DefaultInternalKdcServerImpl.java      |   5 +
 .../kerb/server/impl/InternalKdcServer.java     |  57 +++++++++
 .../kerb/server/request/KdcRequest.java         |   5 +-
 .../kerberos/kerb/server/SimpleKdcServer.java   |  23 ++--
 24 files changed, 360 insertions(+), 418 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/30a8ef33/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssInteropTestBase.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssInteropTestBase.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssInteropTestBase.java
index f2c0e20..c9f0ea4 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssInteropTestBase.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssInteropTestBase.java
@@ -44,7 +44,6 @@ public abstract class GssInteropTestBase extends KdcTestBase {
 
     @Override
     protected void createPrincipals() throws KrbException {
-        kdcServer.createTgsPrincipal();
         kdcServer.createPrincipal(getClientPrincipal(), getClientPassword());
         kdcServer.createPrincipal(getServerPrincipal(), getServerPassword());
     }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/30a8ef33/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/JsonBackendKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/JsonBackendKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/JsonBackendKdcTest.java
index a5be378..c5815d8 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/JsonBackendKdcTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/JsonBackendKdcTest.java
@@ -38,14 +38,11 @@ public class JsonBackendKdcTest extends KerbyKdcTest {
         jsonBackendFile = new File(testDir, "json-backend-file");
         String jsonBackendFileString = jsonBackendFile.getAbsolutePath();
 
-        BackendConfig backendConfig = new BackendConfig();
+        BackendConfig backendConfig = kdcServer.getBackendConfig();
         backendConfig.setString(
                 JsonIdentityBackend.JSON_IDENTITY_BACKEND_FILE, jsonBackendFileString);
         backendConfig.setString(KdcConfigKey.KDC_IDENTITY_BACKEND,
             "org.apache.kerby.kerberos.kdc.identitybackend.JsonIdentityBackend");
-        kdcServer.setBackendConfig(backendConfig);
-
-        kdcServer.init();
     }
 
     @Test

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/30a8ef33/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/KerbyKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/KerbyKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/KerbyKdcTest.java
index 61098f0..b5cc30d 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/KerbyKdcTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/KerbyKdcTest.java
@@ -34,7 +34,8 @@ public abstract class KerbyKdcTest extends KdcTestBase {
     @Override
     protected void prepareKdcServer() throws Exception {
         super.prepareKdcServer();
-        kdcServer.setInnerKdcImpl(new NettyKdcServerImpl());
+        kdcServer.setInnerKdcImpl(
+                new NettyKdcServerImpl(kdcServer.getSetting()));
     }
 
     protected void performKdcTest() throws Exception {

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/30a8ef33/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/OnlyTcpForNettyKdcNetworkTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/OnlyTcpForNettyKdcNetworkTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/OnlyTcpForNettyKdcNetworkTest.java
index d49d032..6b46e8e 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/OnlyTcpForNettyKdcNetworkTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/OnlyTcpForNettyKdcNetworkTest.java
@@ -49,12 +49,9 @@ public class OnlyTcpForNettyKdcNetworkTest extends KerbyKdcTest {
         jsonBackendFile = new File(testDir, "json-backend-file");
         String jsonBackendFileString = jsonBackendFile.getAbsolutePath();
 
-        BackendConfig backendConfig = new BackendConfig();
+        BackendConfig backendConfig = kdcServer.getBackendConfig();
         backendConfig.setString(
                 JsonIdentityBackend.JSON_IDENTITY_BACKEND_FILE, jsonBackendFileString);
-        kdcServer.setBackendConfig(backendConfig);
-
-        kdcServer.init();
     }
 
     @Test

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/30a8ef33/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/OnlyUdpForNettyKdcNetworkTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/OnlyUdpForNettyKdcNetworkTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/OnlyUdpForNettyKdcNetworkTest.java
index 61b6a82..0097eec 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/OnlyUdpForNettyKdcNetworkTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/OnlyUdpForNettyKdcNetworkTest.java
@@ -49,12 +49,10 @@ public class OnlyUdpForNettyKdcNetworkTest extends KerbyKdcTest {
         jsonBackendFile = new File(testDir, "json-backend-file");
         String jsonBackendFileString = jsonBackendFile.getAbsolutePath();
 
-        BackendConfig backendConfig = new BackendConfig();
+        BackendConfig backendConfig = kdcServer.getBackendConfig();
         backendConfig.setString(
-                JsonIdentityBackend.JSON_IDENTITY_BACKEND_FILE, jsonBackendFileString);
-        kdcServer.setBackendConfig(backendConfig);
-
-        kdcServer.init();
+                JsonIdentityBackend.JSON_IDENTITY_BACKEND_FILE,
+                jsonBackendFileString);
     }
 
     @Test

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/30a8ef33/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/ZookeeperBackendKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/ZookeeperBackendKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/ZookeeperBackendKdcTest.java
index 3b407eb..fda0f4b 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/ZookeeperBackendKdcTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/ZookeeperBackendKdcTest.java
@@ -50,8 +50,9 @@ public class ZookeeperBackendKdcTest extends KerbyKdcTest {
     protected void prepareKdcServer() throws Exception {
         super.prepareKdcServer();
 
+        BackendConfig backendConfig = kdcServer.getBackendConfig();
+
         File testDir = new File(System.getProperty("test.dir", "target"));
-        BackendConfig backendConfig = new BackendConfig();
         instanceDir = new File(testDir, "zookeeper");
         instanceDir.mkdirs();
         dataDir = new File(instanceDir, "data");
@@ -62,8 +63,6 @@ public class ZookeeperBackendKdcTest extends KerbyKdcTest {
         backendConfig.setString(ZKConfKey.DATA_LOG_DIR.getPropertyKey(), dataLogDir.getAbsolutePath());
         backendConfig.setString(KdcConfigKey.KDC_IDENTITY_BACKEND,
             "org.apache.kerby.kerberos.kdc.identitybackend.ZookeeperIdentityBackend");
-
-        kdcServer.setBackendConfig(backendConfig);
     }
 
     @Test

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/30a8ef33/kerby-kdc/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kdc/pom.xml b/kerby-kdc/pom.xml
index 51d3a4d..7cf5b77 100644
--- a/kerby-kdc/pom.xml
+++ b/kerby-kdc/pom.xml
@@ -37,6 +37,11 @@
       <version>${project.version}</version>
     </dependency>
     <dependency>
+      <groupId>org.apache.kerby</groupId>
+      <artifactId>kerb-admin</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
       <groupId>io.netty</groupId>
       <artifactId>netty-all</artifactId> <!-- TODO: limited -->
       <version>4.0.0.Final</version>

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/30a8ef33/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java
index 9c098da..e088d5a 100644
--- a/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java
+++ b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java
@@ -21,119 +21,59 @@ package org.apache.kerby.kerberos.kdc;
 
 import org.apache.kerby.kerberos.kdc.impl.NettyKdcServerImpl;
 import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
-import org.apache.kerby.kerberos.kerb.common.KrbUtil;
-import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
+import org.apache.kerby.kerberos.kerb.admin.Kadmin;
 import org.apache.kerby.kerberos.kerb.server.KdcServer;
-import org.apache.kerby.kerberos.kerb.spec.base.EncryptionKey;
-import org.apache.kerby.kerberos.kerb.spec.base.EncryptionType;
 
 import java.io.File;
-import java.util.List;
-import java.util.Map;
-import java.util.UUID;
 
 /**
  * The mentioned Kerby KDC server implementation.
  */
 public class KerbyKdcServer extends KdcServer {
-    private static KerbyKdcServer server;
+    private Kadmin kadmin;
+    public KerbyKdcServer(File confDir) throws KrbException {
+        super(confDir);
+        setInnerKdcImpl(new NettyKdcServerImpl(getSetting()));
+    }
 
     @Override
     public void init() throws KrbException {
-        innerKdc = new NettyKdcServerImpl();
-        innerKdc.init(commonOptions);
-    }
+        super.init();
 
-    /**
-     * TODO: THIS IS TO BE MOVED TO KDC-INIT !!
-     * Verify whether tgt identity has been added.
-     * If no, add it to identity backend.
-     */
-    private void createTgtPrincipal() {
-        String tgtPrincipal = KrbUtil.makeTgsPrincipal(getSetting().getKdcRealm()).getName();
-        KrbIdentity tgtIdentity = getIdentityService().getIdentity(tgtPrincipal);
-        if (tgtIdentity == null) {
-            createPrincipals(tgtPrincipal);
-        }
-    }
+        kadmin = new Kadmin(getSetting(), getIdentityService());
 
-    private void createPrincipal(String principal, String password) {
-        KrbIdentity identity = new KrbIdentity(fixPrincipal(principal));
-        List<EncryptionType> encTypes = getSetting().getKdcConfig().getEncryptionTypes();
-        List<EncryptionKey> encKeys = null;
-        try {
-            encKeys = EncryptionUtil.generateKeys(fixPrincipal(principal), password, encTypes);
-        } catch (KrbException e) {
-            throw new RuntimeException("Failed to generate encryption keys", e);
-        }
-        identity.addKeys(encKeys);
-        getIdentityService().addIdentity(identity);
-    }
-
-    private void createPrincipals(String ... principals) {
-        String passwd;
-        for (String principal : principals) {
-            passwd = UUID.randomUUID().toString();
-            createPrincipal(fixPrincipal(principal), passwd);
-        }
-    }
-
-    private String fixPrincipal(String principal) {
-        if (! principal.contains("@")) {
-            principal += "@" + getSetting().getKdcRealm();
-        }
-        return principal;
+        kadmin.createBuiltinPrincipals();
     }
 
     private static final String USAGE = "Usage: " +
             KerbyKdcServer.class.getSimpleName() +
-            " -start conf-dir working-dir|-start|-stop";
+            " -start <conf-dir> <working-dir>";
 
     public static void main(String[] args) throws KrbException {
-        if (args.length == 0) {
+        if (args.length != 3) {
             System.err.println(USAGE);
-            return;
+            System.exit(1);
         }
 
-        if (args[0].equals("-start")) {
-            String confDir;
-            String workDir;
-            if(args.length == 1) {
-                String envDir;
-                try {
-                    Map<String, String> mapEnv = System.getenv();
-                    envDir = mapEnv.get("KRB5_KDC_DIR");
-                } catch (SecurityException e) {
-                    envDir = null;
-                }
-                if(envDir != null) {
-                    confDir = envDir;
-                } else {
-                    confDir = "/etc/kerby/";
-                }
-                workDir = "/tmp/";
-            } else if (args.length == 3) {
-                confDir = args[1];
-                workDir = args[2];
-            } else {
-                System.err.println(USAGE);
-                return;
-            }
-            server = new KerbyKdcServer();
-            server.setWorkDir(new File(workDir));
-            server.setConfDir(new File(confDir));
-            server.init();
-
-            server.createTgtPrincipal();
-
-            server.start();
-            System.out.println("KDC started.");
-        } else if (args[0].equals("-stop")) {
-            //server.stop();//FIXME can't get the server instance here
-            System.out.println("KDC Server stopped.");
-        } else {
+        if (!args[0].equals("-start")) {
             System.err.println(USAGE);
+            System.exit(2);
         }
+
+        String confDirPath = args[1];
+        String workDirPath = args[2];
+        File confDir = new File(confDirPath);
+        File workDir = new File(workDirPath);
+        if (!confDir.exists() || !workDir.exists()) {
+            System.err.println("Invalid or not exist conf-dir or work-dir");
+            System.exit(3);
+        }
+
+        KerbyKdcServer server = new KerbyKdcServer(confDir);
+        server.setWorkDir(workDir);
+        server.init();
+
+        server.start();
+        System.out.println("KDC started.");
     }
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/30a8ef33/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcServerImpl.java
----------------------------------------------------------------------
diff --git a/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcServerImpl.java b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcServerImpl.java
index 6ff72fa..491adc1 100644
--- a/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcServerImpl.java
+++ b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcServerImpl.java
@@ -20,6 +20,7 @@
 package org.apache.kerby.kerberos.kdc.impl;
 
 import org.apache.kerby.kerberos.kerb.server.KdcContext;
+import org.apache.kerby.kerberos.kerb.server.KdcSetting;
 import org.apache.kerby.kerberos.kerb.server.impl.AbstractInternalKdcServer;
 import org.apache.kerby.kerberos.kerb.server.preauth.PreauthHandler;
 
@@ -35,6 +36,10 @@ public class NettyKdcServerImpl extends AbstractInternalKdcServer {
     private KdcContext kdcContext;
     private NettyKdcNetwork network;
 
+    public NettyKdcServerImpl(KdcSetting kdcSetting) {
+        super(kdcSetting);
+    }
+
     @Override
     protected void doStart() throws Exception {
         super.doStart();

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/30a8ef33/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/AdminHelper.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/AdminHelper.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/AdminHelper.java
index 585cbe8..a397bad 100644
--- a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/AdminHelper.java
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/AdminHelper.java
@@ -20,14 +20,10 @@
 package org.apache.kerby.kerberos.kerb.admin;
 
 import org.apache.kerby.KOptions;
-import org.apache.kerby.config.Config;
 import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
-import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
-import org.apache.kerby.kerberos.kerb.identity.backend.MemoryIdentityBackend;
 import org.apache.kerby.kerberos.kerb.keytab.Keytab;
 import org.apache.kerby.kerberos.kerb.keytab.KeytabEntry;
-import org.apache.kerby.kerberos.kerb.server.KdcConfigKey;
 import org.apache.kerby.kerberos.kerb.spec.KerberosTime;
 import org.apache.kerby.kerberos.kerb.spec.base.EncryptionKey;
 import org.apache.kerby.kerberos.kerb.spec.base.EncryptionType;
@@ -45,38 +41,6 @@ public final class AdminHelper {
 
     private AdminHelper() { }
 
-    /**
-     * Init the identity backend from backend configuration.
-     */
-    static IdentityBackend getBackend(Config backendConfig) throws KrbException {
-        String backendClassName = backendConfig.getString(
-            KdcConfigKey.KDC_IDENTITY_BACKEND);
-        if (backendClassName == null) {
-            backendClassName = MemoryIdentityBackend.class.getCanonicalName();
-        }
-
-        Class<?> backendClass;
-        try {
-            backendClass = Class.forName(backendClassName);
-        } catch (ClassNotFoundException e) {
-            throw new KrbException("Failed to load backend class: "
-                    + backendClassName);
-        }
-
-        IdentityBackend backend;
-        try {
-            backend = (IdentityBackend) backendClass.newInstance();
-        } catch (InstantiationException | IllegalAccessException e) {
-            throw new KrbException("Failed to create backend: "
-                    + backendClassName);
-        }
-
-        backend.setConfig(backendConfig);
-        backend.initialize();
-        return backend;
-    }
-
-
     static void exportKeytab(File keytabFile, KrbIdentity identity)
             throws KrbException {
 

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/30a8ef33/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
index 64505fc..83ead42 100644
--- a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
@@ -20,75 +20,87 @@
 package org.apache.kerby.kerberos.kerb.admin;
 
 import org.apache.kerby.KOptions;
-import org.apache.kerby.config.Conf;
-import org.apache.kerby.config.Config;
 import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
+import org.apache.kerby.kerberos.kerb.common.KrbUtil;
 import org.apache.kerby.kerberos.kerb.identity.IdentityService;
 import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
 import org.apache.kerby.kerberos.kerb.keytab.Keytab;
+import org.apache.kerby.kerberos.kerb.server.BackendConfig;
 import org.apache.kerby.kerberos.kerb.server.KdcConfig;
+import org.apache.kerby.kerberos.kerb.server.KdcSetting;
+import org.apache.kerby.kerberos.kerb.server.KdcUtil;
 import org.apache.kerby.kerberos.kerb.spec.base.EncryptionKey;
 import org.apache.kerby.kerberos.kerb.spec.base.PrincipalName;
 
 import java.io.File;
-import java.io.IOException;
 import java.util.List;
 
 /**
  * Server side admin facilities.
  */
 public class Kadmin {
+    private final KdcSetting kdcSetting;
+    private final IdentityService backend;
 
-    private KdcConfig kdcConfig;
-    private Config backendConfig;
-    private IdentityService backend;
+    public Kadmin(KdcConfig kdcConfig,
+                  BackendConfig backendConfig) throws KrbException {
+        this.backend = KdcUtil.getBackend(backendConfig);
+        this.kdcSetting = new KdcSetting(kdcConfig, backendConfig);
+    }
+
+    public Kadmin(File confDir) throws KrbException {
+        KdcConfig tmpKdcConfig = KdcUtil.getKdcConfig(confDir);
+        if (tmpKdcConfig == null) {
+            tmpKdcConfig = new KdcConfig();
+        }
 
-    public Kadmin(IdentityService backend, KdcConfig kdcConfig,
-                  Config backendConfig) throws KrbException {
+        BackendConfig tmpBackendConfig = KdcUtil.getBackendConfig(confDir);
+        if (tmpBackendConfig == null) {
+            tmpBackendConfig = new BackendConfig();
+        }
+
+        this.kdcSetting = new KdcSetting(tmpKdcConfig, tmpBackendConfig);
+
+        backend = KdcUtil.getBackend(tmpBackendConfig);
+    }
+
+    public Kadmin(KdcSetting kdcSetting, IdentityService backend) {
+        this.kdcSetting = kdcSetting;
         this.backend = backend;
-        this.kdcConfig = kdcConfig;
-        this.backendConfig = backendConfig;
     }
 
-    public Kadmin(KdcConfig kdcConfig, Config backendConfig) throws KrbException {
-        this.kdcConfig = kdcConfig;
-        this.backendConfig = backendConfig;
-        this.backend = AdminHelper.getBackend(backendConfig);
+    private String getTgsPrincipal() {
+        return KrbUtil.makeTgsPrincipal(kdcSetting.getKdcRealm()).getName();
     }
 
-    public Kadmin(File confDir) throws KrbException {
-        File kdcConfFile = new File(confDir, "kdc.conf");
-        kdcConfig = new KdcConfig();
-        if (kdcConfFile.exists()) {
-            try {
-                kdcConfig.addIniConfig(kdcConfFile);
-            } catch (IOException e) {
-                throw new KrbException("Can not load the kdc configuration file "
-                        + kdcConfFile.getAbsolutePath());
-            }
+    private String getKadminPrincipal() {
+        return KrbUtil.makeKadminPrincipal(kdcSetting.getKdcRealm()).getName();
+    }
+
+    public void createBuiltinPrincipals() throws KrbException {
+        String tgsPrincipal = getTgsPrincipal();
+        if (backend.getIdentity(tgsPrincipal) == null) {
+            addPrincipal(tgsPrincipal);
         }
 
-        File backendConfigFile = new File(confDir, "backend.conf");
-        Conf backendConfig = new Conf();
-        if (backendConfigFile.exists()) {
-            try {
-                backendConfig.addIniConfig(backendConfigFile);
-            } catch (IOException e) {
-                throw new KrbException("Can not load the backend configuration file "
-                        + backendConfigFile.getAbsolutePath());
-            }
+        String kadminPrincipal = getKadminPrincipal();
+        if (backend.getIdentity(kadminPrincipal) == null) {
+            addPrincipal(kadminPrincipal);
         }
+    }
 
-        backend = AdminHelper.getBackend(backendConfig);
+    public void deleteBuiltinPrincipals() throws KrbException {
+        deletePrincipal(getTgsPrincipal());
+        deletePrincipal(getKadminPrincipal());
     }
 
     public KdcConfig getKdcConfig() {
-        return kdcConfig;
+        return kdcSetting.getKdcConfig();
     }
 
-    public Config getBackendConfig() {
-        return backendConfig;
+    public BackendConfig getBackendConfig() {
+        return kdcSetting.getBackendConfig();
     }
 
     /**
@@ -109,7 +121,7 @@ public class Kadmin {
         principal = fixPrincipal(principal);
         KrbIdentity identity = AdminHelper.createIdentity(principal, kOptions);
         List<EncryptionKey> keys = EncryptionUtil.generateKeys(
-                kdcConfig.getEncryptionTypes());
+                getKdcConfig().getEncryptionTypes());
         identity.addKeys(keys);
         backend.addIdentity(identity);
     }
@@ -125,7 +137,7 @@ public class Kadmin {
         principal = fixPrincipal(principal);
         KrbIdentity identity = AdminHelper.createIdentity(principal, kOptions);
         List<EncryptionKey> keys = EncryptionUtil.generateKeys(principal, password,
-            kdcConfig.getEncryptionTypes());
+            getKdcConfig().getEncryptionTypes());
         identity.addKeys(keys);
         backend.addIdentity(identity);
     }
@@ -244,7 +256,7 @@ public class Kadmin {
                 "was not found. Please check the input and try again");
         }
         List<EncryptionKey> keys = EncryptionUtil.generateKeys(principal, password,
-            kdcConfig.getEncryptionTypes());
+            getKdcConfig().getEncryptionTypes());
         identity.addKeys(keys);
 
         backend.updateIdentity(identity);
@@ -258,7 +270,7 @@ public class Kadmin {
                 "was not found. Please check the input and try again");
         }
         List<EncryptionKey> keys = EncryptionUtil.generateKeys(
-            kdcConfig.getEncryptionTypes());
+            getKdcConfig().getEncryptionTypes());
         identity.addKeys(keys);
         backend.updateIdentity(identity);
     }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/30a8ef33/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/KrbUtil.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/KrbUtil.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/KrbUtil.java
index eb1cbc1..fba622d 100644
--- a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/KrbUtil.java
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/KrbUtil.java
@@ -34,4 +34,15 @@ public class KrbUtil {
         String nameString = KrbConstant.TGS_PRINCIPAL + "/" + realm + "@" + realm;
         return new PrincipalName(nameString, NameType.NT_PRINCIPAL);
     }
+
+    /**
+     * Construct kadmin principal name.
+     * @param realm
+     * @return principal
+     */
+    public static PrincipalName makeKadminPrincipal(String realm) {
+        String nameString = "kadmin/" + realm + "@" + realm;
+        return new PrincipalName(nameString, NameType.NT_PRINCIPAL);
+    }
+
 }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/30a8ef33/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java b/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
index 974d626..ead183a 100644
--- a/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
+++ b/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
@@ -134,6 +134,7 @@ public abstract class KdcTestBase {
         setUpKdcServer();
 
         setUpClient();
+
         createPrincipals();
     }
 
@@ -192,13 +193,11 @@ public abstract class KdcTestBase {
     }
 
     protected void createPrincipals() throws KrbException {
-        kdcServer.createTgsPrincipal();
         kdcServer.createPrincipals(serverPrincipal);
         kdcServer.createPrincipal(clientPrincipal, clientPassword);
     }
 
     protected void deletePrincipals() throws KrbException {
-        kdcServer.deleteTgsPrincipal();
         kdcServer.deletePrincipals(serverPrincipal);
         kdcServer.deletePrincipal(clientPrincipal);
     }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/30a8ef33/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java
index e1967eb..bec2e16 100644
--- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java
@@ -66,7 +66,6 @@ public class GssInteropTest extends KdcTestBase {
 
     @Override
     protected void createPrincipals() throws KrbException {
-        kdcServer.createTgsPrincipal();
         kdcServer.createPrincipal(getClientPrincipal(), getClientPassword());
         kdcServer.createPrincipal(getServerPrincipal(), getServerPassword());
     }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/30a8ef33/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/InternalKdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/InternalKdcServer.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/InternalKdcServer.java
deleted file mode 100644
index 6f3bce7..0000000
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/InternalKdcServer.java
+++ /dev/null
@@ -1,58 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License. 
- *
- */
-package org.apache.kerby.kerberos.kerb.server;
-
-import org.apache.kerby.KOptions;
-import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.identity.IdentityService;
-
-/**
- * An internal KDC server interface.
- */
-public interface InternalKdcServer {
-
-    /**
-     * Initialize with KDC startup options.
-     * @param options
-     */
-    void init(KOptions options) throws KrbException;
-
-    /**
-     * Start the KDC server.
-     */
-    void start();
-
-    /**
-     * Stop the KDC server.
-     */
-    void stop();
-
-    /**
-     * Get KDC setting.
-     * @return setting
-     */
-    KdcSetting getSetting();
-
-    /**
-     * Get identity service.
-     * @return IdentityService
-     */
-    IdentityService getIdentityService();
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/30a8ef33/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java
index 79a16bf..f5465ad 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java
@@ -20,51 +20,72 @@
 package org.apache.kerby.kerberos.kerb.server;
 
 import org.apache.kerby.KOptions;
-import org.apache.kerby.config.Config;
 import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.identity.IdentityService;
 import org.apache.kerby.kerberos.kerb.server.impl.DefaultInternalKdcServerImpl;
+import org.apache.kerby.kerberos.kerb.server.impl.InternalKdcServer;
 
 import java.io.File;
 
+/**
+ * The implemented Kerberos Server API.
+ */
 public class KdcServer {
-    protected KOptions commonOptions;
-    protected InternalKdcServer innerKdc;
+    private final KdcConfig kdcConfig;
+    private final BackendConfig backendConfig;
+    private final KdcSetting kdcSetting;
+    private final KOptions startupOptions;
 
-    /**
-     * Default constructor.
-     */
-    public KdcServer() {
-        commonOptions = new KOptions();
-    }
+    private InternalKdcServer innerKdc;
 
     /**
-     * Set KDC config.
+     * Constructor passing both kdcConfig and backendConfig.
      * @param kdcConfig
-     */
-    public void setKdcConfig(KdcConfig kdcConfig) {
-        commonOptions.add(KdcServerOption.KDC_CONFIG, kdcConfig);
-    }
-
-    /**
-     * Set backend config.
      * @param backendConfig
+     * @throws KrbException
      */
-    public void setBackendConfig(BackendConfig backendConfig) {
-        commonOptions.add(KdcServerOption.BACKEND_CONFIG, backendConfig);
+    public KdcServer(KdcConfig kdcConfig,
+                  BackendConfig backendConfig) throws KrbException {
+        this.kdcConfig = kdcConfig;
+        this.backendConfig = backendConfig;
+        startupOptions = new KOptions();
+        kdcSetting = new KdcSetting(startupOptions, kdcConfig, backendConfig);
     }
 
     /**
-     * Set conf dir where configuration resources can be loaded. Mainly:
+     * Constructor given confDir where 'kdc.conf' and 'backend.conf' should be
+     * available.
      * kdc.conf, that contains kdc server related items.
      * backend.conf, that contains identity backend related items.
      *
-     * Note confDir is only used when KDC and backend config aren't set.
-     *
      * @param confDir
+     * @throws KrbException
+     */
+    public KdcServer(File confDir) throws KrbException {
+        KdcConfig tmpKdcConfig = KdcUtil.getKdcConfig(confDir);
+        if (tmpKdcConfig == null) {
+            tmpKdcConfig = new KdcConfig();
+        }
+        this.kdcConfig = tmpKdcConfig;
+
+        BackendConfig tmpBackendConfig = KdcUtil.getBackendConfig(confDir);
+        if (tmpBackendConfig == null) {
+            tmpBackendConfig = new BackendConfig();
+        }
+        this.backendConfig = tmpBackendConfig;
+
+        startupOptions = new KOptions();
+        kdcSetting = new KdcSetting(startupOptions, kdcConfig, backendConfig);
+    }
+
+    /**
+     * Default constructor.
      */
-    public void setConfDir(File confDir) {
-        commonOptions.add(KdcServerOption.CONF_DIR, confDir);
+    public KdcServer() {
+        kdcConfig = new KdcConfig();
+        backendConfig = new BackendConfig();
+        startupOptions = new KOptions();
+        kdcSetting = new KdcSetting(startupOptions, kdcConfig, backendConfig);
     }
 
     /**
@@ -72,7 +93,7 @@ public class KdcServer {
      * @param realm
      */
     public void setKdcRealm(String realm) {
-        commonOptions.add(KdcServerOption.KDC_REALM, realm);
+        startupOptions.add(KdcServerOption.KDC_REALM, realm);
     }
 
     /**
@@ -80,7 +101,7 @@ public class KdcServer {
      * @param kdcHost
      */
     public void setKdcHost(String kdcHost) {
-        commonOptions.add(KdcServerOption.KDC_HOST, kdcHost);
+        startupOptions.add(KdcServerOption.KDC_HOST, kdcHost);
     }
 
     /**
@@ -88,7 +109,7 @@ public class KdcServer {
      * @param kdcTcpPort
      */
     public void setKdcTcpPort(int kdcTcpPort) {
-        commonOptions.add(KdcServerOption.KDC_TCP_PORT, kdcTcpPort);
+        startupOptions.add(KdcServerOption.KDC_TCP_PORT, kdcTcpPort);
     }
 
     /**
@@ -96,7 +117,7 @@ public class KdcServer {
      * @param allowUdp
      */
     public void setAllowUdp(boolean allowUdp) {
-        commonOptions.add(KdcServerOption.ALLOW_UDP, allowUdp);
+        startupOptions.add(KdcServerOption.ALLOW_UDP, allowUdp);
     }
 
     /**
@@ -104,14 +125,14 @@ public class KdcServer {
      * @param allowTcp
      */
     public void setAllowTcp(boolean allowTcp) {
-        commonOptions.add(KdcServerOption.ALLOW_TCP, allowTcp);
+        startupOptions.add(KdcServerOption.ALLOW_TCP, allowTcp);
     }
     /**
      * Set KDC udp port. Only makes sense when allowUdp is set.
      * @param kdcUdpPort
      */
     public void setKdcUdpPort(int kdcUdpPort) {
-        commonOptions.add(KdcServerOption.KDC_UDP_PORT, kdcUdpPort);
+        startupOptions.add(KdcServerOption.KDC_UDP_PORT, kdcUdpPort);
     }
 
     /**
@@ -119,14 +140,14 @@ public class KdcServer {
      * @param workDir
      */
     public void setWorkDir(File workDir) {
-        commonOptions.add(KdcServerOption.WORK_DIR, workDir);
+        startupOptions.add(KdcServerOption.WORK_DIR, workDir);
     }
 
     /**
      * Allow to debug so have more logs.
      */
     public void enableDebug() {
-        commonOptions.add(KdcServerOption.ENABLE_DEBUG);
+        startupOptions.add(KdcServerOption.ENABLE_DEBUG);
     }
 
     /**
@@ -134,19 +155,15 @@ public class KdcServer {
      * @param innerKdcImpl
      */
     public void setInnerKdcImpl(InternalKdcServer innerKdcImpl) {
-        commonOptions.add(KdcServerOption.INNER_KDC_IMPL, innerKdcImpl);
+        startupOptions.add(KdcServerOption.INNER_KDC_IMPL, innerKdcImpl);
     }
 
     /**
      * Get KDC setting from startup options and configs.
-     * Note it must be called after init().
      * @return setting
      */
     public KdcSetting getSetting() {
-        if (innerKdc == null) {
-            throw new RuntimeException("Not init yet");
-        }
-        return innerKdc.getSetting();
+        return kdcSetting;
     }
 
     /**
@@ -154,15 +171,15 @@ public class KdcServer {
      * @return KdcConfig
      */
     public KdcConfig getKdcConfig() {
-        return getSetting().getKdcConfig();
+        return kdcConfig;
     }
 
     /**
      * Get backend config.
      * @return
      */
-    public Config getBackendConfig() {
-        return getSetting().getBackendConfig();
+    public BackendConfig getBackendConfig() {
+        return backendConfig;
     }
 
     /**
@@ -173,27 +190,25 @@ public class KdcServer {
         if (innerKdc == null) {
             throw new RuntimeException("Not init yet");
         }
-        return innerKdc.getIdentityService();
+        return innerKdc.getIdentityBackend();
     }
 
-    /**
-     * Init the KDC server.
-     */
     public void init() throws KrbException {
-        if (commonOptions.contains(KdcServerOption.INNER_KDC_IMPL)) {
-            innerKdc = (InternalKdcServer) commonOptions.getOptionValue(
+        if (startupOptions.contains(KdcServerOption.INNER_KDC_IMPL)) {
+            innerKdc = (InternalKdcServer) startupOptions.getOptionValue(
                     KdcServerOption.INNER_KDC_IMPL);
         } else {
-            innerKdc = new DefaultInternalKdcServerImpl();
+            innerKdc = new DefaultInternalKdcServerImpl(kdcSetting);
         }
-        innerKdc.init(commonOptions);
+
+        innerKdc.init();
     }
 
-    public void start() {
+    public void start() throws KrbException {
         innerKdc.start();
     }
 
-    public void stop() {
+    public void stop() throws KrbException {
         if (innerKdc != null) {
             innerKdc.stop();
         }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/30a8ef33/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServerOption.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServerOption.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServerOption.java
index a6bad7d..9d5243a 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServerOption.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServerOption.java
@@ -28,9 +28,6 @@ import org.apache.kerby.KOptionType;
 public enum KdcServerOption implements KOption {
     NONE("NONE"),
     INNER_KDC_IMPL("inner KDC impl", KOptionType.OBJ),
-    KDC_CONFIG("kdc config", KOptionType.OBJ),
-    BACKEND_CONFIG("backend config", KOptionType.OBJ),
-    CONF_DIR("conf dir", KOptionType.DIR),
     KDC_REALM("kdc realm", KOptionType.STR),
     KDC_HOST("kdc host", KOptionType.STR),
     ALLOW_TCP("allow tcp", KOptionType.BOOL),

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/30a8ef33/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcSetting.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcSetting.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcSetting.java
index 359fbab..16c21a8 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcSetting.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcSetting.java
@@ -20,10 +20,6 @@
 package org.apache.kerby.kerberos.kerb.server;
 
 import org.apache.kerby.KOptions;
-import org.apache.kerby.config.Conf;
-import org.apache.kerby.config.Config;
-
-import java.io.File;
 
 /**
  * KDC setting that combines startup options and kdc config.
@@ -31,15 +27,19 @@ import java.io.File;
 public class KdcSetting {
     private final KOptions startupOptions;
     private final KdcConfig kdcConfig;
-    private Conf backendConfig;
+    private final BackendConfig backendConfig;
 
     public KdcSetting(KOptions startupOptions,
-                      KdcConfig config, Conf backendConfig) {
+                      KdcConfig config, BackendConfig backendConfig) {
         this.startupOptions = startupOptions;
         this.kdcConfig = config;
         this.backendConfig = backendConfig;
     }
 
+    public KdcSetting(KdcConfig kdcConfig, BackendConfig backendConfig) {
+        this(new KOptions(), kdcConfig, backendConfig);
+    }
+
     /**
      * Get the KDC config.
      * @return
@@ -52,14 +52,10 @@ public class KdcSetting {
      * Get the backend config.
      * @return
      */
-    public Config getBackendConfig() {
+    public BackendConfig getBackendConfig() {
         return backendConfig;
     }
 
-    public File getConfDir() {
-        return  startupOptions.getDirOption(KdcServerOption.CONF_DIR);
-    }
-
     public String getKdcHost() {
         String kdcHost = startupOptions.getStringOption(
                 KdcServerOption.KDC_HOST);

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/30a8ef33/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcUtil.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcUtil.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcUtil.java
new file mode 100644
index 0000000..491505a
--- /dev/null
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcUtil.java
@@ -0,0 +1,80 @@
+package org.apache.kerby.kerberos.kerb.server;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
+import org.apache.kerby.kerberos.kerb.identity.backend.MemoryIdentityBackend;
+
+import java.io.File;
+import java.io.IOException;
+
+/**
+ * KDC side utilities.
+ */
+public final class KdcUtil {
+
+    private KdcUtil() {}
+
+    public static KdcConfig getKdcConfig(File confDir) throws KrbException {
+        File kdcConfFile = new File(confDir, "kdc.conf");
+        if (kdcConfFile.exists()) {
+            KdcConfig kdcConfig = new KdcConfig();
+            try {
+                kdcConfig.addIniConfig(kdcConfFile);
+            } catch (IOException e) {
+                throw new KrbException("Can not load the kdc configuration file "
+                        + kdcConfFile.getAbsolutePath());
+            }
+            return kdcConfig;
+        }
+
+        return null;
+    }
+
+    public static BackendConfig getBackendConfig(File confDir) throws KrbException {
+        File backendConfigFile = new File(confDir, "backend.conf");
+        if (backendConfigFile.exists()) {
+            BackendConfig backendConfig = new BackendConfig();
+            try {
+                backendConfig.addIniConfig(backendConfigFile);
+            } catch (IOException e) {
+                throw new KrbException("Can not load the backend configuration file "
+                        + backendConfigFile.getAbsolutePath());
+            }
+            return backendConfig;
+        }
+
+        return null;
+    }
+
+    /**
+     * Init the identity backend from backend configuration.
+     */
+    public static IdentityBackend getBackend(
+            BackendConfig backendConfig) throws KrbException {
+        String backendClassName = backendConfig.getString(
+                KdcConfigKey.KDC_IDENTITY_BACKEND);
+        if (backendClassName == null) {
+            backendClassName = MemoryIdentityBackend.class.getCanonicalName();
+        }
+
+        Class<?> backendClass;
+        try {
+            backendClass = Class.forName(backendClassName);
+        } catch (ClassNotFoundException e) {
+            throw new KrbException("Failed to load backend class: "
+                    + backendClassName);
+        }
+
+        IdentityBackend backend;
+        try {
+            backend = (IdentityBackend) backendClass.newInstance();
+        } catch (InstantiationException | IllegalAccessException e) {
+            throw new KrbException("Failed to create backend: "
+                    + backendClassName);
+        }
+
+        backend.setConfig(backendConfig);
+        backend.initialize();
+        return backend;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/30a8ef33/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/AbstractInternalKdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/AbstractInternalKdcServer.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/AbstractInternalKdcServer.java
index 242b3c6..48d8cfc 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/AbstractInternalKdcServer.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/AbstractInternalKdcServer.java
@@ -19,27 +19,29 @@
  */
 package org.apache.kerby.kerberos.kerb.server.impl;
 
-import org.apache.kerby.KOptions;
-import org.apache.kerby.config.Conf;
 import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.identity.IdentityService;
 import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
-import org.apache.kerby.kerberos.kerb.identity.backend.MemoryIdentityBackend;
-import org.apache.kerby.kerberos.kerb.server.*;
-
-import java.io.File;
-import java.io.IOException;
+import org.apache.kerby.kerberos.kerb.server.BackendConfig;
+import org.apache.kerby.kerberos.kerb.server.KdcConfig;
+import org.apache.kerby.kerberos.kerb.server.KdcSetting;
+import org.apache.kerby.kerberos.kerb.server.KdcUtil;
 
 /**
  * Abstract KDC server implementation.
  */
 public class AbstractInternalKdcServer implements InternalKdcServer {
     private boolean started;
-    private KdcConfig kdcConfig;
-    private Conf backendConfig;
-    private KdcSetting kdcSetting;
+    private final KdcConfig kdcConfig;
+    private final BackendConfig backendConfig;
+    private final KdcSetting kdcSetting;
     private IdentityBackend backend;
 
+    public AbstractInternalKdcServer(KdcSetting kdcSetting) {
+        this.kdcSetting = kdcSetting;
+        this.kdcConfig = kdcSetting.getKdcConfig();
+        this.backendConfig = kdcSetting.getBackendConfig();
+    }
+
     @Override
     public KdcSetting getSetting() {
         return kdcSetting;
@@ -58,88 +60,16 @@ public class AbstractInternalKdcServer implements InternalKdcServer {
     }
 
     @Override
-    public void init(KOptions startupOptions) throws KrbException {
-        try {
-            initConfig(startupOptions);
-        } catch (IOException e) {
-            throw new KrbException("Failed to load configurations", e);
-        }
-
-        kdcSetting = new KdcSetting(startupOptions,
-                kdcConfig, backendConfig);
-
-        initBackend();
-    }
-
-    /**
-     * Prepare kdc and backend config, loading kdc.conf and backend.conf.
-     * It can be override to add more configuration resources.
-     */
-    private void initConfig(KOptions startupOptions) throws IOException {
-        if (startupOptions.contains(KdcServerOption.KDC_CONFIG)) {
-            kdcConfig = (KdcConfig) startupOptions.getOptionValue(
-                    KdcServerOption.KDC_CONFIG);
-        } else {
-            kdcConfig = new KdcConfig();
-            File confDir = startupOptions.getDirOption(KdcServerOption.CONF_DIR);
-            if (confDir != null && confDir.exists()) {
-                File kdcConfFile = new File(confDir, "kdc.conf");
-                if (kdcConfFile.exists()) {
-                    kdcConfig.addIniConfig(kdcConfFile);
-                }
-            }
-        }
-
-        if (startupOptions.contains(KdcServerOption.BACKEND_CONFIG)) {
-            backendConfig = (BackendConfig) startupOptions.getOptionValue(
-                    KdcServerOption.BACKEND_CONFIG);
-        } else {
-            backendConfig = new BackendConfig();
-            File confDir = startupOptions.getDirOption(KdcServerOption.CONF_DIR);
-            if (confDir != null && confDir.exists()) {
-                File backendConfFile = new File(confDir, "backend.conf");
-                if (backendConfFile.exists()) {
-                    backendConfig.addIniConfig(backendConfFile);
-                }
-            }
-        }
-    }
-
-    private void initBackend() throws KrbException {
-        String backendClassName = backendConfig.getString(
-                KdcConfigKey.KDC_IDENTITY_BACKEND);
-        if (backendClassName == null) {
-            backendClassName = MemoryIdentityBackend.class.getCanonicalName();
-        }
-
-        Class<?> backendClass;
-        try {
-            backendClass = Class.forName(backendClassName);
-        } catch (ClassNotFoundException e) {
-            throw new KrbException("Failed to load backend class: "
-                    + backendClassName);
-        }
-
-        try {
-            backend = (IdentityBackend) backendClass.newInstance();
-        } catch (InstantiationException e) {
-            throw new KrbException("Failed to create backend: "
-                    + backendClassName);
-        } catch (IllegalAccessException e) {
-            throw new KrbException("Failed to create backend: "
-                    + backendClassName);
-        }
-
-        backend.setConfig(backendConfig);
-        backend.initialize();
+    public void init() throws KrbException {
+        backend = KdcUtil.getBackend(backendConfig);
     }
 
     @Override
-    public void start() {
+    public void start() throws KrbException {
         try {
             doStart();
         } catch (Exception e) {
-            throw new RuntimeException("Failed to start " + getServiceName(), e);
+            throw new KrbException("Failed to start " + getServiceName(), e);
         }
 
         started = true;
@@ -150,7 +80,7 @@ public class AbstractInternalKdcServer implements InternalKdcServer {
     }
 
     @Override
-    public IdentityService getIdentityService() {
+    public IdentityBackend getIdentityBackend() {
         return backend;
     }
 
@@ -158,11 +88,11 @@ public class AbstractInternalKdcServer implements InternalKdcServer {
         backend.start();
     }
 
-    public void stop() {
+    public void stop() throws KrbException {
         try {
             doStop();
         } catch (Exception e) {
-            throw new RuntimeException("Failed to stop " + getServiceName());
+            throw new KrbException("Failed to stop " + getServiceName());
         }
 
         started = false;

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/30a8ef33/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/DefaultInternalKdcServerImpl.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/DefaultInternalKdcServerImpl.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/DefaultInternalKdcServerImpl.java
index 5197c71..2e55e83 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/DefaultInternalKdcServerImpl.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/DefaultInternalKdcServerImpl.java
@@ -20,6 +20,7 @@
 package org.apache.kerby.kerberos.kerb.server.impl;
 
 import org.apache.kerby.kerberos.kerb.server.KdcContext;
+import org.apache.kerby.kerberos.kerb.server.KdcSetting;
 import org.apache.kerby.kerberos.kerb.server.preauth.PreauthHandler;
 import org.apache.kerby.kerberos.kerb.transport.KdcNetwork;
 import org.apache.kerby.kerberos.kerb.transport.KrbTransport;
@@ -36,6 +37,10 @@ public class DefaultInternalKdcServerImpl extends AbstractInternalKdcServer {
     private KdcContext kdcContext;
     private KdcNetwork network;
 
+    public DefaultInternalKdcServerImpl(KdcSetting kdcSetting) {
+        super(kdcSetting);
+    }
+
     @Override
     protected void doStart() throws Exception {
         super.doStart();

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/30a8ef33/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/InternalKdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/InternalKdcServer.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/InternalKdcServer.java
new file mode 100644
index 0000000..7d2f022
--- /dev/null
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/InternalKdcServer.java
@@ -0,0 +1,57 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *
+ */
+package org.apache.kerby.kerberos.kerb.server.impl;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
+import org.apache.kerby.kerberos.kerb.server.KdcSetting;
+
+/**
+ * An internal KDC server interface.
+ */
+public interface InternalKdcServer {
+
+    /**
+     * Initialize.
+     */
+    void init() throws KrbException;
+
+    /**
+     * Start the KDC server.
+     */
+    void start() throws KrbException;
+
+    /**
+     * Stop the KDC server.
+     */
+    void stop() throws KrbException;
+
+    /**
+     * Get KDC setting.
+     * @return setting
+     */
+    KdcSetting getSetting();
+
+    /**
+     * Get identity backend.
+     * @return IdentityBackend
+     */
+    IdentityBackend getIdentityBackend();
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/30a8ef33/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
index 3509897..8b26082 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
@@ -19,7 +19,10 @@
  */
 package org.apache.kerby.kerberos.kerb.server.request;
 
-import org.apache.kerby.kerberos.kerb.*;
+import org.apache.kerby.kerberos.kerb.KrbCodec;
+import org.apache.kerby.kerberos.kerb.KrbConstant;
+import org.apache.kerby.kerberos.kerb.KrbErrorCode;
+import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
 import org.apache.kerby.kerberos.kerb.common.KrbUtil;
 import org.apache.kerby.kerberos.kerb.crypto.CheckSumHandler;

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/30a8ef33/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java b/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
index bd9beeb..18ba81b 100644
--- a/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
+++ b/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
@@ -21,7 +21,6 @@ package org.apache.kerby.kerberos.kerb.server;
 
 import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.admin.Kadmin;
-import org.apache.kerby.kerberos.kerb.common.KrbUtil;
 import org.apache.kerby.util.NetworkUtil;
 
 import java.io.File;
@@ -35,7 +34,9 @@ public class SimpleKdcServer extends KdcServer {
     /**
      * Prepare KDC configuration.
      */
-    protected void prepareKdcConfig() {
+    public SimpleKdcServer() {
+        super();
+
         KdcConfig kdcConfig = getKdcConfig();
         kdcConfig.setString(KdcConfigKey.KDC_HOST, "localhost");
         kdcConfig.setInt(KdcConfigKey.KDC_PORT, NetworkUtil.getServerPort());
@@ -45,8 +46,10 @@ public class SimpleKdcServer extends KdcServer {
     @Override
     public void init() throws KrbException {
         super.init();
-        prepareKdcConfig();
-        kadmin = new Kadmin(getIdentityService(), getKdcConfig(), getBackendConfig());
+
+        kadmin = new Kadmin(getSetting(), getIdentityService());
+
+        kadmin.createBuiltinPrincipals();
     }
 
     /**
@@ -57,18 +60,6 @@ public class SimpleKdcServer extends KdcServer {
         return kadmin;
     }
 
-    private String getTgsPrincipal() {
-        return KrbUtil.makeTgsPrincipal(getKdcRealm()).getName();
-    }
-
-    public void createTgsPrincipal() throws KrbException {
-        createPrincipal(getTgsPrincipal());
-    }
-
-    public void deleteTgsPrincipal() throws KrbException {
-        deletePrincipal(getTgsPrincipal());
-    }
-
     public String getKdcRealm() {
         return getSetting().getKdcRealm();
     }


Mime
View raw message