directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From plusplusjia...@apache.org
Subject directory-kerby git commit: [DIRKRB-317]-Update the github website readme files.
Date Thu, 02 Jul 2015 06:48:09 GMT
Repository: directory-kerby
Updated Branches:
  refs/heads/master d70edca9f -> 5bb643cea


[DIRKRB-317]-Update the github website readme files.


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/5bb643ce
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/5bb643ce
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/5bb643ce

Branch: refs/heads/master
Commit: 5bb643cea93a5dd98a394631bafb3eeff787b2bf
Parents: d70edca
Author: plusplusjiajia <jiajia.li@intel.com>
Authored: Thu Jul 2 14:53:40 2015 +0800
Committer: plusplusjiajia <jiajia.li@intel.com>
Committed: Thu Jul 2 14:53:40 2015 +0800

----------------------------------------------------------------------
 README.md                           | 76 +++++++++++++++++++++++++-------
 kerby-dist/README.md                |  9 +++-
 kerby-kerb/kerb-admin/README.md     | 63 ++++++++++++++++++++++++++
 kerby-kerb/kerb-client/README.md    | 32 ++++++++++++++
 kerby-kerb/kerb-server/README.md    | 52 ++++++++++++++++++++++
 kerby-kerb/kerb-simplekdc/README.md | 66 +++++++++++++++++++++++++++
 6 files changed, 281 insertions(+), 17 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/5bb643ce/README.md
----------------------------------------------------------------------
diff --git a/README.md b/README.md
index 3ef35f5..55dcd40 100644
--- a/README.md
+++ b/README.md
@@ -6,16 +6,35 @@ Apache Kerby is a Java Kerberos binding. It provides a rich, intuitive and
inter
 ![](https://github.com/apache/directory-kerby/blob/master/docs/logo/logo.png)
 
 ### The Initiatives/Goals 
-* Aims as a Java Kerberos binding, with rich and integrated facilities that integrate Kerberos,
PKI and token (OAuth2) for both client and server sides.
-+ Provides client APIs at the Kerberos protocol level to interact with a KDC server through
AS and TGS exchanges.
-+ Provides a standalone KDC server that supports various identity back ends including memory
based, Json file based, LDAP backed and even Zookeeper backed.
-+ Provides an embedded KDC server that applications can easily integrate into products, unit
tests or integration tests.
-+ Supports FAST/Preauthentication framework to allow popular and useful authentication mechanisms.
-+ Supports PKINIT mechanism to allow clients to request tickets using x509 certificate credentials.
-+ Supports Token Preauth mechanism to allow clients to request tickets using JWT tokens.
-+ Supports OTP mechanism to allow clients to request tickets using One Time Password.
-+ Provides support for JAAS, GSSAPI and SASL frameworks that applications can leverage.
-+ Minimal dependencies, the core part is ensured to depend only on JRE and SLF4J, for easy
use and maintenance.
+- Aims as a Java Kerberos binding, with rich and integrated facilities that integrate Kerberos,
PKI and token (OAuth2) for both client and server sides.
+- Provides client APIs at the Kerberos protocol level to interact with a KDC server through
AS and TGS exchanges.
+- Provides a standalone KDC server that supports various identity back ends including memory
based, Json file based, LDAP backed and even Zookeeper backed.
+- Provides an embedded KDC server that applications can easily integrate into products, unit
tests or integration tests.
+- Supports FAST/Preauthentication framework to allow popular and useful authentication mechanisms.
+- Supports PKINIT mechanism to allow clients to request tickets using x509 certificate credentials.
+- Supports Token Preauth mechanism to allow clients to request tickets using JWT tokens.
+- Supports OTP mechanism to allow clients to request tickets using One Time Password.
+- Provides support for JAAS, GSSAPI and SASL frameworks that applications can leverage.
+- Minimal dependencies, the core part is ensured to depend only on JRE and SLF4J, for easy
use and maintenance.
+
+### KrbClient APIs
+A Krb client API for applications to interact with KDC.  
+Please look at [kerb-client](kerby-kerb/kerb-client/README.md) for details.
+
+### Kadmin
+Server side admin facilities.  
+Please look at [kerb-admin](kerby-kerb/kerb-admin/README.md) for details.
+
+### KdcServer
+Kerberos Server API.  
+Please look at [kerb-server](kerby-kerb/kerb-server/README.md) for details.
+
+### SimpleKdcServer
+A simplified Kdc server. It can be imported by other project to work as a kdc server.  
+Please look at [kerb-simplekdc](kerby-kerb/kerb-simplekdc/README.md) for details.
+
+### How to play with the standalone KDC
+Please look at [Kerby KDC](kerby-dist/README.md) for details.
 
 ### ASN-1 support
 Please look at [kerby-asn1](kerby-asn1/) for details.
@@ -44,22 +63,49 @@ Independent of Kerberos code in JRE, but rely on JCE
 | rc4 |	The RC4 family: arcfour-hmac |
 | camellia | The Camellia family: camellia256-cts-cmac and camellia128-cts-cmac |
 
-### How to play with the standalone KDC
- [Kerby KDC](kerby-dist/README.md)
+### Identity Backend
+A standalone KDC server that can integrate various identity back ends including:
+- MemoryIdentityBackend.
+  - It is default Identity Backend, and no cofiguration is needed. This backend is for no
permanent storage requirements.
+- JsonIdentityBackend.
+  - It implemented by Gson which is used to convert Java Objects into their JSON representation
and convert a JSON string to an equivalent Java object. A json file will be created in "backend.json.file".
This backend is for small, easy, development and test environment.
+- ZookeeperIdentityBackend.
+  - Currently it uses an embedded Zookeeper. In follow up it will be enhanced to support
standalone Zookeeper cluster for
+  replication and reliability. Zookeeper backend would be a good choice for high reliability,
high performance and high scalability requirement and scenarios. 
+- LdapIdentityBackend.
+  - The Ldap server can be standalone or embedded using ApacheDS server as the backend. It
is used when there is exist ldap server.
+- MavibotBackend.
+  - A backend based on Apache Mavibot(an MVCC BTree library).
+
+### Network Support
+- Include UDP and TCP transport.
+- Default KDC server implementation.
+  - The Networking Classes in the JDK is used.
+- Netty based KDC server implementation.
+  - Netty is an asynchronous event-driven network application framework for rapid development
of maintainable high    performance protocol servers & clients.
+  - With better throughput, lower latency.
+
+### Tools
+- kadmin:
+  -Command-line interfaces to the Kerby administration system.
+- kinit:
+  - Obtains and caches an initial ticket-granting ticket for principal.
+- klist:
+  - Lists the Kerby principal and tickets held in a credentials cache, or the keys held in
a keytab file.
 
 #### Kerby Lib Projects
 - kerby-asn1. A model driven ASN-1 encoding and decoding framework
-- kerby-event. A pure event driven application framework aiming to construct applications
of asynchronous and concurrent handlers. It includes UDP and TCP transports based on pure
Java NIO and concurrency pattern.
 - kerby-config. A unified configuration API that aims to support various configuration file
formats, like XML, INI, even Java Map and Properties.
 
 ### Dependency
 - The core part is ensured to only depend on the JRE and SLF4J. Every external dependency
is taken carefully and maintained separately.
-- [Not-Yet-Commons-SSL](http://juliusdavies.ca/not-yet-commons-ssl-0.3.9/), required by pki-provider
and PKINIT mechanism.
 - [Nimbus JOSE + JWT](http://connect2id.com/products/nimbus-jose-jwt), needed by token-provider
and TokenPreauth mechanism.
+- [Netty](http://netty.io/), needed by netty based KDC server.
+- [Zookeeper](https://zookeeper.apache.org/), needed by zookeeper identity backend.
 
 ### License
 Apache License V2.0
 
 ### How to contribute
-- Git repo in Apache: [Source codes](https://git-wip-us.apache.org/repos/asf/directory-kerby.git)
+- Git repo in Apache: https://git-wip-us.apache.org/repos/asf/directory-kerby.git
 - Umbrella JIRA: it's tracked in the master JIRA [DIRKRB-102](https://issues.apache.org/jira/browse/DIRKRB-102),
and find tasks there.

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/5bb643ce/kerby-dist/README.md
----------------------------------------------------------------------
diff --git a/kerby-dist/README.md b/kerby-dist/README.md
index ddc9f09..29585ea 100644
--- a/kerby-dist/README.md
+++ b/kerby-dist/README.md
@@ -36,12 +36,17 @@ An example of kdc.conf:
     kdc_tcp_port = 8015
     kdc_realm = TEST.COM
 ```
-An example of backend.conf:
+An example of json backend backend.conf:
 ```
 kdc_identity_backend = org.apache.kerby.kerberos.kdc.identitybackend.JsonIdentityBackend
 backend.json.file = /tmp/kerby/jsonbackend
 ```
-
+An example of zookeeper backend backend.conf:
+```
+kdc_identity_backend = org.apache.kerby.kerberos.kdc.identitybackend.ZookeeperIdentityBackend
+data_dir = /tmp/kerby/zookeeper/data
+data_log_dir = /tmp/kerby/zookeeper/datalog
+```
 An example of krb5.conf:
 ```
 [libdefaults]

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/5bb643ce/kerby-kerb/kerb-admin/README.md
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/README.md b/kerby-kerb/kerb-admin/README.md
new file mode 100644
index 0000000..ebe7af7
--- /dev/null
+++ b/kerby-kerb/kerb-admin/README.md
@@ -0,0 +1,63 @@
+kerb-admin
+============
+
+### Initiate a Kadmin
+* Initiate a Kadmin with confDir.
+<pre>
+Kadmin kadmin = new Kadmin(confDir);
+</pre>
+* Initiate a Kadmin with kdcSetting and backend.
+<pre>
+Kadmin kadmin = new Kadmin(kdcSetting, backend);
+</pre>
+
+### Principal operating
+* Add principle with principal name.
+<pre>
+addPrincipal(principal);
+</pre>
+* Add principle with principal name and password.
+<pre>
+addPrincipal(principal, password);
+</pre>
+* Add principle with principal name and kOptions.
+<pre>
+addPrincipal(principal, kOptions);
+</pre>
+* Add principle with principal name, password and kOptions.
+<pre>
+addPrincipal(principal, password kOptions);
+</pre>
+* Delete principle with principal name.
+<pre>
+deletePrincipal(principal);
+</pre>
+* Modify principle with principal name and kOptions.
+<pre>
+modifyPrincipal(principal, kOptions);
+</pre>
+* Rename principle.
+<pre>
+renamePrincipal(oldPrincipalName, newPrincipalName);
+</pre>
+* Get principle with principal name.
+<pre>
+getPrincipal(principalName);
+</pre>
+* Get all the principles.
+<pre>
+getPrincipals();
+</pre>
+* Update password with principal name and new password.
+<pre>
+updatePassword(principal, newPassword);
+</pre>
+* Export all identity keys to the specified keytab file.
+<pre>
+exportKeyTab(keyTabFile);
+</pre>
+
+
+
+
+

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/5bb643ce/kerby-kerb/kerb-client/README.md
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/README.md b/kerby-kerb/kerb-client/README.md
new file mode 100644
index 0000000..758642b
--- /dev/null
+++ b/kerby-kerb/kerb-client/README.md
@@ -0,0 +1,32 @@
+kerb-client
+============
+
+### Initiate a KrbClient
+* Initiate a KrbClient with prepared KrbConfig.
+<pre>
+KrbClient krbClient = new KrbClient(krbConfig);
+</pre>
+* Initiate a KrbClient with with conf dir.
+<pre>
+KrbClient krbClient = new KrbClient(confDir);
+</pre>
+
+### Request a TGT
+* Request a TGT with user plain password credential
+<pre>
+requestTgtWithPassword(principal, password);
+</pre>
+* Request a TGT with user token credential
+<pre>
+requestTgtWithToken(token, armorCache);
+</pre>
+
+### Request a service ticket
+* Request a service ticket with user TGT credential for a server
+<pre>
+requestServiceTicketWithTgt(tgt, serverPrincipal);
+</pre>
+* Request a service ticket with user AccessToken credential for a server
+<pre>
+requestServiceTicketWithAccessToken(accessToken, serverPrincipal, armorCache);
+</pre>

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/5bb643ce/kerby-kerb/kerb-server/README.md
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/README.md b/kerby-kerb/kerb-server/README.md
new file mode 100644
index 0000000..9f68b36
--- /dev/null
+++ b/kerby-kerb/kerb-server/README.md
@@ -0,0 +1,52 @@
+kerb-server
+============
+
+### Initiate kdc server
+* Initiate a kdc server with prepared confDir.
+<pre>
+KdcServer server = new KdcServer(confDir);
+</pre>
+
+### Start and set kdc server
+* Start kdc server.
+<pre>
+start();
+</pre>
+* Set KDC realm for ticket request
+<pre>
+setKdcRealm(realm);
+</pre>
+* Set KDC host.
+<pre>
+setKdcHost(kdcHost);
+</pre>
+* Set KDC tcp port.
+<pre>
+setKdcTcpPort(kdcTcpPort);
+</pre>
+* Set KDC udp port. Only makes sense when allowUdp is set.
+<pre>
+setKdcUdpPort(kdcUdpPort);
+</pre>
+* Set to allow TCP or not.
+<pre>
+setAllowTcp(allowTcp);
+</pre>
+* Set to allow UDP or not.
+<pre>
+setAllowUdp(allowUdp);
+</pre>
+* Allow to debug so have more logs.
+<pre>
+enableDebug();
+</pre>
+* Allow to hook customized kdc implementation.
+<pre>
+setInnerKdcImpl(innerKdcImpl);
+</pre>
+
+### Stop kdc server
+* Start kdc server.
+<pre>
+stop();
+</pre>

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/5bb643ce/kerby-kerb/kerb-simplekdc/README.md
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-simplekdc/README.md b/kerby-kerb/kerb-simplekdc/README.md
new file mode 100644
index 0000000..a5e929f
--- /dev/null
+++ b/kerby-kerb/kerb-simplekdc/README.md
@@ -0,0 +1,66 @@
+kerb-simplekdc
+============
+
+### Kdc server
+</pre>
+* Start simple kdc server.
+<pre>
+start();
+</pre>
+* Set KDC realm for ticket request
+<pre>
+setKdcRealm(realm);
+</pre>
+* Set KDC host.
+<pre>
+setKdcHost(kdcHost);
+</pre>
+* Set KDC tcp port.
+<pre>
+setKdcTcpPort(kdcTcpPort);
+</pre>
+* Set KDC udp port. Only makes sense when allowUdp is set.
+<pre>
+setKdcUdpPort(kdcUdpPort);
+</pre>
+* Set to allow TCP or not.
+<pre>
+setAllowTcp(allowTcp);
+</pre>
+* Set to allow UDP or not.
+<pre>
+setAllowUdp(allowUdp);
+
+### Kadmin
+</pre>
+* Create principle with principal name.
+<pre>
+createPrincipal(principal);
+</pre>
+* Add principle with principal name and password.
+<pre>
+createPrincipal(principal, password);
+</pre>
+* Create principles with principal names.
+<pre>
+createPrincipals(principals);
+</pre>
+* Creates principals and export their keys to the specified keytab file.
+<pre>
+createAndExportPrincipals(keytabFile principals);
+</pre>
+* Delete principle with principal name.
+<pre>
+deletePrincipal(principal);
+</pre>
+</pre>
+* Delete principles with principal names.
+<pre>
+deletePrincipals(principals);
+</pre>
+</pre>
+* Export principles to keytab file.
+<pre>
+exportPrincipals(keytabFile);
+</pre>
+


Mime
View raw message