directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dran...@apache.org
Subject [2/4] directory-kerby git commit: Remote admin client and admin server
Date Sun, 10 Jan 2016 06:59:57 GMT
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/2a21ba09/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/LocalKadmin.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/LocalKadmin.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/LocalKadmin.java
deleted file mode 100644
index 6125f0b..0000000
--- a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/LocalKadmin.java
+++ /dev/null
@@ -1,85 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License. 
- *
- */
-package org.apache.kerby.kerberos.kerb.admin;
-
-import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
-import org.apache.kerby.kerberos.kerb.identity.backend.BackendConfig;
-import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
-import org.apache.kerby.kerberos.kerb.server.KdcConfig;
-
-/**
- * Server side admin facilities for local, similar to MIT kadmin local mode. It
- * may be not accurate regarding 'local' because, if the identity backend itself
- * is supported to be accessed from remote, it won't have to be remote; but if
- * not, then it must be local to the KDC server bounded with the local backend.
- *
- * Note, suitable with Kerby KdcServer based KDCs like Kerby KDC.
- */
-public interface LocalKadmin extends Kadmin {
-
-    /**
-     * Check the built-in principals, will throw KrbException if not exist.
-     * @throws KrbException e
-     */
-    void checkBuiltinPrincipals() throws KrbException;
-
-    /**
-     * Create build-in principals.
-     * @throws KrbException e
-     */
-    void createBuiltinPrincipals() throws KrbException;
-
-    /**
-     * Delete build-in principals.
-     * @throws KrbException e
-     */
-    void deleteBuiltinPrincipals() throws KrbException;
-
-    /**
-     * Get kdc config.
-     *
-     * @return The kdc config.
-     */
-    KdcConfig getKdcConfig();
-
-    /**
-     * Get backend config.
-     *
-     * @return The backend config.
-     */
-    BackendConfig getBackendConfig();
-
-    /**
-     * Get identity backend.
-     *
-     * @return IdentityBackend
-     */
-    IdentityBackend getIdentityBackend();
-
-    /**
-     * Get the identity from backend.
-     *
-     * @param principalName The principal name
-     * @return identity
-     * @throws KrbException e
-     */
-    KrbIdentity getPrincipal(String principalName) throws KrbException;
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/2a21ba09/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/LocalKadminImpl.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/LocalKadminImpl.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/LocalKadminImpl.java
deleted file mode 100644
index 5ba4eb8..0000000
--- a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/LocalKadminImpl.java
+++ /dev/null
@@ -1,392 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License. 
- *
- */
-package org.apache.kerby.kerberos.kerb.admin;
-
-import org.apache.kerby.KOptions;
-import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
-import org.apache.kerby.kerberos.kerb.common.KrbUtil;
-import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
-import org.apache.kerby.kerberos.kerb.identity.backend.BackendConfig;
-import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
-import org.apache.kerby.kerberos.kerb.keytab.Keytab;
-import org.apache.kerby.kerberos.kerb.server.KdcConfig;
-import org.apache.kerby.kerberos.kerb.server.KdcSetting;
-import org.apache.kerby.kerberos.kerb.server.KdcUtil;
-import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
-import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.io.File;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-
-/**
- * The implementation of server side admin facilities for local mode.
- */
-public class LocalKadminImpl implements LocalKadmin {
-    private static final Logger LOG = LoggerFactory.getLogger(LocalKadminImpl.class);
-
-    private final KdcSetting kdcSetting;
-    private final IdentityBackend backend;
-
-    /**
-     * Construct with prepared KdcConfig and BackendConfig.
-     *
-     * @param kdcConfig     The kdc config
-     * @param backendConfig The backend config
-     * @throws KrbException e
-     */
-    public LocalKadminImpl(KdcConfig kdcConfig,
-                           BackendConfig backendConfig) throws KrbException {
-        this.backend = KdcUtil.getBackend(backendConfig);
-        this.kdcSetting = new KdcSetting(kdcConfig, backendConfig);
-    }
-
-    /**
-     * Construct with prepared conf dir.
-     *
-     * @param confDir The path of conf dir
-     * @throws KrbException e
-     */
-    public LocalKadminImpl(File confDir) throws KrbException {
-        KdcConfig tmpKdcConfig = KdcUtil.getKdcConfig(confDir);
-        if (tmpKdcConfig == null) {
-            tmpKdcConfig = new KdcConfig();
-        }
-
-        BackendConfig tmpBackendConfig = KdcUtil.getBackendConfig(confDir);
-        if (tmpBackendConfig == null) {
-            tmpBackendConfig = new BackendConfig();
-        }
-
-        this.kdcSetting = new KdcSetting(tmpKdcConfig, tmpBackendConfig);
-
-        backend = KdcUtil.getBackend(tmpBackendConfig);
-    }
-
-    /**
-     * Construct with prepared KdcSetting and Backend.
-     *
-     * @param kdcSetting The kdc setting
-     * @param backend    The identity backend
-     */
-    public LocalKadminImpl(KdcSetting kdcSetting, IdentityBackend backend) {
-        this.kdcSetting = kdcSetting;
-        this.backend = backend;
-    }
-
-    /**
-     * Get the tgs principal name.
-     */
-    private String getTgsPrincipal() {
-        return KrbUtil.makeTgsPrincipal(kdcSetting.getKdcRealm()).getName();
-    }
-
-    @Override
-    public String getKadminPrincipal() {
-        return KrbUtil.makeKadminPrincipal(kdcSetting.getKdcRealm()).getName();
-    }
-
-    @Override
-    public void checkBuiltinPrincipals() throws KrbException {
-        String tgsPrincipal = getTgsPrincipal();
-        String kadminPrincipal = getKadminPrincipal();
-        if (backend.getIdentity(tgsPrincipal) == null
-            || backend.getIdentity(kadminPrincipal) == null) {
-            String errorMsg = "The built-in principals do not exist in backend,"
-                + " please run the kdcinit tool.";
-            LOG.error(errorMsg);
-            throw new KrbException(errorMsg);
-        }
-    }
-
-    @Override
-    public void createBuiltinPrincipals() throws KrbException {
-        String tgsPrincipal = getTgsPrincipal();
-        if (backend.getIdentity(tgsPrincipal) == null) {
-            addPrincipal(tgsPrincipal);
-        } else {
-            String errorMsg = "The tgs principal already exists in backend.";
-            LOG.error(errorMsg);
-            throw new KrbException(errorMsg);
-        }
-
-        String kadminPrincipal = getKadminPrincipal();
-        if (backend.getIdentity(kadminPrincipal) == null) {
-            addPrincipal(kadminPrincipal);
-        } else {
-            String errorMsg = "The kadmin principal already exists in backend.";
-            LOG.error(errorMsg);
-            throw new KrbException(errorMsg);
-        }
-    }
-
-    @Override
-    public void deleteBuiltinPrincipals() throws KrbException {
-        deletePrincipal(getTgsPrincipal());
-        deletePrincipal(getKadminPrincipal());
-    }
-
-    @Override
-    public KdcConfig getKdcConfig() {
-        return kdcSetting.getKdcConfig();
-    }
-
-    @Override
-    public BackendConfig getBackendConfig() {
-        return kdcSetting.getBackendConfig();
-    }
-
-    @Override
-    public IdentityBackend getIdentityBackend() {
-        return backend;
-    }
-
-    @Override
-    public void addPrincipal(String principal) throws KrbException {
-        principal = fixPrincipal(principal);
-        addPrincipal(principal, new KOptions());
-    }
-
-    @Override
-    public void addPrincipal(String principal, KOptions kOptions)
-            throws KrbException {
-        principal = fixPrincipal(principal);
-        KrbIdentity identity = AdminHelper.createIdentity(principal, kOptions);
-        List<EncryptionKey> keys = EncryptionUtil.generateKeys(
-                getKdcConfig().getEncryptionTypes());
-        identity.addKeys(keys);
-        backend.addIdentity(identity);
-    }
-
-    @Override
-    public void addPrincipal(String principal, String password)
-            throws KrbException {
-        principal = fixPrincipal(principal);
-        addPrincipal(principal, password, new KOptions());
-    }
-
-    @Override
-    public void addPrincipal(String principal, String password, KOptions kOptions)
-            throws KrbException {
-        principal = fixPrincipal(principal);
-        KrbIdentity identity = AdminHelper.createIdentity(principal, kOptions);
-        List<EncryptionKey> keys = EncryptionUtil.generateKeys(principal, password,
-                getKdcConfig().getEncryptionTypes());
-        identity.addKeys(keys);
-        backend.addIdentity(identity);
-    }
-
-    @Override
-    public void exportKeytab(File keytabFile, String principal)
-            throws KrbException {
-        principal = fixPrincipal(principal);
-        List<String> principals = new ArrayList<>(1);
-        principals.add(principal);
-        exportKeytab(keytabFile, principals);
-    }
-
-    @Override
-    public void exportKeytab(File keytabFile, List<String> principals)
-            throws KrbException {
-        //Get Identity
-        List<KrbIdentity> identities = new LinkedList<>();
-        for (String principal : principals) {
-            KrbIdentity identity = backend.getIdentity(principal);
-            if (identity == null) {
-                throw new KrbException("Can not find the identity for pincipal "
-                        + principal);
-            }
-            identities.add(identity);
-        }
-
-        AdminHelper.exportKeytab(keytabFile, identities);
-    }
-
-    @Override
-    public void exportKeytab(File keytabFile) throws KrbException {
-        Keytab keytab = AdminHelper.createOrLoadKeytab(keytabFile);
-
-        Iterable<String> principals = backend.getIdentities();
-        for (String principal : principals) {
-            KrbIdentity identity = backend.getIdentity(principal);
-            if (identity != null) {
-                AdminHelper.exportToKeytab(keytab, identity);
-            }
-        }
-
-        AdminHelper.storeKeytab(keytab, keytabFile);
-    }
-
-    @Override
-    public void removeKeytabEntriesOf(File keytabFile, String principal)
-            throws KrbException {
-        principal = fixPrincipal(principal);
-        AdminHelper.removeKeytabEntriesOf(keytabFile, principal);
-    }
-
-    @Override
-    public void removeKeytabEntriesOf(File keytabFile, String principal, int kvno)
-            throws KrbException {
-        principal = fixPrincipal(principal);
-        AdminHelper.removeKeytabEntriesOf(keytabFile, principal, kvno);
-    }
-
-    @Override
-    public void removeOldKeytabEntriesOf(File keytabFile, String principal)
-            throws KrbException {
-        principal = fixPrincipal(principal);
-        AdminHelper.removeOldKeytabEntriesOf(keytabFile, principal);
-    }
-
-    @Override
-    public void deletePrincipal(String principal) throws KrbException {
-        principal = fixPrincipal(principal);
-        backend.deleteIdentity(principal);
-    }
-
-    @Override
-    public void modifyPrincipal(String principal, KOptions kOptions)
-            throws KrbException {
-        principal = fixPrincipal(principal);
-        KrbIdentity identity = backend.getIdentity(principal);
-        if (identity == null) {
-            throw new KrbException("Principal \""
-                    + principal + "\" does not exist.");
-        }
-        AdminHelper.updateIdentity(identity, kOptions);
-        backend.updateIdentity(identity);
-    }
-
-    @Override
-    public void renamePrincipal(String oldPrincipalName, String newPrincipalName)
-            throws KrbException {
-        oldPrincipalName = fixPrincipal(oldPrincipalName);
-        newPrincipalName = fixPrincipal(newPrincipalName);
-        KrbIdentity oldIdentity = backend.getIdentity(newPrincipalName);
-        if (oldIdentity != null) {
-            throw new KrbException("Principal \""
-                    + oldIdentity.getPrincipalName() + "\" is already exist.");
-        }
-        KrbIdentity identity = backend.getIdentity(oldPrincipalName);
-        if (identity == null) {
-            throw new KrbException("Principal \""
-                    + oldPrincipalName + "\" does not exist.");
-        }
-        backend.deleteIdentity(oldPrincipalName);
-
-        identity.setPrincipalName(newPrincipalName);
-        identity.setPrincipal(new PrincipalName(newPrincipalName));
-        backend.addIdentity(identity);
-    }
-
-    @Override
-    public KrbIdentity getPrincipal(String principalName) throws KrbException {
-        KrbIdentity identity = backend.getIdentity(principalName);
-        return identity;
-    }
-
-    @Override
-    public List<String> getPrincipals() throws KrbException {
-        Iterable<String> principalNames = backend.getIdentities();
-        List<String> principalList = new LinkedList<>();
-        Iterator<String> iterator = principalNames.iterator();
-        while (iterator.hasNext()) {
-            principalList.add(iterator.next());
-        }
-        return principalList;
-    }
-
-    @Override
-    public List<String> getPrincipals(String globString) throws KrbException {
-        Pattern pt = AdminHelper.getPatternFromGlobPatternString(globString);
-        if (pt == null) {
-            return getPrincipals();
-        }
-
-        Boolean containsAt = pt.pattern().indexOf('@') != -1;
-        List<String> result = new LinkedList<>();
-
-        List<String> principalNames = getPrincipals();
-        for (String principal: principalNames) {
-            String toMatch = containsAt ? principal : principal.split("@")[0];
-            Matcher m = pt.matcher(toMatch);
-            if (m.matches()) {
-                result.add(principal);
-            }
-        }
-        return result;
-    }
-
-    @Override
-    public void changePassword(String principal,
-                               String newPassword) throws KrbException {
-        principal = fixPrincipal(principal);
-        KrbIdentity identity = backend.getIdentity(principal);
-        if (identity == null) {
-            throw new KrbException("Principal " + principal
-                    + "was not found. Please check the input and try again");
-        }
-        List<EncryptionKey> keys = EncryptionUtil.generateKeys(principal, newPassword,
-                getKdcConfig().getEncryptionTypes());
-        identity.addKeys(keys);
-
-        backend.updateIdentity(identity);
-    }
-
-    @Override
-    public void updateKeys(String principal) throws KrbException {
-        principal = fixPrincipal(principal);
-        KrbIdentity identity = backend.getIdentity(principal);
-        if (identity == null) {
-            throw new KrbException("Principal " + principal
-                    + "was not found. Please check the input and try again");
-        }
-        List<EncryptionKey> keys = EncryptionUtil.generateKeys(
-                getKdcConfig().getEncryptionTypes());
-        identity.addKeys(keys);
-        backend.updateIdentity(identity);
-    }
-
-    @Override
-    public void release() throws KrbException {
-        if (backend != null) {
-            backend.stop();
-        }
-    }
-
-    /**
-     * Fix principal name, making it complete.
-     *
-     * @param principal The principal name
-     */
-    private String fixPrincipal(String principal) {
-        if (!principal.contains("@")) {
-            principal += "@" + kdcSetting.getKdcRealm();
-        }
-        return principal;
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/2a21ba09/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/RemoteKadminImpl.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/RemoteKadminImpl.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/RemoteKadminImpl.java
deleted file mode 100644
index 16115d8..0000000
--- a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/RemoteKadminImpl.java
+++ /dev/null
@@ -1,144 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License. 
- *
- */
-package org.apache.kerby.kerberos.kerb.admin;
-
-import org.apache.kerby.KOptions;
-import org.apache.kerby.kerberos.kerb.KrbException;
-
-import java.io.File;
-import java.util.List;
-
-/**
- * Server side admin facilities from remote, similar to MIT Kadmin remote mode.
- * It uses GSSAPI and XDR to communicate with remote KDC/kadmind to do the
- * requested operations. In the client side, it simply wraps and sends the
- * request info to the server kadmind side, and then unwraps the response for
- * the operation result.
- *
- * TO BE IMPLEMENTED.
- */
-public class RemoteKadminImpl implements Kadmin {
-
-    @Override
-    public String getKadminPrincipal() {
-        return null;
-    }
-
-    @Override
-    public void addPrincipal(String principal) throws KrbException {
-
-    }
-
-    @Override
-    public void addPrincipal(String principal,
-                             KOptions kOptions) throws KrbException {
-
-    }
-
-    @Override
-    public void addPrincipal(String principal,
-                             String password) throws KrbException {
-
-    }
-
-    @Override
-    public void addPrincipal(String principal, String password,
-                             KOptions kOptions) throws KrbException {
-
-    }
-
-    @Override
-    public void exportKeytab(File keytabFile,
-                             String principal) throws KrbException {
-
-    }
-
-    @Override
-    public void exportKeytab(File keytabFile,
-                             List<String> principals) throws KrbException {
-
-    }
-
-    @Override
-    public void exportKeytab(File keytabFile) throws KrbException {
-
-    }
-
-    @Override
-    public void removeKeytabEntriesOf(File keytabFile,
-                                      String principal) throws KrbException {
-
-    }
-
-    @Override
-    public void removeKeytabEntriesOf(File keytabFile, String principal,
-                                      int kvno) throws KrbException {
-
-    }
-
-    @Override
-    public void removeOldKeytabEntriesOf(File keytabFile,
-                                         String principal) throws KrbException {
-
-    }
-
-    @Override
-    public void deletePrincipal(String principal) throws KrbException {
-
-    }
-
-    @Override
-    public void modifyPrincipal(String principal,
-                                KOptions kOptions) throws KrbException {
-
-    }
-
-    @Override
-    public void renamePrincipal(String oldPrincipalName,
-                                String newPrincipalName) throws KrbException {
-
-    }
-
-    @Override
-    public List<String> getPrincipals() throws KrbException {
-        return null;
-    }
-
-    @Override
-    public List<String> getPrincipals(String globString) throws KrbException {
-        return null;
-    }
-
-    @Override
-    public void changePassword(String principal,
-                               String newPassword) throws KrbException {
-
-    }
-
-    @Override
-    public void updateKeys(String principal) throws KrbException {
-
-    }
-
-    @Override
-    public void release() throws KrbException {
-
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/2a21ba09/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/local/AdminHelper.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/local/AdminHelper.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/local/AdminHelper.java
new file mode 100644
index 0000000..6836cf2
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/local/AdminHelper.java
@@ -0,0 +1,309 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.admin.local;
+
+import org.apache.kerby.KOptions;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.KadminOption;
+import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
+import org.apache.kerby.kerberos.kerb.keytab.Keytab;
+import org.apache.kerby.kerberos.kerb.keytab.KeytabEntry;
+import org.apache.kerby.kerberos.kerb.type.KerberosTime;
+import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
+import org.apache.kerby.kerberos.kerb.type.base.EncryptionType;
+import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.Date;
+import java.util.List;
+import java.util.regex.Pattern;
+import java.util.regex.PatternSyntaxException;
+
+/**
+ * LocalKadmin utilities.
+ */
+public final class AdminHelper {
+
+    private AdminHelper() { }
+
+    /**
+     * Export all the keys of the specified principal into the specified keytab
+     * file.
+     *
+     * @param keytabFile The keytab file
+     * @param identity  The identity
+     * @throws KrbException
+     */
+    static void exportKeytab(File keytabFile, KrbIdentity identity)
+            throws KrbException {
+
+        Keytab keytab = createOrLoadKeytab(keytabFile);
+
+        exportToKeytab(keytab, identity);
+
+        storeKeytab(keytab, keytabFile);
+    }
+
+    /**
+     * Export all the keys of the specified principal into the specified keytab
+     * file.
+     *
+     * @param keytabFile The keytab file
+     * @param identities  Identities to export to keytabFile
+     * @throws KrbException
+     */
+    static void exportKeytab(File keytabFile, List<KrbIdentity> identities)
+            throws KrbException {
+
+        Keytab keytab = createOrLoadKeytab(keytabFile);
+
+        for (KrbIdentity identity : identities) {
+            exportToKeytab(keytab, identity);
+        }
+
+        storeKeytab(keytab, keytabFile);
+    }
+
+    /**
+     * Load keytab from keytab file.
+     *
+     * @param keytabFile The keytab file
+     * @return The keytab load from keytab file
+     * @throws KrbException
+     */
+    static Keytab loadKeytab(File keytabFile) throws KrbException {
+        Keytab keytab;
+        try {
+            keytab = Keytab.loadKeytab(keytabFile);
+        } catch (IOException e) {
+            throw new KrbException("Failed to load keytab", e);
+        }
+
+        return keytab;
+    }
+
+    /**
+     * If keytab file does not exist, create a new keytab,
+     * otherwise load keytab from keytab file.
+     *
+     * @param keytabFile The keytab file
+     * @return The keytab load from keytab file
+     * @throws KrbException
+     */
+    static Keytab createOrLoadKeytab(File keytabFile) throws KrbException {
+
+        Keytab keytab;
+        try {
+            if (!keytabFile.exists()) {
+                if (!keytabFile.createNewFile()) {
+                    throw new KrbException("Failed to create keytab file "
+                            + keytabFile.getAbsolutePath());
+                }
+                keytab = new Keytab();
+            } else {
+                keytab = Keytab.loadKeytab(keytabFile);
+            }
+        } catch (IOException e) {
+            throw new KrbException("Failed to load or create keytab", e);
+        }
+
+        return keytab;
+    }
+
+    /**
+     * Export all the keys of the specified identity into the keytab.
+     *
+     * @param keytab The keytab
+     * @param identity  The identity
+     * @throws KrbException
+     */
+    static void exportToKeytab(Keytab keytab, KrbIdentity identity)
+        throws KrbException {
+
+        //Add principal to keytab.
+        PrincipalName principal = identity.getPrincipal();
+        KerberosTime timestamp = KerberosTime.now();
+        for (EncryptionType encType : identity.getKeys().keySet()) {
+            EncryptionKey ekey = identity.getKeys().get(encType);
+            int keyVersion = ekey.getKvno();
+            keytab.addEntry(new KeytabEntry(principal, timestamp, keyVersion, ekey));
+        }
+    }
+
+    /**
+     * Store the keytab to keytab file.
+     *
+     * @param keytab   The keytab
+     * @param keytabFile The keytab file
+     * @throws KrbException
+     */
+    static void storeKeytab(Keytab keytab, File keytabFile) throws KrbException {
+        try {
+            keytab.store(keytabFile);
+        } catch (IOException e) {
+            throw new KrbException("Failed to store keytab", e);
+        }
+    }
+
+    /**
+     * Remove all the keys of the specified principal in the specified keytab
+     * file.
+     *
+     * @param keytabFile The keytab file
+     * @param principalName  The principal name
+     * @throws KrbException
+     */
+    static void removeKeytabEntriesOf(File keytabFile,
+                                             String principalName) throws KrbException {
+        Keytab keytab = loadKeytab(keytabFile);
+
+        keytab.removeKeytabEntries(new PrincipalName(principalName));
+
+        storeKeytab(keytab, keytabFile);
+    }
+
+    /**
+     * Remove all the keys of the specified principal with specified kvno
+     * in the specified keytab file.
+     *
+     * @param keytabFile The keytab file
+     * @param principalName  The principal name
+     * @param kvno The kvno
+     * @throws KrbException
+     */
+    static void removeKeytabEntriesOf(File keytabFile,
+                                      String principalName, int kvno) throws KrbException {
+        Keytab keytab = loadKeytab(keytabFile);
+
+        keytab.removeKeytabEntries(new PrincipalName(principalName), kvno);
+
+        storeKeytab(keytab, keytabFile);
+    }
+
+    /**
+     * Remove all the old keys of the specified principal
+     * in the specified keytab file.
+     *
+     * @param keytabFile The keytab file
+     * @param principalName  The principal name
+     * @throws KrbException
+     */
+    static void removeOldKeytabEntriesOf(File keytabFile,
+                                                String principalName) throws KrbException {
+        Keytab keytab = loadKeytab(keytabFile);
+
+        List<KeytabEntry> entries = keytab.getKeytabEntries(
+                new PrincipalName(principalName));
+
+        int maxKvno = 0;
+        for (KeytabEntry entry : entries) {
+            if (maxKvno < entry.getKvno()) {
+                maxKvno = entry.getKvno();
+            }
+        }
+
+        for (KeytabEntry entry : entries) {
+            if (entry.getKvno() < maxKvno) {
+                keytab.removeKeytabEntry(entry);
+            }
+        }
+
+        storeKeytab(keytab, keytabFile);
+    }
+
+    /**
+     * Create principal.
+     *
+     * @param principal The principal name to be created
+     * @param kOptions  The KOptions with principal info
+     */
+    static KrbIdentity createIdentity(String principal, KOptions kOptions)
+        throws KrbException {
+        KrbIdentity kid = new KrbIdentity(principal);
+        kid.setCreatedTime(KerberosTime.now());
+        if (kOptions.contains(KadminOption.EXPIRE)) {
+            Date date = kOptions.getDateOption(KadminOption.EXPIRE);
+            kid.setExpireTime(new KerberosTime(date.getTime()));
+        } else {
+            kid.setExpireTime(new KerberosTime(253402300799900L));
+        }
+        if (kOptions.contains(KadminOption.KVNO)) {
+            kid.setKeyVersion(kOptions.getIntegerOption(KadminOption.KVNO));
+        } else {
+            kid.setKeyVersion(1);
+        }
+        kid.setDisabled(false);
+        kid.setLocked(false);
+
+        return kid;
+    }
+
+    /**
+     * Modify the principal with KOptions.
+     *
+     * @param identity The identity to be modified
+     * @param kOptions  The KOptions with changed principal info
+     * @throws KrbException
+     */
+    static void updateIdentity(KrbIdentity identity, KOptions kOptions) {
+        if (kOptions.contains(KadminOption.EXPIRE)) {
+            Date date = kOptions.getDateOption(KadminOption.EXPIRE);
+            identity.setExpireTime(new KerberosTime(date.getTime()));
+        }
+        if (kOptions.contains(KadminOption.DISABLED)) {
+            identity.setDisabled(kOptions.getBooleanOption(KadminOption.DISABLED, false));
+        }
+        if (kOptions.contains(KadminOption.LOCKED)) {
+            identity.setLocked(kOptions.getBooleanOption(KadminOption.LOCKED, false));
+        }
+    }
+
+    /**
+     * Get all the Pattern for matching from glob string.
+     * The glob string can contain "." "*" and "[]"
+     *
+     * @param globString The glob string for matching
+     * @return pattern
+     * @throws KrbException
+     */
+    static Pattern getPatternFromGlobPatternString(String globString) throws KrbException {
+        if (globString == null || globString.equals("")) {
+            return null;
+        }
+        if (!Pattern.matches("^[0-9A-Za-z._/@*?\\[\\]\\-]+$", globString)) {
+            throw new KrbException("Glob pattern string contains invalid character");
+        }
+
+        String patternString = globString;
+        patternString = patternString.replaceAll("\\.", "\\\\.");
+        patternString = patternString.replaceAll("\\?", ".");
+        patternString = patternString.replaceAll("\\*", ".*");
+        patternString = "^" + patternString + "$";
+
+        Pattern pt;
+        try {
+            pt = Pattern.compile(patternString);
+        } catch (PatternSyntaxException e) {
+            throw new KrbException("Invalid glob pattern string");
+        }
+        return pt;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/2a21ba09/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/local/LocalKadmin.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/local/LocalKadmin.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/local/LocalKadmin.java
new file mode 100644
index 0000000..556e8f6
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/local/LocalKadmin.java
@@ -0,0 +1,86 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.local;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.Kadmin;
+import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
+import org.apache.kerby.kerberos.kerb.identity.backend.BackendConfig;
+import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
+import org.apache.kerby.kerberos.kerb.server.KdcConfig;
+
+/**
+ * Server side admin facilities for local, similar to MIT kadmin local mode. It
+ * may be not accurate regarding 'local' because, if the identity backend itself
+ * is supported to be accessed from remote, it won't have to be remote; but if
+ * not, then it must be local to the KDC server bounded with the local backend.
+ *
+ * Note, suitable with Kerby AdminServerImpl based KDCs like Kerby KDC.
+ */
+public interface LocalKadmin extends Kadmin {
+
+    /**
+     * Check the built-in principals, will throw KrbException if not exist.
+     * @throws KrbException e
+     */
+    void checkBuiltinPrincipals() throws KrbException;
+
+    /**
+     * Create build-in principals.
+     * @throws KrbException e
+     */
+    void createBuiltinPrincipals() throws KrbException;
+
+    /**
+     * Delete build-in principals.
+     * @throws KrbException e
+     */
+    void deleteBuiltinPrincipals() throws KrbException;
+
+    /**
+     * Get kdc config.
+     *
+     * @return The kdc config.
+     */
+    KdcConfig getKdcConfig();
+
+    /**
+     * Get backend config.
+     *
+     * @return The backend config.
+     */
+    BackendConfig getBackendConfig();
+
+    /**
+     * Get identity backend.
+     *
+     * @return IdentityBackend
+     */
+    IdentityBackend getIdentityBackend();
+
+    /**
+     * Get the identity from backend.
+     *
+     * @param principalName The principal name
+     * @return identity
+     * @throws KrbException e
+     */
+    KrbIdentity getPrincipal(String principalName) throws KrbException;
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/2a21ba09/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/local/LocalKadminImpl.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/local/LocalKadminImpl.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/local/LocalKadminImpl.java
new file mode 100644
index 0000000..97f2560
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/local/LocalKadminImpl.java
@@ -0,0 +1,392 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.local;
+
+import org.apache.kerby.KOptions;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
+import org.apache.kerby.kerberos.kerb.common.KrbUtil;
+import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
+import org.apache.kerby.kerberos.kerb.identity.backend.BackendConfig;
+import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
+import org.apache.kerby.kerberos.kerb.keytab.Keytab;
+import org.apache.kerby.kerberos.kerb.server.KdcConfig;
+import org.apache.kerby.kerberos.kerb.server.KdcSetting;
+import org.apache.kerby.kerberos.kerb.server.KdcUtil;
+import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
+import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.File;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+/**
+ * The implementation of server side admin facilities for local mode.
+ */
+public class LocalKadminImpl implements LocalKadmin {
+    private static final Logger LOG = LoggerFactory.getLogger(LocalKadminImpl.class);
+
+    private final KdcSetting kdcSetting;
+    private final IdentityBackend backend;
+
+    /**
+     * Construct with prepared AdminServerConfig and BackendConfig.
+     *
+     * @param kdcConfig     The kdc config
+     * @param backendConfig The backend config
+     * @throws KrbException e
+     */
+    public LocalKadminImpl(KdcConfig kdcConfig,
+                           BackendConfig backendConfig) throws KrbException {
+        this.backend = KdcUtil.getBackend(backendConfig);
+        this.kdcSetting = new KdcSetting(kdcConfig, backendConfig);
+    }
+
+    /**
+     * Construct with prepared conf dir.
+     *
+     * @param confDir The path of conf dir
+     * @throws KrbException e
+     */
+    public LocalKadminImpl(File confDir) throws KrbException {
+        KdcConfig tmpKdcConfig = KdcUtil.getKdcConfig(confDir);
+        if (tmpKdcConfig == null) {
+            tmpKdcConfig = new KdcConfig();
+        }
+
+        BackendConfig tmpBackendConfig = KdcUtil.getBackendConfig(confDir);
+        if (tmpBackendConfig == null) {
+            tmpBackendConfig = new BackendConfig();
+        }
+
+        this.kdcSetting = new KdcSetting(tmpKdcConfig, tmpBackendConfig);
+
+        backend = KdcUtil.getBackend(tmpBackendConfig);
+    }
+
+    /**
+     * Construct with prepared AdminServerSetting and Backend.
+     *
+     * @param kdcSetting The kdc setting
+     * @param backend    The identity backend
+     */
+    public LocalKadminImpl(KdcSetting kdcSetting, IdentityBackend backend) {
+        this.kdcSetting = kdcSetting;
+        this.backend = backend;
+    }
+
+    /**
+     * Get the tgs principal name.
+     */
+    private String getTgsPrincipal() {
+        return KrbUtil.makeTgsPrincipal(kdcSetting.getKdcRealm()).getName();
+    }
+
+    @Override
+    public String getKadminPrincipal() {
+        return KrbUtil.makeKadminPrincipal(kdcSetting.getKdcRealm()).getName();
+    }
+
+    @Override
+    public void checkBuiltinPrincipals() throws KrbException {
+        String tgsPrincipal = getTgsPrincipal();
+        String kadminPrincipal = getKadminPrincipal();
+        if (backend.getIdentity(tgsPrincipal) == null
+            || backend.getIdentity(kadminPrincipal) == null) {
+            String errorMsg = "The built-in principals do not exist in backend,"
+                + " please run the kdcinit tool.";
+            LOG.error(errorMsg);
+            throw new KrbException(errorMsg);
+        }
+    }
+
+    @Override
+    public void createBuiltinPrincipals() throws KrbException {
+        String tgsPrincipal = getTgsPrincipal();
+        if (backend.getIdentity(tgsPrincipal) == null) {
+            addPrincipal(tgsPrincipal);
+        } else {
+            String errorMsg = "The tgs principal already exists in backend.";
+            LOG.error(errorMsg);
+            throw new KrbException(errorMsg);
+        }
+
+        String kadminPrincipal = getKadminPrincipal();
+        if (backend.getIdentity(kadminPrincipal) == null) {
+            addPrincipal(kadminPrincipal);
+        } else {
+            String errorMsg = "The kadmin principal already exists in backend.";
+            LOG.error(errorMsg);
+            throw new KrbException(errorMsg);
+        }
+    }
+
+    @Override
+    public void deleteBuiltinPrincipals() throws KrbException {
+        deletePrincipal(getTgsPrincipal());
+        deletePrincipal(getKadminPrincipal());
+    }
+
+    @Override
+    public KdcConfig getKdcConfig() {
+        return kdcSetting.getKdcConfig();
+    }
+
+    @Override
+    public BackendConfig getBackendConfig() {
+        return kdcSetting.getBackendConfig();
+    }
+
+    @Override
+    public IdentityBackend getIdentityBackend() {
+        return backend;
+    }
+
+    @Override
+    public void addPrincipal(String principal) throws KrbException {
+        principal = fixPrincipal(principal);
+        addPrincipal(principal, new KOptions());
+    }
+
+    @Override
+    public void addPrincipal(String principal, KOptions kOptions)
+            throws KrbException {
+        principal = fixPrincipal(principal);
+        KrbIdentity identity = AdminHelper.createIdentity(principal, kOptions);
+        List<EncryptionKey> keys = EncryptionUtil.generateKeys(
+                getKdcConfig().getEncryptionTypes());
+        identity.addKeys(keys);
+        backend.addIdentity(identity);
+    }
+
+    @Override
+    public void addPrincipal(String principal, String password)
+            throws KrbException {
+        principal = fixPrincipal(principal);
+        addPrincipal(principal, password, new KOptions());
+    }
+
+    @Override
+    public void addPrincipal(String principal, String password, KOptions kOptions)
+            throws KrbException {
+        principal = fixPrincipal(principal);
+        KrbIdentity identity = AdminHelper.createIdentity(principal, kOptions);
+        List<EncryptionKey> keys = EncryptionUtil.generateKeys(principal, password,
+                getKdcConfig().getEncryptionTypes());
+        identity.addKeys(keys);
+        backend.addIdentity(identity);
+    }
+
+    @Override
+    public void exportKeytab(File keytabFile, String principal)
+            throws KrbException {
+        principal = fixPrincipal(principal);
+        List<String> principals = new ArrayList<>(1);
+        principals.add(principal);
+        exportKeytab(keytabFile, principals);
+    }
+
+    @Override
+    public void exportKeytab(File keytabFile, List<String> principals)
+            throws KrbException {
+        //Get Identity
+        List<KrbIdentity> identities = new LinkedList<>();
+        for (String principal : principals) {
+            KrbIdentity identity = backend.getIdentity(principal);
+            if (identity == null) {
+                throw new KrbException("Can not find the identity for pincipal "
+                        + principal);
+            }
+            identities.add(identity);
+        }
+
+        AdminHelper.exportKeytab(keytabFile, identities);
+    }
+
+    @Override
+    public void exportKeytab(File keytabFile) throws KrbException {
+        Keytab keytab = AdminHelper.createOrLoadKeytab(keytabFile);
+
+        Iterable<String> principals = backend.getIdentities();
+        for (String principal : principals) {
+            KrbIdentity identity = backend.getIdentity(principal);
+            if (identity != null) {
+                AdminHelper.exportToKeytab(keytab, identity);
+            }
+        }
+
+        AdminHelper.storeKeytab(keytab, keytabFile);
+    }
+
+    @Override
+    public void removeKeytabEntriesOf(File keytabFile, String principal)
+            throws KrbException {
+        principal = fixPrincipal(principal);
+        AdminHelper.removeKeytabEntriesOf(keytabFile, principal);
+    }
+
+    @Override
+    public void removeKeytabEntriesOf(File keytabFile, String principal, int kvno)
+            throws KrbException {
+        principal = fixPrincipal(principal);
+        AdminHelper.removeKeytabEntriesOf(keytabFile, principal, kvno);
+    }
+
+    @Override
+    public void removeOldKeytabEntriesOf(File keytabFile, String principal)
+            throws KrbException {
+        principal = fixPrincipal(principal);
+        AdminHelper.removeOldKeytabEntriesOf(keytabFile, principal);
+    }
+
+    @Override
+    public void deletePrincipal(String principal) throws KrbException {
+        principal = fixPrincipal(principal);
+        backend.deleteIdentity(principal);
+    }
+
+    @Override
+    public void modifyPrincipal(String principal, KOptions kOptions)
+            throws KrbException {
+        principal = fixPrincipal(principal);
+        KrbIdentity identity = backend.getIdentity(principal);
+        if (identity == null) {
+            throw new KrbException("Principal \""
+                    + principal + "\" does not exist.");
+        }
+        AdminHelper.updateIdentity(identity, kOptions);
+        backend.updateIdentity(identity);
+    }
+
+    @Override
+    public void renamePrincipal(String oldPrincipalName, String newPrincipalName)
+            throws KrbException {
+        oldPrincipalName = fixPrincipal(oldPrincipalName);
+        newPrincipalName = fixPrincipal(newPrincipalName);
+        KrbIdentity oldIdentity = backend.getIdentity(newPrincipalName);
+        if (oldIdentity != null) {
+            throw new KrbException("Principal \""
+                    + oldIdentity.getPrincipalName() + "\" is already exist.");
+        }
+        KrbIdentity identity = backend.getIdentity(oldPrincipalName);
+        if (identity == null) {
+            throw new KrbException("Principal \""
+                    + oldPrincipalName + "\" does not exist.");
+        }
+        backend.deleteIdentity(oldPrincipalName);
+
+        identity.setPrincipalName(newPrincipalName);
+        identity.setPrincipal(new PrincipalName(newPrincipalName));
+        backend.addIdentity(identity);
+    }
+
+    @Override
+    public KrbIdentity getPrincipal(String principalName) throws KrbException {
+        KrbIdentity identity = backend.getIdentity(principalName);
+        return identity;
+    }
+
+    @Override
+    public List<String> getPrincipals() throws KrbException {
+        Iterable<String> principalNames = backend.getIdentities();
+        List<String> principalList = new LinkedList<>();
+        Iterator<String> iterator = principalNames.iterator();
+        while (iterator.hasNext()) {
+            principalList.add(iterator.next());
+        }
+        return principalList;
+    }
+
+    @Override
+    public List<String> getPrincipals(String globString) throws KrbException {
+        Pattern pt = AdminHelper.getPatternFromGlobPatternString(globString);
+        if (pt == null) {
+            return getPrincipals();
+        }
+
+        Boolean containsAt = pt.pattern().indexOf('@') != -1;
+        List<String> result = new LinkedList<>();
+
+        List<String> principalNames = getPrincipals();
+        for (String principal: principalNames) {
+            String toMatch = containsAt ? principal : principal.split("@")[0];
+            Matcher m = pt.matcher(toMatch);
+            if (m.matches()) {
+                result.add(principal);
+            }
+        }
+        return result;
+    }
+
+    @Override
+    public void changePassword(String principal,
+                               String newPassword) throws KrbException {
+        principal = fixPrincipal(principal);
+        KrbIdentity identity = backend.getIdentity(principal);
+        if (identity == null) {
+            throw new KrbException("Principal " + principal
+                    + "was not found. Please check the input and try again");
+        }
+        List<EncryptionKey> keys = EncryptionUtil.generateKeys(principal, newPassword,
+                getKdcConfig().getEncryptionTypes());
+        identity.addKeys(keys);
+
+        backend.updateIdentity(identity);
+    }
+
+    @Override
+    public void updateKeys(String principal) throws KrbException {
+        principal = fixPrincipal(principal);
+        KrbIdentity identity = backend.getIdentity(principal);
+        if (identity == null) {
+            throw new KrbException("Principal " + principal
+                    + "was not found. Please check the input and try again");
+        }
+        List<EncryptionKey> keys = EncryptionUtil.generateKeys(
+                getKdcConfig().getEncryptionTypes());
+        identity.addKeys(keys);
+        backend.updateIdentity(identity);
+    }
+
+    @Override
+    public void release() throws KrbException {
+        if (backend != null) {
+            backend.stop();
+        }
+    }
+
+    /**
+     * Fix principal name, making it complete.
+     *
+     * @param principal The principal name
+     */
+    private String fixPrincipal(String principal) {
+        if (!principal.contains("@")) {
+            principal += "@" + kdcSetting.getKdcRealm();
+        }
+        return principal;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/2a21ba09/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/remote/AdminClient.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/remote/AdminClient.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/remote/AdminClient.java
new file mode 100644
index 0000000..fe12764
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/remote/AdminClient.java
@@ -0,0 +1,140 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.admin.remote;
+
+import org.apache.kerby.KOptions;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.remote.impl.DefaultInternalAdminClient;
+import org.apache.kerby.kerberos.kerb.admin.remote.impl.InternalAdminClient;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.File;
+
+/**
+ * A Krb client API for applications to interact with KDC
+ */
+public class AdminClient {
+    private static final Logger LOG = LoggerFactory.getLogger(AdminClient.class);
+
+    private final AdminConfig adminConfig;
+    private final KOptions commonOptions;
+    private final AdminSetting adminSetting;
+
+    private InternalAdminClient innerClient;
+
+    /**
+     * Default constructor.
+     * @throws KrbException e
+     */
+    public AdminClient() throws KrbException {
+        this.adminConfig = AdminUtil.getDefaultConfig();
+        this.commonOptions = new KOptions();
+        this.adminSetting = new AdminSetting(commonOptions, adminConfig);
+    }
+
+    /**
+     * Construct with prepared AdminConfig.
+     * @param adminConfig The krb config
+     */
+    public AdminClient(AdminConfig adminConfig) {
+        this.adminConfig = adminConfig;
+        this.commonOptions = new KOptions();
+        this.adminSetting = new AdminSetting(commonOptions, adminConfig);
+    }
+
+    /**
+     * Constructor with conf dir
+     * @param confDir The conf dir
+     * @throws KrbException e
+     */
+    public AdminClient(File confDir) throws KrbException {
+        this.commonOptions = new KOptions();
+        this.adminConfig = AdminUtil.getConfig(confDir);
+        this.adminSetting = new AdminSetting(commonOptions, adminConfig);
+    }
+
+    /**
+     * Constructor with prepared AdminClient.
+     * @param krbClient The krb client
+     */
+    public AdminClient(AdminClient krbClient) {
+        this.commonOptions = krbClient.commonOptions;
+        this.adminConfig = krbClient.adminConfig;
+        this.adminSetting = krbClient.adminSetting;
+        this.innerClient = krbClient.innerClient;
+    }
+
+    /**
+     * Set KDC realm for ticket request
+     * @param realm The realm
+     */
+    public void setKdcRealm(String realm) {
+        commonOptions.add(AdminOption.KDC_REALM, realm);
+    }
+
+    /**
+     * Set KDC host.
+     * @param kdcHost The kdc host
+     */
+    public void setKdcHost(String kdcHost) {
+        commonOptions.add(AdminOption.KDC_HOST, kdcHost);
+    }
+
+    /**
+     * Set KDC tcp port.
+     * @param kdcTcpPort The kdc tcp port
+     */
+    public void setKdcTcpPort(int kdcTcpPort) {
+        if (kdcTcpPort < 1) {
+            throw new IllegalArgumentException("Invalid port");
+        }
+        commonOptions.add(AdminOption.KDC_TCP_PORT, kdcTcpPort);
+    }
+
+    /**
+     * Set time out for connection
+     * @param timeout in seconds
+     */
+    public void setTimeout(int timeout) {
+        commonOptions.add(AdminOption.CONN_TIMEOUT, timeout);
+    }
+
+    /**
+     * Init the client.
+     * @throws KrbException e
+     */
+    public void init() throws KrbException {
+        innerClient = new DefaultInternalAdminClient(adminSetting);
+        innerClient.init();
+    }
+
+    /**
+     * Get krb client settings from options and configs.
+     * @return setting
+     */
+    public AdminSetting getSetting() {
+        return adminSetting;
+    }
+
+    public AdminConfig getAdminConfig() {
+        return adminConfig;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/2a21ba09/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/remote/AdminConfig.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/remote/AdminConfig.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/remote/AdminConfig.java
new file mode 100644
index 0000000..ab41147
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/remote/AdminConfig.java
@@ -0,0 +1,315 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.remote;
+
+import org.apache.kerby.kerberos.kerb.common.Krb5Conf;
+import org.apache.kerby.kerberos.kerb.type.base.EncryptionType;
+
+import java.util.Arrays;
+import java.util.List;
+
+/**
+ * Kerb client side configuration API.
+ */
+public class AdminConfig extends Krb5Conf {
+    private static final String LIBDEFAULT = "libdefaults";
+
+    public boolean enableDebug() {
+        return getBoolean(AdminConfigKey.KRB_DEBUG, true, LIBDEFAULT);
+    }
+
+    /**
+     * Get KDC host name
+     *
+     * @return The kdc host
+     */
+    public String getKdcHost() {
+        return getString(
+            AdminConfigKey.KDC_HOST, true, LIBDEFAULT);
+    }
+
+    /**
+     * Get KDC port, as both TCP and UDP ports
+     *
+     * @return The kdc host
+     */
+    public int getKdcPort() {
+        Integer kdcPort = getInt(AdminConfigKey.KDC_PORT, true, LIBDEFAULT);
+        if (kdcPort != null) {
+            return kdcPort.intValue();
+        }
+        return -1;
+    }
+
+    /**
+     * Get KDC TCP port
+     *
+     * @return The kdc tcp port
+     */
+    public int getKdcTcpPort() {
+        Integer kdcPort = getInt(AdminConfigKey.KDC_TCP_PORT, true, LIBDEFAULT);
+        if (kdcPort != null && kdcPort > 0) {
+            return kdcPort.intValue();
+        }
+        return getKdcPort();
+    }
+
+    /**
+     * Is to allow UDP for KDC
+     *
+     * @return true to allow UDP, false otherwise
+     */
+    public boolean allowUdp() {
+        return getBoolean(AdminConfigKey.KDC_ALLOW_UDP, true, LIBDEFAULT)
+                || getInt(AdminConfigKey.KDC_UDP_PORT, true, LIBDEFAULT) != null
+            || getInt(AdminConfigKey.KDC_PORT, false, LIBDEFAULT) != null;
+    }
+
+    /**
+     * Is to allow TCP for KDC
+     *
+     * @return true to allow TCP, false otherwise
+     */
+    public boolean allowTcp() {
+        return getBoolean(AdminConfigKey.KDC_ALLOW_TCP, true, LIBDEFAULT)
+                || getInt(AdminConfigKey.KDC_TCP_PORT, true, LIBDEFAULT) != null
+            || getInt(AdminConfigKey.KDC_PORT, false, LIBDEFAULT) != null;
+    }
+
+    /**
+     * Get KDC UDP port
+     *
+     * @return The kdc udp port
+     */
+    public int getKdcUdpPort() {
+        Integer kdcPort = getInt(AdminConfigKey.KDC_UDP_PORT, true, LIBDEFAULT);
+        if (kdcPort != null && kdcPort > 0) {
+            return kdcPort.intValue();
+        }
+        return getKdcPort();
+    }
+
+    /**
+     * Get KDC realm.
+     * @return The kdc realm
+     */
+    public String getKdcRealm() {
+        String realm = getString(AdminConfigKey.KDC_REALM, false, LIBDEFAULT);
+        if (realm == null) {
+            realm = getString(AdminConfigKey.DEFAULT_REALM, false, LIBDEFAULT);
+            if (realm == null) {
+                realm = (String) AdminConfigKey.KDC_REALM.getDefaultValue();
+            }
+        }
+
+        return realm;
+    }
+
+    /**
+     * Get whether preatuh is required.
+     * @return true if preauth required
+     */
+    public boolean isPreauthRequired() {
+        return getBoolean(AdminConfigKey.PREAUTH_REQUIRED, true, LIBDEFAULT);
+    }
+
+    /**
+     * Get tgs principal.
+     * @return The tgs principal
+     */
+    public String getTgsPrincipal() {
+        return getString(AdminConfigKey.TGS_PRINCIPAL, true, LIBDEFAULT);
+    }
+
+    /**
+     * Get allowable clock skew.
+     * @return The allowable clock skew
+     */
+    public long getAllowableClockSkew() {
+        return getLong(AdminConfigKey.CLOCKSKEW, true, LIBDEFAULT);
+    }
+
+    /**
+     * Get whether empty addresses allowed.
+     * @return true if empty address is allowed
+     */
+    public boolean isEmptyAddressesAllowed() {
+        return getBoolean(AdminConfigKey.EMPTY_ADDRESSES_ALLOWED, true, LIBDEFAULT);
+    }
+
+    /**
+     * Get whether forward is allowed.
+     * @return true if forward is allowed
+     */
+    public boolean isForwardableAllowed() {
+        return getBoolean(AdminConfigKey.FORWARDABLE, true, LIBDEFAULT);
+    }
+
+    /**
+     * Get whether post dated is allowed.
+     * @return true if post dated is allowed
+     */
+    public boolean isPostdatedAllowed() {
+        return getBoolean(AdminConfigKey.POSTDATED_ALLOWED, true, LIBDEFAULT);
+    }
+
+    /**
+     * Get whether proxy is allowed.
+     * @return true if proxy is allowed
+     */
+    public boolean isProxiableAllowed() {
+        return getBoolean(AdminConfigKey.PROXIABLE, true, LIBDEFAULT);
+    }
+
+    /**
+     * Get whether renew is allowed.
+     * @return true if renew is allowed
+     */
+    public boolean isRenewableAllowed() {
+        return getBoolean(AdminConfigKey.RENEWABLE_ALLOWED, true, LIBDEFAULT);
+    }
+
+    /**
+     * Get maximum renewable life time.
+     * @return The maximum renewable life time
+     */
+    public long getMaximumRenewableLifetime() {
+        return getLong(AdminConfigKey.MAXIMUM_RENEWABLE_LIFETIME, true, LIBDEFAULT);
+    }
+
+    /**
+     * Get maximum ticket life time.
+     * @return The maximum ticket life time
+     */
+    public long getMaximumTicketLifetime() {
+        return getLong(AdminConfigKey.MAXIMUM_TICKET_LIFETIME, true, LIBDEFAULT);
+    }
+
+    /**
+     * Get minimum ticket life time.
+     * @return The minimum ticket life time
+     */
+    public long getMinimumTicketLifetime() {
+        return getLong(AdminConfigKey.MINIMUM_TICKET_LIFETIME, true, LIBDEFAULT);
+    }
+
+    /**
+     * Get encryption types.
+     * @return encryption type list
+     */
+    public List<EncryptionType> getEncryptionTypes() {
+        return getEncTypes(AdminConfigKey.PERMITTED_ENCTYPES, true, LIBDEFAULT);
+    }
+
+    /**
+     * Get whether pa encrypt timestamp required.
+     * @return true if pa encrypt time required
+     */
+    public boolean isPaEncTimestampRequired() {
+        return getBoolean(AdminConfigKey.PA_ENC_TIMESTAMP_REQUIRED, true, LIBDEFAULT);
+    }
+
+    /**
+     * Get whether body checksum verified.
+     * @return true if body checksum verified
+     */
+    public boolean isBodyChecksumVerified() {
+        return getBoolean(AdminConfigKey.VERIFY_BODY_CHECKSUM, true, LIBDEFAULT);
+    }
+
+    /**
+     * Get default realm.
+     * @return The default realm
+     */
+    public String getDefaultRealm() {
+        return getString(AdminConfigKey.DEFAULT_REALM, true, LIBDEFAULT);
+    }
+
+    /**
+     * Get whether dns look up kdc.
+     * @return true if dnc look up kdc
+     */
+    public boolean getDnsLookUpKdc() {
+        return getBoolean(AdminConfigKey.DNS_LOOKUP_KDC, true, LIBDEFAULT);
+    }
+
+    /**
+     * Get whether dns look up realm.
+     * @return true if dns look up realm
+     */
+    public boolean getDnsLookUpRealm() {
+        return getBoolean(AdminConfigKey.DNS_LOOKUP_REALM, true, LIBDEFAULT);
+    }
+
+    /**
+     * Get whether allow weak crypto.
+     * @return true if allow weak crypto
+     */
+    public boolean getAllowWeakCrypto() {
+        return getBoolean(AdminConfigKey.ALLOW_WEAK_CRYPTO, true, LIBDEFAULT);
+    }
+
+    /**
+     * Get ticket life time.
+     * @return The ticket life time
+     */
+    public long getTicketLifetime() {
+        return getLong(AdminConfigKey.TICKET_LIFETIME, true, LIBDEFAULT);
+    }
+
+    /**
+     * Get renew life time.
+     * @return The renew life time
+     */
+    public long getRenewLifetime() {
+        return getLong(AdminConfigKey.RENEW_LIFETIME, true, LIBDEFAULT);
+    }
+
+    /**
+     * Get default tgs encryption types.
+     * @return The tgs encryption type list
+     */
+    public List<EncryptionType> getDefaultTgsEnctypes() {
+        return getEncTypes(AdminConfigKey.DEFAULT_TGS_ENCTYPES, true, LIBDEFAULT);
+    }
+
+    /**
+     * Get default ticket encryption types.
+     * @return The encryption type list
+     */
+    public List<EncryptionType> getDefaultTktEnctypes() {
+        return getEncTypes(AdminConfigKey.DEFAULT_TKT_ENCTYPES, true, LIBDEFAULT);
+    }
+
+    public List<String> getPkinitAnchors() {
+        return Arrays.asList(getStringArray(
+                AdminConfigKey.PKINIT_ANCHORS, true, LIBDEFAULT));
+    }
+
+    public List<String> getPkinitIdentities() {
+        return Arrays.asList(getStringArray(
+                AdminConfigKey.PKINIT_IDENTITIES, true, LIBDEFAULT));
+    }
+
+    public String getPkinitKdcHostName() {
+        return getString(
+                AdminConfigKey.PKINIT_KDC_HOSTNAME, true, LIBDEFAULT);
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/2a21ba09/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/remote/AdminConfigKey.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/remote/AdminConfigKey.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/remote/AdminConfigKey.java
new file mode 100644
index 0000000..4859de9
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/remote/AdminConfigKey.java
@@ -0,0 +1,84 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.admin.remote;
+
+import org.apache.kerby.config.ConfigKey;
+
+public enum AdminConfigKey implements ConfigKey {
+    KRB_DEBUG(true),
+    KDC_HOST("localhost"),
+    KDC_PORT(null),
+    KDC_ALLOW_UDP(false),
+    KDC_ALLOW_TCP(false),
+    KDC_UDP_PORT(null),
+    KDC_TCP_PORT(null),
+    KDC_DOMAIN("example.com"),
+    KDC_REALM("EXAMPLE.COM"),
+    TGS_PRINCIPAL("krbtgt@EXAMPLE.COM"),
+    PREAUTH_REQUIRED(true),
+    CLOCKSKEW(5 * 60L),
+    EMPTY_ADDRESSES_ALLOWED(true),
+    PA_ENC_TIMESTAMP_REQUIRED(true),
+    MAXIMUM_TICKET_LIFETIME(24 * 3600L),
+    MINIMUM_TICKET_LIFETIME(1 * 3600L),
+    MAXIMUM_RENEWABLE_LIFETIME(48 * 3600L),
+    FORWARDABLE(true),
+    POSTDATED_ALLOWED(true),
+    PROXIABLE(true),
+    RENEWABLE_ALLOWED(true),
+    VERIFY_BODY_CHECKSUM(true),
+    PERMITTED_ENCTYPES("aes128-cts-hmac-sha1-96"),
+    DEFAULT_REALM(null),
+    DNS_LOOKUP_KDC(false),
+    DNS_LOOKUP_REALM(false),
+    ALLOW_WEAK_CRYPTO(true),
+    TICKET_LIFETIME(24 * 3600L),
+    RENEW_LIFETIME(48 * 3600L),
+    DEFAULT_TGS_ENCTYPES("aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 "
+            + "des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac "
+            + "camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4"),
+    DEFAULT_TKT_ENCTYPES("aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 "
+            + "des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac "
+            + "camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4"),
+
+    PKINIT_ANCHORS(null),
+    PKINIT_IDENTITIES(null),
+    PKINIT_KDC_HOSTNAME();
+
+    private Object defaultValue;
+
+    private AdminConfigKey() {
+        this.defaultValue = null;
+    }
+
+    private AdminConfigKey(Object defaultValue) {
+        this.defaultValue = defaultValue;
+    }
+
+    @Override
+    public String getPropertyKey() {
+        return name().toLowerCase();
+    }
+
+    @Override
+    public Object getDefaultValue() {
+        return this.defaultValue;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/2a21ba09/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/remote/AdminContext.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/remote/AdminContext.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/remote/AdminContext.java
new file mode 100644
index 0000000..8546f7b
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/remote/AdminContext.java
@@ -0,0 +1,49 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.remote;
+
+public class AdminContext {
+
+    private AdminSetting adminSetting;
+
+    /**
+     * Init with krbsetting.
+     * @param adminSetting The krb setting
+     */
+    public void init(AdminSetting adminSetting) {
+        this.adminSetting = adminSetting;
+    }
+
+    /**
+     * Get krbsetting.
+     * @return The krb setting
+     */
+    public AdminSetting getAdminSetting() {
+        return adminSetting;
+    }
+
+    /**
+     * Get krbconfig.
+     * @return The krb config
+     */
+    public AdminConfig getConfig() {
+        return adminSetting.getAdminConfig();
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/2a21ba09/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/remote/AdminHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/remote/AdminHandler.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/remote/AdminHandler.java
new file mode 100644
index 0000000..e1aecad
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/remote/AdminHandler.java
@@ -0,0 +1,100 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.remote;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.remote.request.AdminRequest;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+
+public abstract class AdminHandler {
+
+    private static final Logger LOG = LoggerFactory.getLogger(AdminHandler.class);
+
+    /**
+     * Init with krbcontext.
+     *
+     * @param context The krbcontext
+     */
+    public void init(AdminContext context) {
+
+    }
+
+    /**
+     * Handle the kdc request.
+     *
+     * @param adminRequest The kdc request
+     * @throws KrbException e
+     */
+    public void handleRequest(AdminRequest adminRequest) throws KrbException {
+        adminRequest.process();
+        /*
+        ByteBuffer requestMessage;
+
+        requestMessage = ByteBuffer.allocate(bodyLen + 4);
+        requestMessage.putInt(bodyLen);
+
+        try {
+            sendMessage(adminRequest, requestMessage);
+        } catch (IOException e) {
+            throw new KrbException("sending message failed", e);
+        }*/
+    }
+
+    /**
+     * Process the response messabe from kdc.
+     *
+     * @param adminRequest The admin request
+     * @param responseMessage The message from kdc
+     * @throws KrbException e
+     */
+    public void onResponseMessage(AdminRequest adminRequest,
+                                  ByteBuffer responseMessage) throws KrbException {
+        /*
+        KrbMessage kdcRep = null;
+        try {
+            kdcRep = KrbCodec.decodeMessage(responseMessage);
+        } catch (IOException e) {
+            throw new KrbException("Krb decoding message failed", e);
+        }
+
+        KrbMessageType messageType = kdcRep.getMsgType();
+        if (messageType == KrbMessageType.AS_REP) {
+
+            kdcRequest.processResponse((KdcRep) kdcRep);
+        } else if (messageType == KrbMessageType.TGS_REP) {
+            kdcRequest.processResponse((KdcRep) kdcRep);
+        }
+        */
+    }
+
+    /**
+     * Send message to kdc.
+     *
+     * @param adminRequest The kdc request
+     * @param requestMessage The request message to kdc
+     * @throws IOException e
+     */
+    protected abstract void sendMessage(AdminRequest adminRequest,
+                                        ByteBuffer requestMessage) throws IOException;
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/2a21ba09/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/remote/AdminOption.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/remote/AdminOption.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/remote/AdminOption.java
new file mode 100644
index 0000000..cae6973
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/remote/AdminOption.java
@@ -0,0 +1,102 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.remote;
+
+import org.apache.kerby.KOption;
+import org.apache.kerby.KOptionInfo;
+import org.apache.kerby.KOptionType;
+
+/**
+ * This defines all the options that come across the client side.
+ */
+public enum AdminOption implements KOption {
+    NONE(null),
+
+    KDC_REALM(new KOptionInfo("kdc-realm", "kdc realm",
+        KOptionType.STR)),
+    KDC_HOST(new KOptionInfo("kdc-host", "kdc host",
+        KOptionType.STR)),
+    KDC_TCP_PORT(new KOptionInfo("kdc-tcp-port", "kdc tcp port",
+        KOptionType.INT)),
+    ALLOW_UDP(new KOptionInfo("allow-udp", "allow udp",
+        KOptionType.BOOL)),
+    ALLOW_TCP(new KOptionInfo("allow-tcp", "allow tcp",
+        KOptionType.BOOL)),
+    KDC_UDP_PORT(new KOptionInfo("kdc-udp-port", "kdc udp port",
+        KOptionType.INT)),
+    CONN_TIMEOUT(new KOptionInfo("conn-timeout", "connection timeout",
+        KOptionType.INT)),
+
+    LIFE_TIME(new KOptionInfo("life-time", "life time",
+        KOptionType.INT)),
+    START_TIME(new KOptionInfo("start-time", "start time",
+        KOptionType.INT)),
+    RENEWABLE_TIME(new KOptionInfo("renewable_lifetime", "renewable lifetime",
+        KOptionType.INT)),
+    INCLUDE_ADDRESSES(new KOptionInfo("include_addresses",
+        "include addresses")),
+    AS_ENTERPRISE_PN(new KOptionInfo("as-enterprise-pn",
+        "client is enterprise principal name")),
+    CLIENT_PRINCIPAL(new KOptionInfo("client-principal", "Client principal",
+        KOptionType.STR)),
+
+    USE_PASSWD(new KOptionInfo("using-password", "using password")),
+    USER_PASSWD(new KOptionInfo("user-passwd", "User plain password")),
+
+    USE_KEYTAB(new KOptionInfo("use-keytab", "use keytab")),
+    USE_DFT_KEYTAB(new KOptionInfo("use-dft-keytab", "use default client keytab (with -k)")),
+    KEYTAB_FILE(new KOptionInfo("keytab-file", "filename of keytab to use",
+        KOptionType.FILE)),
+
+    KRB5_CACHE(new KOptionInfo("krb5-cache", "K5 cache name",
+        KOptionType.FILE)),
+    SERVICE_PRINCIPAL(new KOptionInfo("service-principal", "service principal",
+        KOptionType.STR)),
+    SERVER_PRINCIPAL(new KOptionInfo("server-principal", "server principal",
+        KOptionType.STR)),
+    ARMOR_CACHE(new KOptionInfo("armor-cache", "armor credential cache",
+        KOptionType.STR)),
+    USE_TGT(new KOptionInfo("use-tgt", "use tgt to get service ticket",
+        KOptionType.OBJ)),
+    CONF_DIR(new KOptionInfo("-conf", "conf dir", KOptionType.DIR));
+
+    private final KOptionInfo optionInfo;
+
+    AdminOption(KOptionInfo optionInfo) {
+        this.optionInfo = optionInfo;
+    }
+
+    @Override
+    public KOptionInfo getOptionInfo() {
+        return optionInfo;
+    }
+
+    public static AdminOption fromOptionName(String optionName) {
+        if (optionName != null) {
+            for (AdminOption ko : values()) {
+                if (ko.optionInfo != null
+                    && ko.optionInfo.getName().equals(optionName)) {
+                    return ko;
+                }
+            }
+        }
+        return NONE;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/2a21ba09/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/remote/AdminSetting.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/remote/AdminSetting.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/remote/AdminSetting.java
new file mode 100644
index 0000000..b02f2cf
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/remote/AdminSetting.java
@@ -0,0 +1,129 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.admin.remote;
+
+import org.apache.kerby.KOptions;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+/**
+ * Krb client setting that combines common options and client config.
+ */
+public class AdminSetting {
+    private final KOptions commonOptions;
+    private final AdminConfig adminConfig;
+
+    public AdminSetting(KOptions commonOptions, AdminConfig config) {
+        this.commonOptions = commonOptions;
+        this.adminConfig = config;
+    }
+
+    public AdminSetting(AdminConfig config) {
+        this.commonOptions = new KOptions();
+        this.adminConfig = config;
+    }
+
+    public AdminConfig getAdminConfig() {
+        return adminConfig;
+    }
+
+    public String getKdcRealm() {
+        String kdcRealm = commonOptions.getStringOption(KrbOption.KDC_REALM);
+        if (kdcRealm == null || kdcRealm.isEmpty()) {
+            kdcRealm = adminConfig.getKdcRealm();
+        }
+        return kdcRealm;
+    }
+
+    public String getKdcHost() {
+        String kdcHost = commonOptions.getStringOption(KrbOption.KDC_HOST);
+        if (kdcHost == null) {
+            return adminConfig.getKdcHost();
+        }
+        return kdcHost;
+    }
+
+    /**
+     * Check kdc tcp setting and see if any bad.
+     * @return valid tcp port or -1 if not allowTcp
+     * @throws KrbException e
+     */
+    public int checkGetKdcTcpPort() throws KrbException {
+        if (allowTcp()) {
+            int kdcPort = getKdcTcpPort();
+            if (kdcPort < 1) {
+                throw new KrbException("KDC tcp port isn't set or configured");
+            }
+            return kdcPort;
+        }
+        return -1;
+    }
+
+    /**
+     * Check kdc udp setting and see if any bad.
+     * @return valid udp port or -1 if not allowUdp
+     * @throws KrbException e
+     */
+    public int checkGetKdcUdpPort() throws KrbException {
+        if (allowUdp()) {
+            int kdcPort = getKdcUdpPort();
+            if (kdcPort < 1) {
+                throw new KrbException("KDC udp port isn't set or configured");
+            }
+            return kdcPort;
+        }
+        return -1;
+    }
+
+    public int getKdcTcpPort() {
+        int tcpPort = commonOptions.getIntegerOption(KrbOption.KDC_TCP_PORT);
+        if (tcpPort > 0) {
+            return tcpPort;
+        }
+        return adminConfig.getKdcTcpPort();
+    }
+
+    public boolean allowUdp() {
+        Boolean allowUdp = commonOptions.getBooleanOption(
+                KrbOption.ALLOW_UDP, adminConfig.allowUdp());
+        return allowUdp;
+    }
+
+    public boolean allowTcp() {
+        Boolean allowTcp = commonOptions.getBooleanOption(
+                KrbOption.ALLOW_TCP, adminConfig.allowTcp());
+        return allowTcp;
+    }
+
+    public int getKdcUdpPort() {
+        int udpPort = commonOptions.getIntegerOption(KrbOption.KDC_UDP_PORT);
+        if (udpPort > 0) {
+            return udpPort;
+        }
+        return adminConfig.getKdcUdpPort();
+    }
+
+    public int getTimeout() {
+        int timeout = commonOptions.getIntegerOption(KrbOption.CONN_TIMEOUT);
+        if (timeout > 0) {
+            return timeout;
+        }
+        return 1000; // by default
+    }
+}


Mime
View raw message