directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dran...@apache.org
Subject [1/2] directory-kerby git commit: Introduced SimpleKdcServer based on Yaning's work; Refactored KdcServer & Kadmin related codes; Fixed some issues by the way
Date Wed, 24 Jun 2015 03:25:44 GMT
Repository: directory-kerby
Updated Branches:
  refs/heads/master 6f15357c3 -> 4832ef6c9


Introduced SimpleKdcServer based on Yaning's work; Refactored KdcServer & Kadmin related codes; Fixed some issues by the way


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/9425e8a4
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/9425e8a4
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/9425e8a4

Branch: refs/heads/master
Commit: 9425e8a4b902ddd2cd2b861e57d322d672f85306
Parents: badf6fa
Author: Drankye <drankye@gmail.com>
Authored: Wed Jun 24 11:24:37 2015 +0800
Committer: Drankye <drankye@gmail.com>
Committed: Wed Jun 24 11:24:37 2015 +0800

----------------------------------------------------------------------
 .../kerby/kerberos/kdc/GssInteropTestBase.java  |   3 +-
 .../org/apache/kerby/kerberos/kdc/KdcTest.java  |   3 +-
 .../apache/kerby/kerberos/kdc/KerbyKdcTest.java |   5 +-
 .../kerberos/kdc/WithTokenKdcTestBase.java      |   5 +-
 .../kerby/kerberos/kdc/KerbyKdcServer.java      |   4 +-
 .../kerby/kerberos/kerb/admin/Kadmin.java       | 123 ++++++++++++++++---
 .../kerby/kerberos/kerb/admin/KadminUtil.java   | 123 +++++++------------
 .../kerby/kerberos/kerb/KrbErrorException.java  |   6 +-
 .../kerby/kerberos/kerb/KrbException.java       |  10 +-
 .../kerby/kerberos/kerb/spec/base/KrbError.java |  26 ++--
 kerby-kerb/kerb-kdc-test/pom.xml                |   7 +-
 .../kerby/kerberos/kerb/server/KdcTestBase.java |   5 +-
 .../kerberos/kerb/server/TestKdcServer.java     | 107 +---------------
 .../kerberos/kerb/server/GSSInteropTest.java    |   3 +-
 .../kerberos/kerb/server/KdcSettingTest.java    |   3 +-
 .../kerby/kerberos/kerb/server/KdcTest.java     |   3 +-
 .../kerb/server/MultiRequestsKdcTest.java       |   3 +-
 .../kerberos/kerb/server/InternalKdcServer.java |   3 +-
 .../kerby/kerberos/kerb/server/KdcHandler.java  |  81 ++++++------
 .../kerb/server/KdcRecoverableException.java    |  33 +++++
 .../kerby/kerberos/kerb/server/KdcServer.java   |  20 ++-
 .../kerby/kerberos/kerb/server/KdcSetting.java  |  15 ++-
 .../server/impl/AbstractInternalKdcServer.java  |  20 +--
 .../kerb/server/impl/DefaultKdcHandler.java     |   3 +-
 .../server/preauth/AbstractPreauthPlugin.java   |   2 +-
 .../kerb/server/preauth/KdcPreauth.java         |   2 +-
 .../kerb/server/preauth/PreauthHandle.java      |   2 +-
 .../server/preauth/builtin/EncTsPreauth.java    |   4 +-
 .../kerb/server/preauth/builtin/TgtPreauth.java |   2 +-
 .../server/preauth/pkinit/PkinitPreauth.java    |   2 +-
 .../kerb/server/preauth/token/TokenPreauth.java |   7 +-
 .../kerberos/kerb/server/request/AsRequest.java |  22 ++--
 .../kerb/server/request/KdcRequest.java         |  21 +---
 .../kerb/server/request/TgsRequest.java         |  17 +--
 kerby-kerb/kerb-simplekdc/pom.xml               |  56 +++++++++
 .../kerberos/kerb/server/SimpleKdcServer.java   | 113 +++++++++++++++++
 kerby-kerb/pom.xml                              |   1 +
 .../kerby/kerberos/tool/kadmin/KadminTool.java  |   2 +-
 38 files changed, 516 insertions(+), 351 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9425e8a4/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssInteropTestBase.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssInteropTestBase.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssInteropTestBase.java
index a5f96a5..20758ce 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssInteropTestBase.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssInteropTestBase.java
@@ -32,6 +32,7 @@ import javax.security.auth.callback.UnsupportedCallbackException;
 import javax.security.auth.kerberos.KerberosTicket;
 import javax.security.auth.login.LoginContext;
 
+import org.apache.kerby.kerberos.kerb.KrbException;
 import org.ietf.jgss.GSSContext;
 import org.ietf.jgss.GSSCredential;
 import org.ietf.jgss.GSSException;
@@ -70,7 +71,7 @@ public abstract class GssInteropTestBase extends KdcTest {
     }
     
     @Override
-    protected void createPrincipals() {
+    protected void createPrincipals() throws KrbException {
         kdcServer.createTgsPrincipal();
         kdcServer.createPrincipal(serverPrincipal, TEST_PASSWORD);
         kdcServer.createPrincipal(clientPrincipal, TEST_PASSWORD);

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9425e8a4/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/KdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/KdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/KdcTest.java
index 98f2dd1..28b63c1 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/KdcTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/KdcTest.java
@@ -19,6 +19,7 @@
  */
 package org.apache.kerby.kerberos.kdc;
 
+import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.server.KdcTestBase;
 import org.apache.kerby.kerberos.kerb.spec.ticket.ServiceTicket;
 import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
@@ -33,7 +34,7 @@ public abstract class KdcTest extends KdcTestBase {
     private String serverPrincipal;
 
     @Override
-    protected void createPrincipals() {
+    protected void createPrincipals() throws KrbException {
         super.createPrincipals();
         clientPrincipal = getClientPrincipal();
         kdcServer.createPrincipal(clientPrincipal, TEST_PASSWORD);

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9425e8a4/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/KerbyKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/KerbyKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/KerbyKdcTest.java
index 5b1aa35..54b3ef2 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/KerbyKdcTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/KerbyKdcTest.java
@@ -20,6 +20,7 @@
 package org.apache.kerby.kerberos.kdc;
 
 import org.apache.kerby.kerberos.kdc.impl.NettyKdcServerImpl;
+import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.server.KdcTestBase;
 import org.apache.kerby.kerberos.kerb.spec.ticket.ServiceTicket;
 import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
@@ -40,7 +41,7 @@ public abstract class KerbyKdcTest extends KdcTestBase {
     }
 
     @Override
-    protected void createPrincipals() {
+    protected void createPrincipals() throws KrbException {
         super.createPrincipals();
         clientPrincipal = getClientPrincipal();
         kdcServer.createPrincipal(clientPrincipal, TEST_PASSWORD);
@@ -73,7 +74,7 @@ public abstract class KerbyKdcTest extends KdcTestBase {
     }
 
     @Override
-    protected void deletePrincipals() {
+    protected void deletePrincipals() throws KrbException {
         super.deletePrincipals();
         kdcServer.deletePrincipal(clientPrincipal);
     }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9425e8a4/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
index 0b6bf1a..1e44895 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
@@ -19,6 +19,7 @@
  */
 package org.apache.kerby.kerberos.kdc;
 
+import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.KrbRuntime;
 import org.apache.kerby.kerberos.kerb.ccache.Credential;
 import org.apache.kerby.kerberos.kerb.ccache.CredentialCache;
@@ -59,13 +60,13 @@ public class WithTokenKdcTestBase extends KdcTestBase {
     }
 
     @Override
-    protected void createPrincipals() {
+    protected void createPrincipals() throws KrbException {
         super.createPrincipals();
         kdcServer.createPrincipal(getClientPrincipal(), TEST_PASSWORD);
     }
 
     @Override
-    protected void deletePrincipals() {
+    protected void deletePrincipals() throws KrbException {
         super.deletePrincipals();
         kdcServer.deletePrincipal(getClientPrincipal());
     }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9425e8a4/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java
index 8ece746..9c098da 100644
--- a/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java
+++ b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java
@@ -40,7 +40,7 @@ public class KerbyKdcServer extends KdcServer {
     private static KerbyKdcServer server;
 
     @Override
-    public void init() {
+    public void init() throws KrbException {
         innerKdc = new NettyKdcServerImpl();
         innerKdc.init(commonOptions);
     }
@@ -90,7 +90,7 @@ public class KerbyKdcServer extends KdcServer {
             KerbyKdcServer.class.getSimpleName() +
             " -start conf-dir working-dir|-start|-stop";
 
-    public static void main(String[] args) {
+    public static void main(String[] args) throws KrbException {
         if (args.length == 0) {
             System.err.println(USAGE);
             return;

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9425e8a4/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
index bc9ab5a..a2a167c 100644
--- a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
@@ -20,16 +20,19 @@
 package org.apache.kerby.kerberos.kerb.admin;
 
 import org.apache.kerby.KOptions;
+import org.apache.kerby.config.Conf;
 import org.apache.kerby.config.Config;
 import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
+import org.apache.kerby.kerberos.kerb.identity.IdentityService;
 import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
-import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
+import org.apache.kerby.kerberos.kerb.keytab.Keytab;
 import org.apache.kerby.kerberos.kerb.server.KdcConfig;
 import org.apache.kerby.kerberos.kerb.spec.base.EncryptionKey;
 import org.apache.kerby.kerberos.kerb.spec.base.PrincipalName;
 
 import java.io.File;
+import java.io.IOException;
 import java.util.List;
 
 /**
@@ -39,16 +42,45 @@ public class Kadmin {
 
     private KdcConfig kdcConfig;
     private Config backendConfig;
-    private IdentityBackend backend;
+    private IdentityService backend;
 
-    protected Kadmin(KdcConfig kdcConfig, Config backendConfig) {
+    public Kadmin(IdentityService backend, KdcConfig kdcConfig,
+                  Config backendConfig) throws KrbException {
+        this.backend = backend;
+        this.kdcConfig = kdcConfig;
+        this.backendConfig = backendConfig;
+    }
+
+    public Kadmin(KdcConfig kdcConfig, Config backendConfig) throws KrbException {
         this.kdcConfig = kdcConfig;
         this.backendConfig = backendConfig;
         this.backend = KadminUtil.getBackend(backendConfig);
     }
 
-    public static Kadmin getInstance(File confDir) throws KrbException {
-        return KadminUtil.createKadmin(confDir);
+    public Kadmin(File confDir) throws KrbException {
+        File kdcConfFile = new File(confDir, "kdc.conf");
+        kdcConfig = new KdcConfig();
+        if (kdcConfFile.exists()) {
+            try {
+                kdcConfig.addIniConfig(kdcConfFile);
+            } catch (IOException e) {
+                throw new KrbException("Can not load the kdc configuration file "
+                        + kdcConfFile.getAbsolutePath());
+            }
+        }
+
+        File backendConfigFile = new File(confDir, "backend.conf");
+        Conf backendConfig = new Conf();
+        if (backendConfigFile.exists()) {
+            try {
+                backendConfig.addIniConfig(backendConfigFile);
+            } catch (IOException e) {
+                throw new KrbException("Can not load the backend configuration file "
+                        + backendConfigFile.getAbsolutePath());
+            }
+        }
+
+        backend = KadminUtil.getBackend(backendConfig);
     }
 
     public KdcConfig getKdcConfig() {
@@ -63,21 +95,34 @@ public class Kadmin {
      * Get identity backend.
      * @return IdentityBackend
      */
-    public IdentityBackend getIdentityBackend() {
+    public IdentityService getIdentityBackend() {
         return backend;
     }
 
+    public void addPrincipal(String principal) throws KrbException {
+        principal = fixPrincipal(principal);
+        addPrincipal(principal, new KOptions());
+    }
+
     public void addPrincipal(String principal, KOptions kOptions)
         throws KrbException {
+        principal = fixPrincipal(principal);
         KrbIdentity identity = KadminUtil.createIdentity(principal, kOptions);
         List<EncryptionKey> keys = EncryptionUtil.generateKeys(
-            kdcConfig.getEncryptionTypes());
+                kdcConfig.getEncryptionTypes());
         identity.addKeys(keys);
         backend.addIdentity(identity);
     }
 
+    public void addPrincipal(String principal, String password)
+            throws KrbException {
+        principal = fixPrincipal(principal);
+        addPrincipal(principal, password, new KOptions());
+    }
+
     public void addPrincipal(String principal, String password, KOptions kOptions)
         throws KrbException {
+        principal = fixPrincipal(principal);
         KrbIdentity identity = KadminUtil.createIdentity(principal, kOptions);
         List<EncryptionKey> keys = EncryptionUtil.generateKeys(principal, password,
             kdcConfig.getEncryptionTypes());
@@ -85,41 +130,71 @@ public class Kadmin {
         backend.addIdentity(identity);
     }
 
-    public void exportKeytab(File keytabFile, String principalName)
+    /**
+     * Export all the keys of the specified principal into the specified keytab
+     * file.
+     * @param keytabFile
+     * @param principal
+     * @throws KrbException
+     */
+    public void exportKeytab(File keytabFile, String principal)
         throws KrbException {
-
+        principal = fixPrincipal(principal);
         //Get Identity
-        KrbIdentity identity = backend.getIdentity(principalName);
+        KrbIdentity identity = backend.getIdentity(principal);
         if (identity == null) {
             throw new KrbException("Can not find the identity for pincipal " +
-                    principalName);
+                    principal);
         }
 
         KadminUtil.exportKeytab(keytabFile, identity);
     }
 
-    public void removeKeytabEntriesOf(File keytabFile, String principalName)
+    /**
+     * Export all identity keys to the specified keytab file.
+     * @param keytabFile
+     * @throws KrbException
+     */
+    public void exportKeytab(File keytabFile) throws KrbException {
+        Keytab keytab = KadminUtil.createOrLoadKeytab(keytabFile);
+
+        List<String> principals = backend.getIdentities();
+        for (String principal : principals) {
+            KrbIdentity identity = backend.getIdentity(principal);
+            if (identity != null) {
+                KadminUtil.exportToKeytab(keytab, identity);
+            }
+        }
+
+        KadminUtil.storeKeytab(keytab, keytabFile);
+    }
+
+    public void removeKeytabEntriesOf(File keytabFile, String principal)
         throws KrbException {
-        KadminUtil.removeKeytabEntriesOf(keytabFile, principalName);
+        principal = fixPrincipal(principal);
+        KadminUtil.removeKeytabEntriesOf(keytabFile, principal);
     }
 
-    public void removeKeytabEntriesOf(File keytabFile,
-                                      String principalName, int kvno)
+    public void removeKeytabEntriesOf(File keytabFile, String principal, int kvno)
         throws KrbException {
-        KadminUtil.removeKeytabEntriesOf(keytabFile, principalName, kvno);
+        principal = fixPrincipal(principal);
+        KadminUtil.removeKeytabEntriesOf(keytabFile, principal, kvno);
     }
 
-    public void removeOldKeytabEntriesOf(File keytabFile, String principalName)
+    public void removeOldKeytabEntriesOf(File keytabFile, String principal)
         throws KrbException {
-        KadminUtil.removeOldKeytabEntriesOf(keytabFile, principalName);
+        principal = fixPrincipal(principal);
+        KadminUtil.removeOldKeytabEntriesOf(keytabFile, principal);
     }
 
     public void deletePrincipal(String principal) throws KrbException {
+        principal = fixPrincipal(principal);
         backend.deleteIdentity(principal);
     }
 
     public void modifyPrincipal(String principal, KOptions kOptions)
         throws KrbException {
+        principal = fixPrincipal(principal);
         KrbIdentity identity = backend.getIdentity(principal);
         if (identity == null) {
             throw new KrbException("Principal \"" +
@@ -131,7 +206,8 @@ public class Kadmin {
 
     public void renamePrincipal(String oldPrincipalName, String newPrincipalName)
         throws KrbException {
-
+        oldPrincipalName = fixPrincipal(oldPrincipalName);
+        newPrincipalName = fixPrincipal(newPrincipalName);
         KrbIdentity oldIdentity = backend.getIdentity(newPrincipalName);
         if(oldIdentity != null) {
             throw new KrbException("Principal \"" +
@@ -161,6 +237,7 @@ public class Kadmin {
 
     public void updatePassword(String principal, String password)
         throws KrbException {
+        principal = fixPrincipal(principal);
         KrbIdentity identity = backend.getIdentity(principal);
         if (identity == null) {
             throw new KrbException("Principal " + principal +
@@ -174,6 +251,7 @@ public class Kadmin {
     }
 
     public void updateKeys(String principal) throws KrbException {
+        principal = fixPrincipal(principal);
         KrbIdentity identity = backend.getIdentity(principal);
         if (identity == null) {
             throw new KrbException("Principal " + principal +
@@ -184,4 +262,11 @@ public class Kadmin {
         identity.addKeys(keys);
         backend.updateIdentity(identity);
     }
+
+    private String fixPrincipal(String principal) {
+        if (! principal.contains("@")) {
+            principal += "@" + getKdcConfig().getKdcRealm();
+        }
+        return principal;
+    }
 }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9425e8a4/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/KadminUtil.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/KadminUtil.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/KadminUtil.java
index e54d0fa..a6bbe77 100644
--- a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/KadminUtil.java
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/KadminUtil.java
@@ -20,14 +20,13 @@
 package org.apache.kerby.kerberos.kerb.admin;
 
 import org.apache.kerby.KOptions;
-import org.apache.kerby.config.Conf;
 import org.apache.kerby.config.Config;
 import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
 import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
+import org.apache.kerby.kerberos.kerb.identity.backend.MemoryIdentityBackend;
 import org.apache.kerby.kerberos.kerb.keytab.Keytab;
 import org.apache.kerby.kerberos.kerb.keytab.KeytabEntry;
-import org.apache.kerby.kerberos.kerb.server.KdcConfig;
 import org.apache.kerby.kerberos.kerb.server.KdcConfigKey;
 import org.apache.kerby.kerberos.kerb.spec.KerberosTime;
 import org.apache.kerby.kerberos.kerb.spec.base.EncryptionKey;
@@ -46,50 +45,21 @@ public final class KadminUtil {
 
     private KadminUtil() { }
 
-    static Kadmin createKadmin(File confDir) throws KrbException {
-        KdcConfig kdcConfig;
-        Conf backendConfig;
-
-        File kdcConfFile = new File(confDir, "kdc.conf");
-        kdcConfig = new KdcConfig();
-        if (kdcConfFile.exists()) {
-            try {
-                kdcConfig.addIniConfig(kdcConfFile);
-            } catch (IOException e) {
-                throw new KrbException("Can not load the kdc configuration file "
-                    + kdcConfFile.getAbsolutePath());
-            }
-        }
-
-        File backendConfigFile = new File(confDir, "backend.conf");
-        backendConfig = new Conf();
-        if (backendConfigFile.exists()) {
-            try {
-                backendConfig.addIniConfig(backendConfigFile);
-            } catch (IOException e) {
-                throw new KrbException("Can not load the backend configuration file "
-                    + backendConfigFile.getAbsolutePath());
-            }
-        }
-
-        return new Kadmin(kdcConfig, backendConfig);
-    }
-
     /**
      * Init the identity backend from backend configuration.
      */
-    static IdentityBackend getBackend(Config backendConfig) {
+    static IdentityBackend getBackend(Config backendConfig) throws KrbException {
         String backendClassName = backendConfig.getString(
             KdcConfigKey.KDC_IDENTITY_BACKEND);
         if (backendClassName == null) {
-            throw new RuntimeException("Can not find the IdentityBackend class");
+            backendClassName = MemoryIdentityBackend.class.getCanonicalName();
         }
 
         Class<?> backendClass;
         try {
             backendClass = Class.forName(backendClassName);
         } catch (ClassNotFoundException e) {
-            throw new RuntimeException("Failed to load backend class: "
+            throw new KrbException("Failed to load backend class: "
                     + backendClassName);
         }
 
@@ -97,7 +67,7 @@ public final class KadminUtil {
         try {
             backend = (IdentityBackend) backendClass.newInstance();
         } catch (InstantiationException | IllegalAccessException e) {
-            throw new RuntimeException("Failed to create backend: "
+            throw new KrbException("Failed to create backend: "
                     + backendClassName);
         }
 
@@ -106,24 +76,51 @@ public final class KadminUtil {
         return backend;
     }
 
+
     static void exportKeytab(File keytabFile, KrbIdentity identity)
-        throws KrbException {
+            throws KrbException {
+
+        Keytab keytab = createOrLoadKeytab(keytabFile);
+
+        exportToKeytab(keytab, identity);
+
+        storeKeytab(keytab, keytabFile);
+    }
+
+    static Keytab loadKeytab(File keytabFile) throws KrbException {
+        Keytab keytab;
+        try {
+            keytab = Keytab.loadKeytab(keytabFile);
+        } catch (IOException e) {
+            throw new KrbException("Failed to load keytab", e);
+        }
+
+        return keytab;
+    }
+
+    static Keytab createOrLoadKeytab(File keytabFile) throws KrbException {
 
         Keytab keytab;
         try {
             if (!keytabFile.exists()) {
                 if (!keytabFile.createNewFile()) {
                     throw new KrbException("Failed to create keytab file "
-                        + keytabFile.getAbsolutePath());
+                            + keytabFile.getAbsolutePath());
                 }
                 keytab = new Keytab();
             } else {
                 keytab = Keytab.loadKeytab(keytabFile);
             }
         } catch (IOException e) {
-            throw new KrbException("Failed to load keytab", e);
+            throw new KrbException("Failed to load or create keytab", e);
         }
 
+        return keytab;
+    }
+
+    static void exportToKeytab(Keytab keytab, KrbIdentity identity)
+        throws KrbException {
+
         //Add principal to keytab.
         PrincipalName principal = identity.getPrincipal();
         KerberosTime timestamp = new KerberosTime();
@@ -132,63 +129,40 @@ public final class KadminUtil {
             int keyVersion = ekey.getKvno();
             keytab.addEntry(new KeytabEntry(principal, timestamp, keyVersion, ekey));
         }
+    }
 
-        //Store the keytab
+    static void storeKeytab(Keytab keytab, File keytabFile) throws KrbException {
         try {
             keytab.store(keytabFile);
         } catch (IOException e) {
-            throw new KrbException("Fail to store the keytab!", e);
+            throw new KrbException("Failed to store keytab", e);
         }
     }
 
     static void removeKeytabEntriesOf(File keytabFile,
                                              String principalName) throws KrbException {
-        Keytab keytab;
-        try {
-            keytab = Keytab.loadKeytab(keytabFile);
-        } catch (IOException e) {
-            throw new KrbException("Failed to load keytab", e);
-        }
+        Keytab keytab = loadKeytab(keytabFile);
 
         keytab.removeKeytabEntries(new PrincipalName(principalName));
 
-        //Store the keytab
-        try {
-            keytab.store(keytabFile);
-        } catch (IOException e) {
-            throw new KrbException("Failed to store keytab", e);
-        }
+        storeKeytab(keytab, keytabFile);
     }
 
     static void removeKeytabEntriesOf(File keytabFile,
                                       String principalName, int kvno) throws KrbException {
-        Keytab keytab;
-        try {
-            keytab = Keytab.loadKeytab(keytabFile);
-        } catch (IOException e) {
-            throw new KrbException("Failed to load keytab", e);
-        }
+        Keytab keytab = loadKeytab(keytabFile);
 
         keytab.removeKeytabEntries(new PrincipalName(principalName), kvno);
 
-        //Store the keytab
-        try {
-            keytab.store(keytabFile);
-        } catch (IOException e) {
-            throw new KrbException("Failed to store keytab", e);
-        }
+        storeKeytab(keytab, keytabFile);
     }
 
     static void removeOldKeytabEntriesOf(File keytabFile,
                                                 String principalName) throws KrbException {
-        Keytab keytab;
-        try {
-            keytab = Keytab.loadKeytab(keytabFile);
-        } catch (IOException e) {
-            throw new KrbException("Failed to load keytab", e);
-        }
+        Keytab keytab = loadKeytab(keytabFile);
 
-        List<KeytabEntry> entries = keytab.getKeytabEntries(new PrincipalName(principalName));
+        List<KeytabEntry> entries = keytab.getKeytabEntries(
+                new PrincipalName(principalName));
 
         int maxKvno = 0;
         for (KeytabEntry entry : entries) {
@@ -203,12 +177,7 @@ public final class KadminUtil {
             }
         }
 
-        //Store the keytab
-        try {
-            keytab.store(keytabFile);
-        } catch (IOException e) {
-            throw new KrbException("Failed to store keytab", e);
-        }
+        storeKeytab(keytab, keytabFile);
     }
 
     static KrbIdentity createIdentity(String principal, KOptions kOptions)

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9425e8a4/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbErrorException.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbErrorException.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbErrorException.java
index 07b7c6d..43eb887 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbErrorException.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbErrorException.java
@@ -22,14 +22,10 @@ package org.apache.kerby.kerberos.kerb;
 import org.apache.kerby.kerberos.kerb.spec.base.KrbError;
 
 public class KrbErrorException extends KrbException {
-    /**
-     * 
-     */
-    private static final long serialVersionUID = -5541320518061583932L;
     private KrbError krbError;
 
     public KrbErrorException(KrbError krbError) {
-        super(krbError.getErrorCode(), krbError.getErrorCode().getMessage());
+        super(krbError.getErrorCode().getMessage());
         this.krbError = krbError;
     }
 

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9425e8a4/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbException.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbException.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbException.java
index 979f8a7..ef61e61 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbException.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbException.java
@@ -20,8 +20,7 @@
 package org.apache.kerby.kerberos.kerb;
 
 public class KrbException extends Exception {
-
-    private static final long serialVersionUID = 3561718983481823145L;
+    private KrbErrorCode errorCode;
 
     public KrbException(String message) {
         super(message);
@@ -33,13 +32,20 @@ public class KrbException extends Exception {
 
     public KrbException(KrbErrorCode errorCode) {
         super(errorCode.getMessage());
+        this.errorCode = errorCode;
     }
 
     public KrbException(KrbErrorCode errorCode, Throwable cause) {
         super(errorCode.getMessage(), cause);
+        this.errorCode = errorCode;
     }
 
     public KrbException(KrbErrorCode errorCode, String message) {
         super(message + " with error code: " + errorCode.name());
+        this.errorCode = errorCode;
+    }
+
+    public KrbErrorCode getErrorCode() {
+        return errorCode;
     }
 }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9425e8a4/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/KrbError.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/KrbError.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/KrbError.java
index 6386314..3c76fd1 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/KrbError.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/KrbError.java
@@ -28,19 +28,19 @@ import org.apache.kerby.kerberos.kerb.spec.KerberosTime;
 
 /**
  KRB-ERROR       ::= [APPLICATION 30] SEQUENCE {
- pvno            [0] INTEGER (5),
- msg-type        [1] INTEGER (30),
- ctime           [2] KerberosTime OPTIONAL,
- cusec           [3] Microseconds OPTIONAL,
- stime           [4] KerberosTime,
- susec           [5] Microseconds,
- error-code      [6] Int32,
- crealm          [7] Realm OPTIONAL,
- cname           [8] PrincipalName OPTIONAL,
- realm           [9] Realm -- service realm --,
- sname           [10] PrincipalName -- service name --,
- e-text          [11] KerberosString OPTIONAL,
- e-data          [12] OCTET STRING OPTIONAL
+     pvno            [0] INTEGER (5),
+     msg-type        [1] INTEGER (30),
+     ctime           [2] KerberosTime OPTIONAL,
+     cusec           [3] Microseconds OPTIONAL,
+     stime           [4] KerberosTime,
+     susec           [5] Microseconds,
+     error-code      [6] Int32,
+     crealm          [7] Realm OPTIONAL,
+     cname           [8] PrincipalName OPTIONAL,
+     realm           [9] Realm -- service realm --,
+     sname           [10] PrincipalName -- service name --,
+     e-text          [11] KerberosString OPTIONAL,
+     e-data          [12] OCTET STRING OPTIONAL
  }
  */
 public class KrbError extends KrbMessage {

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9425e8a4/kerby-kerb/kerb-kdc-test/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/pom.xml b/kerby-kerb/kerb-kdc-test/pom.xml
index 80c0896..0202280 100644
--- a/kerby-kerb/kerb-kdc-test/pom.xml
+++ b/kerby-kerb/kerb-kdc-test/pom.xml
@@ -39,6 +39,11 @@
     </dependency>
     <dependency>
       <groupId>org.apache.kerby</groupId>
+      <artifactId>kerb-simplekdc</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.kerby</groupId>
       <artifactId>kerb-util</artifactId>
       <version>${project.version}</version>
     </dependency>
@@ -68,4 +73,4 @@
       <version>2.4</version>
     </dependency>
   </dependencies>
-</project>
+</project>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9425e8a4/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java b/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
index 0543568..6ca7437 100644
--- a/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
+++ b/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
@@ -21,6 +21,7 @@ package org.apache.kerby.kerberos.kerb.server;
 
 import org.apache.commons.io.FileUtils;
 import org.apache.commons.io.IOUtils;
+import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.client.KrbClient;
 import org.apache.kerby.kerberos.kerb.client.KrbConfig;
 import org.apache.kerby.kerberos.kerb.client.KrbConfigKey;
@@ -204,12 +205,12 @@ public abstract class KdcTestBase {
         krbClnt.setKdcRealm(kdcServer.getKdcRealm());
     }
 
-    protected void createPrincipals() {
+    protected void createPrincipals() throws KrbException {
         kdcServer.createTgsPrincipal();
         kdcServer.createPrincipals(serverPrincipal);
     }
 
-    protected void deletePrincipals() {
+    protected void deletePrincipals() throws KrbException {
         kdcServer.deleteTgsPrincipal();
         kdcServer.deletePrincipals(serverPrincipal);
     }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9425e8a4/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java b/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java
index 03e8ea8..023e6ef 100644
--- a/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java
+++ b/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java
@@ -19,112 +19,11 @@
  */
 package org.apache.kerby.kerberos.kerb.server;
 
-import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
-import org.apache.kerby.kerberos.kerb.common.KrbUtil;
-import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
-import org.apache.kerby.kerberos.kerb.keytab.Keytab;
-import org.apache.kerby.kerberos.kerb.keytab.KeytabEntry;
-import org.apache.kerby.kerberos.kerb.spec.KerberosTime;
-import org.apache.kerby.kerberos.kerb.spec.base.EncryptionKey;
-import org.apache.kerby.kerberos.kerb.spec.base.EncryptionType;
-import org.apache.kerby.kerberos.kerb.spec.base.PrincipalName;
+public class TestKdcServer extends SimpleKdcServer {
 
-import java.io.File;
-import java.io.IOException;
-import java.util.List;
-import java.util.UUID;
-
-public class TestKdcServer extends KdcServer {
-
-    /**
-     * Prepare KDC configuration for the test.
-     */
+    @Override
     protected void prepareKdcConfig() {
-        KdcConfig kdcConfig = getSetting().getKdcConfig();
-
-        kdcConfig.setString(KdcConfigKey.KDC_HOST, "localhost");
-        kdcConfig.setInt(KdcConfigKey.KDC_TCP_PORT, 8018);
-        kdcConfig.setString(KdcConfigKey.KDC_DOMAIN, "test.com");
+        KdcConfig kdcConfig = getKdcConfig();
         kdcConfig.setString(KdcConfigKey.KDC_REALM, "TEST.COM");
     }
-
-    @Override
-    public void init() {
-        super.init();
-
-        prepareKdcConfig();
-    }
-
-    private String getTgsPrincipal() {
-        return KrbUtil.makeTgsPrincipal(getKdcRealm()).getName();
-    }
-
-    public void createTgsPrincipal() {
-        createPrincipals(getTgsPrincipal());
-    }
-
-    public void deleteTgsPrincipal() {
-        deletePrincipals(getTgsPrincipal());
-    }
-
-    public String getKdcRealm() {
-        return getSetting().getKdcRealm();
-    }
-
-    public synchronized void createPrincipal(String principal, String password) {
-        KrbIdentity identity = new KrbIdentity(principal);
-        List<EncryptionType> encTypes = getSetting().getKdcConfig().getEncryptionTypes();
-        List<EncryptionKey> encKeys = null;
-        try {
-            encKeys = EncryptionUtil.generateKeys(fixPrincipal(principal), password, encTypes);
-        } catch (KrbException e) {
-            throw new RuntimeException("Failed to generate encryption keys", e);
-        }
-        identity.addKeys(encKeys);
-        getIdentityService().addIdentity(identity);
-    }
-
-    public void createPrincipals(String ... principals) {
-        String passwd;
-        for (String principal : principals) {
-            passwd = UUID.randomUUID().toString();
-            createPrincipal(fixPrincipal(principal), passwd);
-        }
-    }
-
-    private String fixPrincipal(String principal) {
-        if (! principal.contains("@")) {
-            principal += "@" + getKdcRealm();
-        }
-        return principal;
-    }
-
-    public void deletePrincipals(String ... principals) {
-        for (String principal : principals) {
-            deletePrincipal(fixPrincipal(principal));
-        }
-    }
-
-    public synchronized void deletePrincipal(String principal) {
-        getIdentityService().deleteIdentity(principal);
-    }
-
-    public void exportPrincipals(File keytabFile) throws IOException {
-        Keytab keytab = new Keytab();
-
-        List<String> principals = getIdentityService().getIdentities(-1, -1);
-        for (String pn : principals) {
-            KrbIdentity identity = getIdentityService().getIdentity(pn);
-            PrincipalName principal = identity.getPrincipal();
-            KerberosTime timestamp = new KerberosTime();
-            for (EncryptionType encType : identity.getKeys().keySet()) {
-                EncryptionKey ekey = identity.getKeys().get(encType);
-                int keyVersion = ekey.getKvno();
-                keytab.addEntry(new KeytabEntry(principal, timestamp, keyVersion, ekey));
-            }
-        }
-
-        keytab.store(keytabFile);
-    }
 }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9425e8a4/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GSSInteropTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GSSInteropTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GSSInteropTest.java
index 601cca8..d248e0f 100644
--- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GSSInteropTest.java
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GSSInteropTest.java
@@ -19,6 +19,7 @@
  */
 package org.apache.kerby.kerberos.kerb.server;
 
+import org.apache.kerby.kerberos.kerb.KrbException;
 import org.ietf.jgss.GSSContext;
 import org.ietf.jgss.GSSCredential;
 import org.ietf.jgss.GSSException;
@@ -67,7 +68,7 @@ public class GSSInteropTest extends KdcTest {
     }
 
     @Override
-    protected void createPrincipals() {
+    protected void createPrincipals() throws KrbException {
         kdcServer.createTgsPrincipal();
         kdcServer.createPrincipal(serverPrincipal, TEST_PASSWORD);
         kdcServer.createPrincipal(clientPrincipal, TEST_PASSWORD);

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9425e8a4/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcSettingTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcSettingTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcSettingTest.java
index e94e382..5ee75af 100644
--- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcSettingTest.java
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcSettingTest.java
@@ -19,6 +19,7 @@
  */
 package org.apache.kerby.kerberos.kerb.server;
 
+import org.apache.kerby.kerberos.kerb.KrbException;
 import org.junit.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -26,7 +27,7 @@ import static org.assertj.core.api.Assertions.assertThat;
 public class KdcSettingTest {
 
     @Test
-    public void testKdcServerMannualSetting() {
+    public void testKdcServerMannualSetting() throws KrbException {
         KdcServer kerbServer = new KdcServer();
         kerbServer.setKdcHost("localhost");
         kerbServer.setKdcRealm("TEST2.COM");

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9425e8a4/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java
index d27a7bc..d517a0a 100644
--- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java
@@ -19,6 +19,7 @@
  */
 package org.apache.kerby.kerberos.kerb.server;
 
+import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.spec.ticket.ServiceTicket;
 import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
 import org.junit.Assert;
@@ -32,7 +33,7 @@ public abstract class KdcTest extends KdcTestBase {
     private String serverPrincipal;
 
     @Override
-    protected void createPrincipals() {
+    protected void createPrincipals() throws KrbException {
         super.createPrincipals();
         clientPrincipal = getClientPrincipal();
         kdcServer.createPrincipal(clientPrincipal, TEST_PASSWORD);

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9425e8a4/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/MultiRequestsKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/MultiRequestsKdcTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/MultiRequestsKdcTest.java
index 48d6ce9..ae6b657 100644
--- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/MultiRequestsKdcTest.java
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/MultiRequestsKdcTest.java
@@ -19,6 +19,7 @@
  */
 package org.apache.kerby.kerberos.kerb.server;
 
+import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.spec.ticket.ServiceTicket;
 import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
 import org.junit.Assert;
@@ -34,7 +35,7 @@ public class MultiRequestsKdcTest extends KdcTestBase {
     private String password = "123456";
 
     @Override
-    protected void createPrincipals() {
+    protected void createPrincipals() throws KrbException {
         super.createPrincipals();
         clientPrincipal = getClientPrincipal();
         kdcServer.createPrincipal(clientPrincipal, password);

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9425e8a4/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/InternalKdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/InternalKdcServer.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/InternalKdcServer.java
index 56b9189..6f3bce7 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/InternalKdcServer.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/InternalKdcServer.java
@@ -20,6 +20,7 @@
 package org.apache.kerby.kerberos.kerb.server;
 
 import org.apache.kerby.KOptions;
+import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.identity.IdentityService;
 
 /**
@@ -31,7 +32,7 @@ public interface InternalKdcServer {
      * Initialize with KDC startup options.
      * @param options
      */
-    void init(KOptions options);
+    void init(KOptions options) throws KrbException;
 
     /**
      * Start the KDC server.

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9425e8a4/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
index 9415589..6ca1df7 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
@@ -6,22 +6,21 @@
  *  to you under the Apache License, Version 2.0 (the
  *  "License"); you may not use this file except in compliance
  *  with the License.  You may obtain a copy of the License at
- *  
+ *
  *    http://www.apache.org/licenses/LICENSE-2.0
- *  
+ *
  *  Unless required by applicable law or agreed to in writing,
  *  software distributed under the License is distributed on an
  *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  *  KIND, either express or implied.  See the License for the
  *  specific language governing permissions and limitations
  *  under the License. 
- *  
+ *
  */
 package org.apache.kerby.kerberos.kerb.server;
 
 import org.apache.kerby.kerberos.kerb.KrbCodec;
 import org.apache.kerby.kerberos.kerb.KrbErrorCode;
-import org.apache.kerby.kerberos.kerb.KrbErrorException;
 import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.server.request.AsRequest;
 import org.apache.kerby.kerberos.kerb.server.request.KdcRequest;
@@ -50,43 +49,48 @@ public class KdcHandler {
     }
 
     public ByteBuffer handleMessage(ByteBuffer receivedMessage, boolean isTcp,
-                                       InetAddress remoteAddress) throws KrbException {
-        KrbMessage krbRequest = null;
+                                    InetAddress remoteAddress) throws KrbException {
+        KrbMessage krbRequest;
         KdcRequest kdcRequest = null;
-        KrbMessage krbResponse;
+        KrbMessage krbResponse = null;
+
         try {
-            try {
-                krbRequest = KrbCodec.decodeMessage(receivedMessage);
-            } catch (IOException e) {
-                throw new KrbException(KrbErrorCode.KRB_AP_ERR_MSG_TYPE, "Krb decoding message failed");
+            krbRequest = KrbCodec.decodeMessage(receivedMessage);
+        } catch (IOException e) {
+            throw new KrbException(KrbErrorCode.KRB_AP_ERR_MSG_TYPE, "Krb decoding message failed");
+        }
+
+        KrbMessageType messageType = krbRequest.getMsgType();
+        if (messageType == KrbMessageType.TGS_REQ || messageType
+                == KrbMessageType.AS_REQ) {
+            KdcReq kdcReq = (KdcReq) krbRequest;
+            String realm = getRequestRealm(kdcReq);
+            if (realm == null || !kdcContext.getKdcRealm().equals(realm)) {
+                throw new KrbException("Invalid realm from kdc request: " + realm);
             }
 
-            KrbMessageType messageType = krbRequest.getMsgType();
-            if (messageType == KrbMessageType.TGS_REQ || messageType
-                    == KrbMessageType.AS_REQ) {
-                KdcReq kdcReq = (KdcReq) krbRequest;
-                String realm = getRequestRealm(kdcReq);
-                if (realm == null || !kdcContext.getKdcRealm().equals(realm)) {
-                    throw new KrbException("Invalid realm from kdc request: " + realm);
-                }
-
-                if (messageType == KrbMessageType.TGS_REQ) {
-                    kdcRequest = new TgsRequest((TgsReq) kdcReq, kdcContext);
-                } else if (messageType == KrbMessageType.AS_REQ) {
-                    kdcRequest = new AsRequest((AsReq) kdcReq, kdcContext);
-                } else {
-                    throw new KrbException(KrbErrorCode.KRB_AP_ERR_MSG_TYPE);
-                }
+            if (messageType == KrbMessageType.TGS_REQ) {
+                kdcRequest = new TgsRequest((TgsReq) kdcReq, kdcContext);
+            } else if (messageType == KrbMessageType.AS_REQ) {
+                kdcRequest = new AsRequest((AsReq) kdcReq, kdcContext);
+            } else {
+                throw new KrbException(KrbErrorCode.KRB_AP_ERR_MSG_TYPE);
             }
+        }
 
-            kdcRequest.setClientAddress(remoteAddress);
-            kdcRequest.isTcp(isTcp);
+        kdcRequest.setClientAddress(remoteAddress);
+        kdcRequest.isTcp(isTcp);
 
+        try {
             kdcRequest.process();
-
             krbResponse = kdcRequest.getReply();
         } catch (KrbException e) {
-            krbResponse = krbExceptionHandler(e, kdcRequest);
+            if(e instanceof KdcRecoverableException) {
+                krbResponse = handleRecoverableException(
+                        (KdcRecoverableException) e, kdcRequest);
+            } else {
+                throw e;
+            }
         }
 
         int bodyLen = krbResponse.encodingLength();
@@ -103,19 +107,16 @@ public class KdcHandler {
         return responseMessage;
     }
 
-    private KrbMessage krbExceptionHandler(KrbException e, KdcRequest kdcRequest)
-        throws KrbException {
+    private KrbMessage handleRecoverableException(KdcRecoverableException e,
+                                                  KdcRequest kdcRequest)
+            throws KrbException {
         System.out.println("KRB error occured while processing request:"
                 + e.getMessage());
-        KrbError error;
-        if(e instanceof KrbErrorException) {
-            error = ((KrbErrorException) e).getKrbError();
-        } else {
-            error = new KrbError();
-        }
+
+        KrbError error = e.getKrbError();
         error.setStime(KerberosTime.now());
         error.setSusec(100);
-        error.setErrorCode(((KrbErrorException) e).getKrbError().getErrorCode());
+        error.setErrorCode(e.getKrbError().getErrorCode());
         error.setRealm(kdcContext.getKdcRealm());
         if(kdcRequest != null) {
             error.setSname(kdcRequest.getKdcReq().getReqBody().getCname());

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9425e8a4/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcRecoverableException.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcRecoverableException.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcRecoverableException.java
new file mode 100644
index 0000000..9f0a051
--- /dev/null
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcRecoverableException.java
@@ -0,0 +1,33 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.server;
+
+import org.apache.kerby.kerberos.kerb.KrbErrorException;
+import org.apache.kerby.kerberos.kerb.spec.base.KrbError;
+
+/**
+ * KDC side recoverable exception, where retrying will be made.
+ */
+public class KdcRecoverableException extends KrbErrorException {
+
+    public KdcRecoverableException(KrbError krbError) {
+        super(krbError);
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9425e8a4/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java
index a2f6c46..79a16bf 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java
@@ -20,6 +20,8 @@
 package org.apache.kerby.kerberos.kerb.server;
 
 import org.apache.kerby.KOptions;
+import org.apache.kerby.config.Config;
+import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.identity.IdentityService;
 import org.apache.kerby.kerberos.kerb.server.impl.DefaultInternalKdcServerImpl;
 
@@ -148,6 +150,22 @@ public class KdcServer {
     }
 
     /**
+     * Get the KDC config.
+     * @return KdcConfig
+     */
+    public KdcConfig getKdcConfig() {
+        return getSetting().getKdcConfig();
+    }
+
+    /**
+     * Get backend config.
+     * @return
+     */
+    public Config getBackendConfig() {
+        return getSetting().getBackendConfig();
+    }
+
+    /**
      * Get identity service.
      * @return IdentityService
      */
@@ -161,7 +179,7 @@ public class KdcServer {
     /**
      * Init the KDC server.
      */
-    public void init() {
+    public void init() throws KrbException {
         if (commonOptions.contains(KdcServerOption.INNER_KDC_IMPL)) {
             innerKdc = (InternalKdcServer) commonOptions.getOptionValue(
                     KdcServerOption.INNER_KDC_IMPL);

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9425e8a4/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcSetting.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcSetting.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcSetting.java
index b32119e..359fbab 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcSetting.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcSetting.java
@@ -20,6 +20,8 @@
 package org.apache.kerby.kerberos.kerb.server;
 
 import org.apache.kerby.KOptions;
+import org.apache.kerby.config.Conf;
+import org.apache.kerby.config.Config;
 
 import java.io.File;
 
@@ -29,10 +31,13 @@ import java.io.File;
 public class KdcSetting {
     private final KOptions startupOptions;
     private final KdcConfig kdcConfig;
+    private Conf backendConfig;
 
-    public KdcSetting(KOptions startupOptions, KdcConfig config) {
+    public KdcSetting(KOptions startupOptions,
+                      KdcConfig config, Conf backendConfig) {
         this.startupOptions = startupOptions;
         this.kdcConfig = config;
+        this.backendConfig = backendConfig;
     }
 
     /**
@@ -43,6 +48,14 @@ public class KdcSetting {
         return kdcConfig;
     }
 
+    /**
+     * Get the backend config.
+     * @return
+     */
+    public Config getBackendConfig() {
+        return backendConfig;
+    }
+
     public File getConfDir() {
         return  startupOptions.getDirOption(KdcServerOption.CONF_DIR);
     }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9425e8a4/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/AbstractInternalKdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/AbstractInternalKdcServer.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/AbstractInternalKdcServer.java
index c22b503..242b3c6 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/AbstractInternalKdcServer.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/AbstractInternalKdcServer.java
@@ -21,6 +21,7 @@ package org.apache.kerby.kerberos.kerb.server.impl;
 
 import org.apache.kerby.KOptions;
 import org.apache.kerby.config.Conf;
+import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.identity.IdentityService;
 import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
 import org.apache.kerby.kerberos.kerb.identity.backend.MemoryIdentityBackend;
@@ -33,9 +34,7 @@ import java.io.IOException;
  * Abstract KDC server implementation.
  */
 public class AbstractInternalKdcServer implements InternalKdcServer {
-
     private boolean started;
-
     private KdcConfig kdcConfig;
     private Conf backendConfig;
     private KdcSetting kdcSetting;
@@ -59,14 +58,15 @@ public class AbstractInternalKdcServer implements InternalKdcServer {
     }
 
     @Override
-    public void init(KOptions startupOptions) {
+    public void init(KOptions startupOptions) throws KrbException {
         try {
             initConfig(startupOptions);
         } catch (IOException e) {
-            throw new RuntimeException("Failed to load configurations", e);
+            throw new KrbException("Failed to load configurations", e);
         }
 
-        kdcSetting = new KdcSetting(startupOptions, kdcConfig);
+        kdcSetting = new KdcSetting(startupOptions,
+                kdcConfig, backendConfig);
 
         initBackend();
     }
@@ -105,28 +105,28 @@ public class AbstractInternalKdcServer implements InternalKdcServer {
         }
     }
 
-    private void initBackend() {
+    private void initBackend() throws KrbException {
         String backendClassName = backendConfig.getString(
                 KdcConfigKey.KDC_IDENTITY_BACKEND);
         if (backendClassName == null) {
             backendClassName = MemoryIdentityBackend.class.getCanonicalName();
         }
 
-        Class<?> backendClass = null;
+        Class<?> backendClass;
         try {
             backendClass = Class.forName(backendClassName);
         } catch (ClassNotFoundException e) {
-            throw new RuntimeException("Failed to load backend class: "
+            throw new KrbException("Failed to load backend class: "
                     + backendClassName);
         }
 
         try {
             backend = (IdentityBackend) backendClass.newInstance();
         } catch (InstantiationException e) {
-            throw new RuntimeException("Failed to create backend: "
+            throw new KrbException("Failed to create backend: "
                     + backendClassName);
         } catch (IllegalAccessException e) {
-            throw new RuntimeException("Failed to create backend: "
+            throw new KrbException("Failed to create backend: "
                     + backendClassName);
         }
 

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9425e8a4/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/DefaultKdcHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/DefaultKdcHandler.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/DefaultKdcHandler.java
index 8624ca3..6b21f0b 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/DefaultKdcHandler.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/DefaultKdcHandler.java
@@ -19,8 +19,8 @@
  */
 package org.apache.kerby.kerberos.kerb.server.impl;
 
-import org.apache.kerby.kerberos.kerb.server.KdcHandler;
 import org.apache.kerby.kerberos.kerb.server.KdcContext;
+import org.apache.kerby.kerberos.kerb.server.KdcHandler;
 import org.apache.kerby.kerberos.kerb.transport.KrbTcpTransport;
 import org.apache.kerby.kerberos.kerb.transport.KrbTransport;
 import org.slf4j.Logger;
@@ -68,6 +68,7 @@ public class DefaultKdcHandler extends KdcHandler implements Runnable {
             transport.sendMessage(krbResponse);
         } catch (Exception e) {
             e.printStackTrace();
+            transport.release();
             logger.error("Error occured while processing request:", e);
         }
     }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9425e8a4/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/AbstractPreauthPlugin.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/AbstractPreauthPlugin.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/AbstractPreauthPlugin.java
index 17ade95..2d07cff 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/AbstractPreauthPlugin.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/AbstractPreauthPlugin.java
@@ -19,12 +19,12 @@
  */
 package org.apache.kerby.kerberos.kerb.server.preauth;
 
+import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.preauth.PaFlags;
 import org.apache.kerby.kerberos.kerb.preauth.PluginRequestContext;
 import org.apache.kerby.kerberos.kerb.preauth.PreauthPluginMeta;
 import org.apache.kerby.kerberos.kerb.server.KdcContext;
 import org.apache.kerby.kerberos.kerb.server.request.KdcRequest;
-import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.spec.pa.PaData;
 import org.apache.kerby.kerberos.kerb.spec.pa.PaDataEntry;
 import org.apache.kerby.kerberos.kerb.spec.pa.PaDataType;

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9425e8a4/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/KdcPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/KdcPreauth.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/KdcPreauth.java
index 2bd3516..7c43277 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/KdcPreauth.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/KdcPreauth.java
@@ -19,12 +19,12 @@
  */
 package org.apache.kerby.kerberos.kerb.server.preauth;
 
+import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.preauth.PaFlags;
 import org.apache.kerby.kerberos.kerb.preauth.PluginRequestContext;
 import org.apache.kerby.kerberos.kerb.preauth.PreauthPluginMeta;
 import org.apache.kerby.kerberos.kerb.server.KdcContext;
 import org.apache.kerby.kerberos.kerb.server.request.KdcRequest;
-import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.spec.pa.PaData;
 import org.apache.kerby.kerberos.kerb.spec.pa.PaDataEntry;
 import org.apache.kerby.kerberos.kerb.spec.pa.PaDataType;

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9425e8a4/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/PreauthHandle.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/PreauthHandle.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/PreauthHandle.java
index 2893925..ea603a5 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/PreauthHandle.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/PreauthHandle.java
@@ -19,9 +19,9 @@
  */
 package org.apache.kerby.kerberos.kerb.server.preauth;
 
+import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.preauth.PluginRequestContext;
 import org.apache.kerby.kerberos.kerb.server.request.KdcRequest;
-import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.spec.pa.PaData;
 import org.apache.kerby.kerberos.kerb.spec.pa.PaDataEntry;
 

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9425e8a4/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/builtin/EncTsPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/builtin/EncTsPreauth.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/builtin/EncTsPreauth.java
index 51c5d3f..b408103 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/builtin/EncTsPreauth.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/builtin/EncTsPreauth.java
@@ -19,15 +19,15 @@
  */
 package org.apache.kerby.kerberos.kerb.server.preauth.builtin;
 
-import org.apache.kerby.kerberos.kerb.KrbErrorCode;
 import org.apache.kerby.kerberos.kerb.KrbCodec;
+import org.apache.kerby.kerberos.kerb.KrbErrorCode;
+import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
 import org.apache.kerby.kerberos.kerb.preauth.PluginRequestContext;
 import org.apache.kerby.kerberos.kerb.preauth.builtin.EncTsPreauthMeta;
 import org.apache.kerby.kerberos.kerb.server.KdcContext;
 import org.apache.kerby.kerberos.kerb.server.preauth.AbstractPreauthPlugin;
 import org.apache.kerby.kerberos.kerb.server.request.KdcRequest;
-import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.spec.base.EncryptedData;
 import org.apache.kerby.kerberos.kerb.spec.base.EncryptionKey;
 import org.apache.kerby.kerberos.kerb.spec.base.KeyUsage;

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9425e8a4/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/builtin/TgtPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/builtin/TgtPreauth.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/builtin/TgtPreauth.java
index a60ba7d..fbacf0f 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/builtin/TgtPreauth.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/builtin/TgtPreauth.java
@@ -19,12 +19,12 @@
  */
 package org.apache.kerby.kerberos.kerb.server.preauth.builtin;
 
+import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.preauth.PluginRequestContext;
 import org.apache.kerby.kerberos.kerb.preauth.builtin.TgtPreauthMeta;
 import org.apache.kerby.kerberos.kerb.server.preauth.AbstractPreauthPlugin;
 import org.apache.kerby.kerberos.kerb.server.request.KdcRequest;
 import org.apache.kerby.kerberos.kerb.server.request.TgsRequest;
-import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.spec.pa.PaDataEntry;
 
 public class TgtPreauth extends AbstractPreauthPlugin {

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9425e8a4/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
index 1db8452..08baa0e 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
@@ -20,12 +20,12 @@
 package org.apache.kerby.kerberos.kerb.server.preauth.pkinit;
 
 import org.apache.kerby.kerberos.kerb.KrbCodec;
+import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.preauth.PluginRequestContext;
 import org.apache.kerby.kerberos.kerb.preauth.pkinit.PkinitPreauthMeta;
 import org.apache.kerby.kerberos.kerb.server.KdcContext;
 import org.apache.kerby.kerberos.kerb.server.preauth.AbstractPreauthPlugin;
 import org.apache.kerby.kerberos.kerb.server.request.KdcRequest;
-import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.spec.base.PrincipalName;
 import org.apache.kerby.kerberos.kerb.spec.pa.PaDataEntry;
 import org.apache.kerby.kerberos.kerb.spec.pa.PaDataType;

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9425e8a4/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
index 44bddf9..49e368a 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
@@ -30,12 +30,7 @@ import org.apache.kerby.kerberos.kerb.server.preauth.AbstractPreauthPlugin;
 import org.apache.kerby.kerberos.kerb.server.request.AsRequest;
 import org.apache.kerby.kerberos.kerb.server.request.KdcRequest;
 import org.apache.kerby.kerberos.kerb.server.request.TgsRequest;
-import org.apache.kerby.kerberos.kerb.spec.base.AuthToken;
-import org.apache.kerby.kerberos.kerb.spec.base.EncryptedData;
-import org.apache.kerby.kerberos.kerb.spec.base.EncryptionKey;
-import org.apache.kerby.kerberos.kerb.spec.base.KeyUsage;
-import org.apache.kerby.kerberos.kerb.spec.base.KrbToken;
-import org.apache.kerby.kerberos.kerb.spec.base.PrincipalName;
+import org.apache.kerby.kerberos.kerb.spec.base.*;
 import org.apache.kerby.kerberos.kerb.spec.pa.PaDataEntry;
 import org.apache.kerby.kerberos.kerb.spec.pa.PaDataType;
 import org.apache.kerby.kerberos.kerb.spec.pa.token.PaTokenRequest;

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9425e8a4/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/AsRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/AsRequest.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/AsRequest.java
index 41c1ac9..813c496 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/AsRequest.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/AsRequest.java
@@ -25,19 +25,8 @@ import org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
 import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
 import org.apache.kerby.kerberos.kerb.server.KdcContext;
 import org.apache.kerby.kerberos.kerb.spec.KerberosTime;
-import org.apache.kerby.kerberos.kerb.spec.base.EncryptedData;
-import org.apache.kerby.kerberos.kerb.spec.base.EncryptionKey;
-import org.apache.kerby.kerberos.kerb.spec.base.EncryptionType;
-import org.apache.kerby.kerberos.kerb.spec.base.KeyUsage;
-import org.apache.kerby.kerberos.kerb.spec.base.LastReq;
-import org.apache.kerby.kerberos.kerb.spec.base.LastReqEntry;
-import org.apache.kerby.kerberos.kerb.spec.base.LastReqType;
-import org.apache.kerby.kerberos.kerb.spec.base.PrincipalName;
-import org.apache.kerby.kerberos.kerb.spec.kdc.AsRep;
-import org.apache.kerby.kerberos.kerb.spec.kdc.AsReq;
-import org.apache.kerby.kerberos.kerb.spec.kdc.EncAsRepPart;
-import org.apache.kerby.kerberos.kerb.spec.kdc.EncKdcRepPart;
-import org.apache.kerby.kerberos.kerb.spec.kdc.KdcReq;
+import org.apache.kerby.kerberos.kerb.spec.base.*;
+import org.apache.kerby.kerberos.kerb.spec.kdc.*;
 import org.apache.kerby.kerberos.kerb.spec.ticket.Ticket;
 import org.apache.kerby.kerberos.kerb.spec.ticket.TicketFlag;
 
@@ -49,7 +38,6 @@ public class AsRequest extends KdcRequest {
 
     @Override
     protected void checkClient() throws KrbException {
-
         KdcReq request = getKdcReq();
         PrincipalName clientPrincipal;
         if (isToken()) {
@@ -65,6 +53,7 @@ public class AsRequest extends KdcRequest {
             clientRealm = getKdcContext().getKdcRealm();
         }
         clientPrincipal.setRealm(clientRealm);
+
         KrbIdentity clientEntry;
         if (isToken()) {
             clientEntry = new KrbIdentity(clientPrincipal.getName());
@@ -72,6 +61,11 @@ public class AsRequest extends KdcRequest {
         } else {
             clientEntry = getEntry(clientPrincipal.getName());
         }
+
+        if(clientEntry == null) {
+            throw new KrbException(KrbErrorCode.KDC_ERR_C_PRINCIPAL_UNKNOWN);
+        }
+
         setClientEntry(clientEntry);
 
         for (EncryptionType encType : request.getReqBody().getEtypes()) {

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9425e8a4/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
index 026c14f..a6498dd 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
@@ -19,11 +19,7 @@
  */
 package org.apache.kerby.kerberos.kerb.server.request;
 
-import org.apache.kerby.kerberos.kerb.KrbCodec;
-import org.apache.kerby.kerberos.kerb.KrbConstant;
-import org.apache.kerby.kerberos.kerb.KrbErrorCode;
-import org.apache.kerby.kerberos.kerb.KrbErrorException;
-import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.*;
 import org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
 import org.apache.kerby.kerberos.kerb.common.KrbUtil;
 import org.apache.kerby.kerberos.kerb.crypto.CheckSumHandler;
@@ -36,20 +32,7 @@ import org.apache.kerby.kerberos.kerb.server.preauth.PreauthContext;
 import org.apache.kerby.kerberos.kerb.server.preauth.PreauthHandler;
 import org.apache.kerby.kerberos.kerb.spec.ap.ApReq;
 import org.apache.kerby.kerberos.kerb.spec.ap.Authenticator;
-import org.apache.kerby.kerberos.kerb.spec.base.AuthToken;
-import org.apache.kerby.kerberos.kerb.spec.base.CheckSum;
-import org.apache.kerby.kerberos.kerb.spec.base.EncryptedData;
-import org.apache.kerby.kerberos.kerb.spec.base.EncryptionKey;
-import org.apache.kerby.kerberos.kerb.spec.base.EncryptionType;
-import org.apache.kerby.kerberos.kerb.spec.base.EtypeInfo;
-import org.apache.kerby.kerberos.kerb.spec.base.EtypeInfo2;
-import org.apache.kerby.kerberos.kerb.spec.base.EtypeInfo2Entry;
-import org.apache.kerby.kerberos.kerb.spec.base.EtypeInfoEntry;
-import org.apache.kerby.kerberos.kerb.spec.base.KeyUsage;
-import org.apache.kerby.kerberos.kerb.spec.base.KrbError;
-import org.apache.kerby.kerberos.kerb.spec.base.KrbMessage;
-import org.apache.kerby.kerberos.kerb.spec.base.MethodData;
-import org.apache.kerby.kerberos.kerb.spec.base.PrincipalName;
+import org.apache.kerby.kerberos.kerb.spec.base.*;
 import org.apache.kerby.kerberos.kerb.spec.fast.ArmorType;
 import org.apache.kerby.kerberos.kerb.spec.fast.KrbFastArmor;
 import org.apache.kerby.kerberos.kerb.spec.fast.KrbFastArmoredReq;

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9425e8a4/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TgsRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TgsRequest.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TgsRequest.java
index 4d410bb..28c4790 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TgsRequest.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TgsRequest.java
@@ -30,21 +30,8 @@ import org.apache.kerby.kerberos.kerb.spec.KerberosTime;
 import org.apache.kerby.kerberos.kerb.spec.ap.ApOption;
 import org.apache.kerby.kerberos.kerb.spec.ap.ApReq;
 import org.apache.kerby.kerberos.kerb.spec.ap.Authenticator;
-import org.apache.kerby.kerberos.kerb.spec.base.EncryptedData;
-import org.apache.kerby.kerberos.kerb.spec.base.EncryptionKey;
-import org.apache.kerby.kerberos.kerb.spec.base.EncryptionType;
-import org.apache.kerby.kerberos.kerb.spec.base.HostAddresses;
-import org.apache.kerby.kerberos.kerb.spec.base.KeyUsage;
-import org.apache.kerby.kerberos.kerb.spec.base.KrbMessageType;
-import org.apache.kerby.kerberos.kerb.spec.base.LastReq;
-import org.apache.kerby.kerberos.kerb.spec.base.LastReqEntry;
-import org.apache.kerby.kerberos.kerb.spec.base.LastReqType;
-import org.apache.kerby.kerberos.kerb.spec.base.PrincipalName;
-import org.apache.kerby.kerberos.kerb.spec.kdc.EncKdcRepPart;
-import org.apache.kerby.kerberos.kerb.spec.kdc.EncTgsRepPart;
-import org.apache.kerby.kerberos.kerb.spec.kdc.KdcReq;
-import org.apache.kerby.kerberos.kerb.spec.kdc.TgsRep;
-import org.apache.kerby.kerberos.kerb.spec.kdc.TgsReq;
+import org.apache.kerby.kerberos.kerb.spec.base.*;
+import org.apache.kerby.kerberos.kerb.spec.kdc.*;
 import org.apache.kerby.kerberos.kerb.spec.pa.PaDataEntry;
 import org.apache.kerby.kerberos.kerb.spec.ticket.EncTicketPart;
 import org.apache.kerby.kerberos.kerb.spec.ticket.Ticket;

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9425e8a4/kerby-kerb/kerb-simplekdc/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-simplekdc/pom.xml b/kerby-kerb/kerb-simplekdc/pom.xml
new file mode 100644
index 0000000..f71b4fc
--- /dev/null
+++ b/kerby-kerb/kerb-simplekdc/pom.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License. See accompanying LICENSE file.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+
+  <parent>
+    <groupId>org.apache.kerby</groupId>
+    <artifactId>kerby-kerb</artifactId>
+    <version>1.0-SNAPSHOT</version>
+  </parent>
+
+  <artifactId>kerb-simplekdc</artifactId>
+
+  <name>Kerb Simple Kdc</name>
+  <description>Kerb Simple Kdc</description>
+
+  <dependencies>
+    <dependency>
+      <groupId>org.apache.kerby</groupId>
+      <artifactId>kerby-config</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.kerby</groupId>
+      <artifactId>kerb-core</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.kerby</groupId>
+      <artifactId>kerb-util</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.kerby</groupId>
+      <artifactId>kerb-server</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.kerby</groupId>
+      <artifactId>kerb-admin</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+  </dependencies>
+</project>

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9425e8a4/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java b/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
new file mode 100644
index 0000000..fb6fe95
--- /dev/null
+++ b/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
@@ -0,0 +1,113 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.server;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.Kadmin;
+import org.apache.kerby.kerberos.kerb.common.KrbUtil;
+import org.apache.kerby.util.NetworkUtil;
+
+import java.io.File;
+
+/**
+ * A simple KDC server mainly for test usage.
+ */
+public class SimpleKdcServer extends KdcServer {
+    private Kadmin kadmin;
+
+    /**
+     * Prepare KDC configuration.
+     */
+    protected void prepareKdcConfig() {
+        KdcConfig kdcConfig = getKdcConfig();
+        kdcConfig.setString(KdcConfigKey.KDC_HOST, "localhost");
+        kdcConfig.setInt(KdcConfigKey.KDC_PORT, NetworkUtil.getServerPort());
+        kdcConfig.setString(KdcConfigKey.KDC_REALM, "EXAMPLE.COM");
+    }
+
+    @Override
+    public void init() throws KrbException {
+        super.init();
+        prepareKdcConfig();
+        kadmin = new Kadmin(getIdentityService(), getKdcConfig(), getBackendConfig());
+    }
+
+    /**
+     * Get Kadmin operation interface.
+     * @return
+     */
+    public Kadmin getKadmin() {
+        return kadmin;
+    }
+
+    private String getTgsPrincipal() {
+        return KrbUtil.makeTgsPrincipal(getKdcRealm()).getName();
+    }
+
+    public void createTgsPrincipal() throws KrbException {
+        createPrincipal(getTgsPrincipal());
+    }
+
+    public void deleteTgsPrincipal() throws KrbException {
+        deletePrincipal(getTgsPrincipal());
+    }
+
+    public String getKdcRealm() {
+        return getSetting().getKdcRealm();
+    }
+
+    public void createPrincipal(String principal) throws KrbException {
+        kadmin.addPrincipal(principal);
+    }
+
+    public void createPrincipal(String principal,
+                                String password) throws KrbException {
+        kadmin.addPrincipal(principal, password);
+    }
+
+    public void createPrincipals(String ... principals) throws KrbException {
+        for (String principal : principals) {
+            kadmin.addPrincipal(principal);
+        }
+    }
+
+    /**
+     * Creates principals and export their keys to the specified keytab file.
+     */
+    public void createAndExportPrincipals(File keytabFile,
+                                String ... principals) throws KrbException {
+        createPrincipals(principals);
+        exportPrincipals(keytabFile);
+    }
+
+    public void deletePrincipals(String ... principals) throws KrbException {
+        for (String principal : principals) {
+            deletePrincipal(principal);
+        }
+    }
+
+    public void deletePrincipal(String principal) throws KrbException {
+        kadmin.deletePrincipal(principal);
+    }
+
+    public void exportPrincipals(File keytabFile) throws KrbException {
+        kadmin.exportKeytab(keytabFile);
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9425e8a4/kerby-kerb/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/pom.xml b/kerby-kerb/pom.xml
index 08b5bba..0e8c3bf 100644
--- a/kerby-kerb/pom.xml
+++ b/kerby-kerb/pom.xml
@@ -38,6 +38,7 @@
     <module>kerb-server</module>
     <module>kerb-kdc-test</module>
     <module>kerb-admin</module>
+    <module>kerb-simplekdc</module>
     <module>kerb-client-api-all</module>
     <module>kerb-server-api-all</module>
   </modules>

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9425e8a4/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/KadminTool.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/KadminTool.java b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/KadminTool.java
index bd6887d..e8a963c 100644
--- a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/KadminTool.java
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/KadminTool.java
@@ -139,7 +139,7 @@ public class KadminTool {
     public static void main(String[] args) {
         Kadmin kadmin;
         try {
-            kadmin = Kadmin.getInstance(getConfDir(args));
+            kadmin = new Kadmin(getConfDir(args));
         } catch (KrbException e) {
             System.err.println("Failed to init Kadmin due to " + e.getMessage());
             return;


Mime
View raw message