directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dran...@apache.org
Subject [5/8] directory-kerby git commit: Kpasswd. Initially added kpasswd and kpasswd server
Date Mon, 11 Jan 2016 03:10:25 GMT
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/86138490/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/admin/AdminServerImpl.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/admin/AdminServerImpl.java b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/admin/AdminServerImpl.java
new file mode 100644
index 0000000..fcac66d
--- /dev/null
+++ b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/admin/AdminServerImpl.java
@@ -0,0 +1,248 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.server.admin;
+
+import org.apache.kerby.KOptions;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.server.admin.impl.DefaultInternalAdminServerImpl;
+import org.apache.kerby.kerberos.kerb.admin.server.admin.impl.InternalAdminServer;
+import org.apache.kerby.kerberos.kerb.identity.backend.BackendConfig;
+import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
+import org.apache.kerby.kerberos.kerb.server.KdcServerOption;
+import org.apache.kerby.kerberos.kerb.server.KdcUtil;
+
+import java.io.File;
+
+/**
+ * The implemented Kerberos Server API.
+ */
+public class AdminServerImpl {
+    private final AdminServerConfig kdcConfig;
+    private final BackendConfig backendConfig;
+    private final AdminServerSetting kdcSetting;
+    private final KOptions startupOptions;
+
+    private InternalAdminServer innerKdc;
+
+    /**
+     * Constructor passing both kdcConfig and backendConfig.
+     * @param kdcConfig The kdc config
+     * @param backendConfig The backend config
+     * @throws KrbException e
+     */
+    public AdminServerImpl(AdminServerConfig kdcConfig,
+                           BackendConfig backendConfig) throws KrbException {
+        this.kdcConfig = kdcConfig;
+        this.backendConfig = backendConfig;
+        startupOptions = new KOptions();
+        kdcSetting = new AdminServerSetting(startupOptions, kdcConfig, backendConfig);
+    }
+
+    /**
+     * Constructor given confDir where 'kdc.conf' and 'backend.conf' should be
+     * available.
+     * kdc.conf, that contains kdc admin related items.
+     * backend.conf, that contains identity backend related items.
+     *
+     * @param confDir The conf dir
+     * @throws KrbException e
+     */
+    public AdminServerImpl(File confDir) throws KrbException {
+        AdminServerConfig tmpAdminServerConfig = AdminServerUtil.getAdminServerConfig(confDir);
+        if (tmpAdminServerConfig == null) {
+            tmpAdminServerConfig = new AdminServerConfig();
+        }
+        this.kdcConfig = tmpAdminServerConfig;
+
+        BackendConfig tmpBackendConfig = KdcUtil.getBackendConfig(confDir);
+        if (tmpBackendConfig == null) {
+            tmpBackendConfig = new BackendConfig();
+        }
+        tmpBackendConfig.setConfDir(confDir);
+        this.backendConfig = tmpBackendConfig;
+
+        startupOptions = new KOptions();
+        kdcSetting = new AdminServerSetting(startupOptions, kdcConfig, backendConfig);
+    }
+
+    /**
+     * Default constructor.
+     */
+    public AdminServerImpl() {
+        kdcConfig = new AdminServerConfig();
+        backendConfig = new BackendConfig();
+        startupOptions = new KOptions();
+        kdcSetting = new AdminServerSetting(startupOptions, kdcConfig, backendConfig);
+    }
+
+    /**
+     * Set KDC realm for ticket request
+     * @param realm The kdc realm
+     */
+    public void setKdcRealm(String realm) {
+        startupOptions.add(KdcServerOption.KDC_REALM, realm);
+    }
+
+    /**
+     * Set KDC host.
+     * @param kdcHost The kdc host
+     */
+    public void setKdcHost(String kdcHost) {
+        startupOptions.add(KdcServerOption.KDC_HOST, kdcHost);
+    }
+
+    /**
+     * Set KDC port.
+     * @param kdcPort The kdc port
+     */
+    public void setKdcPort(int kdcPort) {
+        startupOptions.add(KdcServerOption.KDC_PORT, kdcPort);
+    }
+
+    /**
+     * Set KDC tcp port.
+     * @param kdcTcpPort The kdc tcp port
+     */
+    public void setKdcTcpPort(int kdcTcpPort) {
+        startupOptions.add(KdcServerOption.KDC_TCP_PORT, kdcTcpPort);
+    }
+
+    /**
+     * Set to allow UDP or not.
+     * @param allowUdp true if allow udp
+     */
+    public void setAllowUdp(boolean allowUdp) {
+        startupOptions.add(KdcServerOption.ALLOW_UDP, allowUdp);
+    }
+
+    /**
+     * Set to allow TCP or not.
+     * @param allowTcp true if allow tcp
+     */
+    public void setAllowTcp(boolean allowTcp) {
+        startupOptions.add(KdcServerOption.ALLOW_TCP, allowTcp);
+    }
+    /**
+     * Set KDC udp port. Only makes sense when allowUdp is set.
+     * @param kdcUdpPort The kdc udp port
+     */
+    public void setKdcUdpPort(int kdcUdpPort) {
+        startupOptions.add(KdcServerOption.KDC_UDP_PORT, kdcUdpPort);
+    }
+
+    /**
+     * Set runtime folder.
+     * @param workDir The work dir
+     */
+    public void setWorkDir(File workDir) {
+        startupOptions.add(KdcServerOption.WORK_DIR, workDir);
+    }
+
+    /**
+     * Allow to debug so have more logs.
+     */
+    public void enableDebug() {
+        startupOptions.add(KdcServerOption.ENABLE_DEBUG);
+    }
+
+    /**
+     * Allow to hook customized kdc implementation.
+     *
+     * @param innerKdcImpl The inner kdc implementation
+     */
+    public void setInnerKdcImpl(InternalAdminServer innerKdcImpl) {
+        startupOptions.add(KdcServerOption.INNER_KDC_IMPL, innerKdcImpl);
+    }
+
+    /**
+     * Get KDC setting from startup options and configs.
+     * @return setting
+     */
+    public AdminServerSetting getAdminServerSetting() {
+        return kdcSetting;
+    }
+
+    /**
+     * Get the KDC config.
+     * @return AdminServerConfig
+     */
+    public AdminServerConfig getAdminServerConfig() {
+        return kdcConfig;
+    }
+
+    /**
+     * Get backend config.
+     *
+     * @return backend configuration
+     */
+    public BackendConfig getBackendConfig() {
+        return backendConfig;
+    }
+
+    /**
+     * Get identity service.
+     * @return IdentityService
+     */
+    public IdentityBackend getIdentityService() {
+        if (innerKdc == null) {
+            throw new RuntimeException("Not init yet");
+        }
+        return innerKdc.getIdentityBackend();
+    }
+
+    /**
+     * Initialize.
+     *
+     * @throws KrbException e.
+     */
+    public void init() throws KrbException {
+        if (startupOptions.contains(KdcServerOption.INNER_KDC_IMPL)) {
+            innerKdc = (InternalAdminServer) startupOptions.getOptionValue(
+                    KdcServerOption.INNER_KDC_IMPL);
+        } else {
+            innerKdc = new DefaultInternalAdminServerImpl(kdcSetting);
+        }
+
+        innerKdc.init();
+    }
+
+    /**
+     * Start the KDC admin.
+     *
+     * @throws KrbException e.
+     */
+    public void start() throws KrbException {
+        if (innerKdc == null) {
+            throw new RuntimeException("Not init yet");
+        }
+        innerKdc.start();
+    }
+
+    /**
+     * Stop the KDC admin.
+     *
+     * @throws KrbException e.
+     */
+    public void stop() throws KrbException {
+        if (innerKdc != null) {
+            innerKdc.stop();
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/86138490/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/admin/AdminServerOption.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/admin/AdminServerOption.java b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/admin/AdminServerOption.java
new file mode 100644
index 0000000..e4a7000
--- /dev/null
+++ b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/admin/AdminServerOption.java
@@ -0,0 +1,52 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.server.admin;
+
+import org.apache.kerby.KOption;
+import org.apache.kerby.KOptionInfo;
+import org.apache.kerby.KOptionType;
+
+/**
+ * KDC admin startup options
+ */
+public enum AdminServerOption implements KOption {
+    NONE(null),
+    INNER_ADMIN_IMPL(new KOptionInfo("inner KDC impl", "inner KDC impl", KOptionType.OBJ)),
+    ADMIN_REALM(new KOptionInfo("kdc realm", "kdc realm", KOptionType.STR)),
+    ADMIN_HOST(new KOptionInfo("kdc host", "kdc host", KOptionType.STR)),
+    ADMIN_PORT(new KOptionInfo("kdc port", "kdc port", KOptionType.INT)),
+    ALLOW_TCP(new KOptionInfo("allow tcp", "allow tcp", KOptionType.BOOL)),
+    ADMIN_TCP_PORT(new KOptionInfo("kdc tcp port", "kdc tcp port", KOptionType.INT)),
+    ALLOW_UDP(new KOptionInfo("allow udp", "allow udp", KOptionType.BOOL)),
+    ADMIN_UDP_PORT(new KOptionInfo("kdc udp port", "kdc udp port", KOptionType.INT)),
+    WORK_DIR(new KOptionInfo("work dir", "work dir", KOptionType.DIR)),
+    ENABLE_DEBUG(new KOptionInfo("enable debug", "enable debug", KOptionType.BOOL));
+
+    private final KOptionInfo optionInfo;
+
+    AdminServerOption(KOptionInfo optionInfo) {
+        this.optionInfo = optionInfo;
+    }
+
+    @Override
+    public KOptionInfo getOptionInfo() {
+        return optionInfo;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/86138490/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/admin/AdminServerSetting.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/admin/AdminServerSetting.java b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/admin/AdminServerSetting.java
new file mode 100644
index 0000000..0743ff2
--- /dev/null
+++ b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/admin/AdminServerSetting.java
@@ -0,0 +1,188 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.admin.server.admin;
+
+import org.apache.kerby.KOptions;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.identity.backend.BackendConfig;
+
+/**
+ * Admin Server setting that combines startup options and admin config.
+ */
+public class AdminServerSetting {
+    private final KOptions startupOptions;
+    private final AdminServerConfig adminServerConfig;
+    private final BackendConfig backendConfig;
+
+    /**
+     * AdminServerSetting constructor
+     * @param startupOptions startup options
+     * @param config admin configuration
+     * @param backendConfig backend configuration
+     */
+    public AdminServerSetting(KOptions startupOptions,
+                              AdminServerConfig config, 
+                              BackendConfig backendConfig) {
+        this.startupOptions = startupOptions;
+        this.adminServerConfig = config;
+        this.backendConfig = backendConfig;
+    }
+
+    public AdminServerSetting(AdminServerConfig adminServerConfig, 
+                              BackendConfig backendConfig) {
+        this(new KOptions(), adminServerConfig, backendConfig);
+    }
+
+    /**
+     * Get the Admin Server config.
+     * @return admin configuration
+     */
+    public AdminServerConfig getAdminServerConfig() {
+        return adminServerConfig;
+    }
+
+    /**
+     * Get the backend config.
+     * @return backend configuration
+     */
+    public BackendConfig getBackendConfig() {
+        return backendConfig;
+    }
+
+    public String getAdminHost() {
+        String adminHost = startupOptions.getStringOption(
+                AdminServerOption.ADMIN_HOST);
+        if (adminHost == null) {
+            adminHost = adminServerConfig.getAdminHost();
+        }
+        return adminHost;
+    }
+
+    /**
+     * Check admin tcp setting and see if any bad.
+     * @return valid tcp port or -1 if not allowTcp
+     * @throws KrbException e
+     */
+    public int checkGetAdminTcpPort() throws KrbException {
+        if (allowTcp()) {
+            int adminPort = getAdminTcpPort();
+            if (adminPort < 1) {
+                throw new KrbException("Admin Server tcp port isn't set or configured");
+            }
+            return adminPort;
+        }
+        return -1;
+    }
+
+    /**
+     * Check admin udp setting and see if any bad.
+     * @return valid udp port or -1 if not allowUdp
+     * @throws KrbException e
+     */
+    public int checkGetAdminUdpPort() throws KrbException {
+        if (allowUdp()) {
+            int adminPort = getAdminUdpPort();
+            if (adminPort < 1) {
+                throw new KrbException("Admin Server udp port isn't set or configured");
+            }
+            return adminPort;
+        }
+        return -1;
+    }
+
+    /**
+     * Get admin tcp port
+     *
+     * @return admin tcp port
+     */
+    public int getAdminTcpPort() {
+        int tcpPort = startupOptions.getIntegerOption(AdminServerOption.ADMIN_TCP_PORT);
+        if (tcpPort < 1) {
+            tcpPort = adminServerConfig.getAdminTcpPort();
+        }
+        if (tcpPort < 1) {
+            tcpPort = getAdminPort();
+        }
+
+        return tcpPort;
+    }
+
+    /**
+     * Get admin port
+     *
+     * @return admin port
+     */
+    public int getAdminPort() {
+        int adminPort = startupOptions.getIntegerOption(AdminServerOption.ADMIN_PORT);
+        if (adminPort < 1) {
+            adminPort = adminServerConfig.getAdminPort();
+        }
+        return adminPort;
+    }
+
+    /**
+     * Get whether tcp protocol is allowed
+     * @return tcp protocol is allowed or not
+     */
+    public boolean allowTcp() {
+        Boolean allowTcp = startupOptions.getBooleanOption(
+                AdminServerOption.ALLOW_TCP, adminServerConfig.allowTcp());
+        return allowTcp;
+    }
+
+    /**
+     * Get whether udp protocol is allowed
+     * @return udp protocol is allowed or not
+     */
+    public boolean allowUdp() {
+        Boolean allowUdp = startupOptions.getBooleanOption(
+                AdminServerOption.ALLOW_UDP, adminServerConfig.allowUdp());
+        return allowUdp;
+    }
+
+    /**
+     * Get admin udp port
+     *
+     * @return udp port
+     */
+    public int getAdminUdpPort() {
+        int udpPort = startupOptions.getIntegerOption(AdminServerOption.ADMIN_UDP_PORT);
+        if (udpPort < 1) {
+            udpPort = adminServerConfig.getAdminUdpPort();
+        }
+        if (udpPort < 1) {
+            udpPort = getAdminPort();
+        }
+
+        return udpPort;
+    }
+
+    /**
+     * Get Admin Server realm.
+     * @return Admin Server realm
+     */
+    public String getAdminRealm() {
+        String adminRealm = startupOptions.getStringOption(AdminServerOption.ADMIN_REALM);
+        if (adminRealm == null || adminRealm.isEmpty()) {
+            adminRealm = adminServerConfig.getAdminRealm();
+        }
+        return adminRealm;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/86138490/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/admin/AdminServerUtil.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/admin/AdminServerUtil.java b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/admin/AdminServerUtil.java
new file mode 100644
index 0000000..23f9925
--- /dev/null
+++ b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/admin/AdminServerUtil.java
@@ -0,0 +1,142 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.server.admin;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.identity.backend.BackendConfig;
+import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
+import org.apache.kerby.kerberos.kerb.identity.backend.MemoryIdentityBackend;
+import org.apache.kerby.kerberos.kerb.transport.TransportPair;
+
+import java.io.File;
+import java.io.IOException;
+import java.net.InetSocketAddress;
+
+/**
+ * KDC side utilities.
+ */
+public final class AdminServerUtil {
+
+    private AdminServerUtil() { }
+
+    /**
+     * Get kdc configuration
+     * @param confDir configuration directory
+     * @return kdc configuration
+     * @throws KrbException e.
+     */
+    public static AdminServerConfig getAdminServerConfig(File confDir) throws KrbException {
+        File kdcConfFile = new File(confDir, "kdc.conf");
+        if (kdcConfFile.exists()) {
+            AdminServerConfig adminServerConfig = new AdminServerConfig();
+            try {
+                adminServerConfig.addKrb5Config(kdcConfFile);
+            } catch (IOException e) {
+                throw new KrbException("Can not load the kdc configuration file "
+                        + kdcConfFile.getAbsolutePath());
+            }
+            return adminServerConfig;
+        }
+
+        return null;
+    }
+
+    /**
+     * Get backend configuration
+     * @param confDir configuration directory
+     * @return backend configuration
+     * @throws KrbException e.
+     */
+    public static BackendConfig getBackendConfig(File confDir) throws KrbException {
+        File backendConfigFile = new File(confDir, "backend.conf");
+        if (backendConfigFile.exists()) {
+            BackendConfig backendConfig = new BackendConfig();
+            try {
+                backendConfig.addIniConfig(backendConfigFile);
+            } catch (IOException e) {
+                throw new KrbException("Can not load the backend configuration file "
+                        + backendConfigFile.getAbsolutePath());
+            }
+            return backendConfig;
+        }
+
+        return null;
+    }
+
+    /**
+     * Init the identity backend from backend configuration.
+     *
+     * @throws KrbException e.
+     * @param backendConfig backend configuration information
+     * @return backend
+     */
+    public static IdentityBackend getBackend(
+            BackendConfig backendConfig) throws KrbException {
+        String backendClassName = backendConfig.getString(
+                AdminServerConfigKey.KDC_IDENTITY_BACKEND, true);
+        if (backendClassName == null) {
+            backendClassName = MemoryIdentityBackend.class.getCanonicalName();
+        }
+
+        Class<?> backendClass;
+        try {
+            backendClass = Class.forName(backendClassName);
+        } catch (ClassNotFoundException e) {
+            throw new KrbException("Failed to load backend class: "
+                    + backendClassName);
+        }
+
+        IdentityBackend backend;
+        try {
+            backend = (IdentityBackend) backendClass.newInstance();
+        } catch (InstantiationException | IllegalAccessException e) {
+            throw new KrbException("Failed to create backend: "
+                    + backendClassName);
+        }
+
+        backend.setConfig(backendConfig);
+        backend.initialize();
+        return backend;
+    }
+
+    /**
+     * Get KDC network transport addresses according to KDC setting.
+     * @param setting kdc setting
+     * @return UDP and TCP addresses pair
+     * @throws KrbException e
+     */
+    public static TransportPair getTransportPair(
+            AdminServerSetting setting) throws KrbException {
+        TransportPair result = new TransportPair();
+
+        int tcpPort = setting.checkGetAdminTcpPort();
+        if (tcpPort > 0) {
+            result.tcpAddress = new InetSocketAddress(
+                    setting.getAdminHost(), tcpPort);
+        }
+        int udpPort = setting.checkGetAdminUdpPort();
+        if (udpPort > 0) {
+            result.udpAddress = new InetSocketAddress(
+                    setting.getAdminHost(), udpPort);
+        }
+
+        return result;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/86138490/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/admin/impl/AbstractInternalAdminServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/admin/impl/AbstractInternalAdminServer.java b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/admin/impl/AbstractInternalAdminServer.java
new file mode 100644
index 0000000..3baff30
--- /dev/null
+++ b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/admin/impl/AbstractInternalAdminServer.java
@@ -0,0 +1,116 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.server.admin.impl;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.server.admin.AdminServerConfig;
+import org.apache.kerby.kerberos.kerb.admin.server.admin.AdminServerSetting;
+import org.apache.kerby.kerberos.kerb.identity.CacheableIdentityService;
+import org.apache.kerby.kerberos.kerb.identity.IdentityService;
+import org.apache.kerby.kerberos.kerb.identity.backend.BackendConfig;
+import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
+import org.apache.kerby.kerberos.kerb.identity.backend.MemoryIdentityBackend;
+import org.apache.kerby.kerberos.kerb.server.KdcUtil;
+
+/**
+ * Abstract Kadmin admin implementation.
+ */
+public class AbstractInternalAdminServer implements InternalAdminServer {
+    private boolean started;
+    private final AdminServerConfig adminServerConfig;
+    private final BackendConfig backendConfig;
+    private final AdminServerSetting adminServerSetting;
+    private IdentityBackend backend;
+    private IdentityService identityService;
+
+    public AbstractInternalAdminServer(AdminServerSetting adminServerSetting) {
+        this.adminServerSetting = adminServerSetting;
+        this.adminServerConfig = adminServerSetting.getAdminServerConfig();
+        this.backendConfig = adminServerSetting.getBackendConfig();
+    }
+
+    @Override
+    public AdminServerSetting getSetting() {
+        return adminServerSetting;
+    }
+
+    public boolean isStarted() {
+        return started;
+    }
+
+    protected String getServiceName() {
+        return adminServerConfig.getAdminServiceName();
+    }
+
+    protected IdentityService getIdentityService() {
+        if (identityService == null) {
+            if (backend instanceof MemoryIdentityBackend) { // Already in memory
+                identityService = backend;
+            } else {
+                identityService = new CacheableIdentityService(
+                        backendConfig, backend);
+            }
+        }
+        return identityService;
+    }
+
+    @Override
+    public void init() throws KrbException {
+        backend = KdcUtil.getBackend(backendConfig);
+    }
+
+    @Override
+    public void start() throws KrbException {
+        try {
+            doStart();
+        } catch (Exception e) {
+            throw new KrbException("Failed to start " + getServiceName(), e);
+        }
+
+        started = true;
+    }
+
+    public boolean enableDebug() {
+        return adminServerConfig.enableDebug();
+    }
+
+    @Override
+    public IdentityBackend getIdentityBackend() {
+        return backend;
+    }
+
+    protected void doStart() throws Exception {
+        backend.start();
+    }
+
+    public void stop() throws KrbException {
+        try {
+            doStop();
+        } catch (Exception e) {
+            throw new KrbException("Failed to stop " + getServiceName(), e);
+        }
+
+        started = false;
+    }
+
+    protected void doStop() throws Exception {
+        backend.stop();
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/86138490/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/admin/impl/DefaultAdminServerHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/admin/impl/DefaultAdminServerHandler.java b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/admin/impl/DefaultAdminServerHandler.java
new file mode 100644
index 0000000..e7d19a4
--- /dev/null
+++ b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/admin/impl/DefaultAdminServerHandler.java
@@ -0,0 +1,74 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.admin.server.admin.impl;
+
+import org.apache.kerby.kerberos.kerb.admin.server.admin.AdminServerContext;
+import org.apache.kerby.kerberos.kerb.admin.server.admin.AdminServerHandler;
+import org.apache.kerby.kerberos.kerb.transport.KrbTcpTransport;
+import org.apache.kerby.kerberos.kerb.transport.KrbTransport;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.nio.ByteBuffer;
+
+public class DefaultAdminServerHandler extends AdminServerHandler implements Runnable {
+    private static Logger logger = LoggerFactory.getLogger(DefaultAdminServerHandler.class);
+    private final KrbTransport transport;
+
+    public DefaultAdminServerHandler(AdminServerContext adminServerContext, KrbTransport transport) {
+        super(adminServerContext);
+        this.transport  = transport;
+    }
+
+    @Override
+    public void run() {
+        while (true) {
+            try {
+                ByteBuffer message = transport.receiveMessage();
+                if (message == null) {
+                    logger.debug("No valid request recved. Disconnect actively");
+                    transport.release();
+                    break;
+                }
+                handleMessage(message);
+            } catch (IOException e) {
+                transport.release();
+                logger.debug("Transport or decoding error occurred, "
+                        + "disconnecting abnormally", e);
+                break;
+            }
+        }
+    }
+
+    protected void handleMessage(ByteBuffer message) {
+        InetAddress clientAddress = transport.getRemoteAddress();
+        boolean isTcp = transport instanceof KrbTcpTransport;
+
+        try {
+            ByteBuffer krbResponse = handleMessage(message, clientAddress);
+            transport.sendMessage(krbResponse);
+        } catch (Exception e) {
+            transport.release();
+            logger.error("Error occured while processing request:", e);
+        }
+    }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/86138490/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/admin/impl/DefaultInternalAdminServerImpl.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/admin/impl/DefaultInternalAdminServerImpl.java b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/admin/impl/DefaultInternalAdminServerImpl.java
new file mode 100644
index 0000000..e2a4d51
--- /dev/null
+++ b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/admin/impl/DefaultInternalAdminServerImpl.java
@@ -0,0 +1,80 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.server.admin.impl;
+
+import org.apache.kerby.kerberos.kerb.admin.server.admin.AdminServerContext;
+import org.apache.kerby.kerberos.kerb.admin.server.admin.AdminServerSetting;
+import org.apache.kerby.kerberos.kerb.admin.server.admin.AdminServerUtil;
+import org.apache.kerby.kerberos.kerb.transport.KdcNetwork;
+import org.apache.kerby.kerberos.kerb.transport.KrbTransport;
+import org.apache.kerby.kerberos.kerb.transport.TransportPair;
+
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+
+/**
+ * A default admin admin implementation.
+ */
+public class DefaultInternalAdminServerImpl extends AbstractInternalAdminServer {
+    private ExecutorService executor;
+    private AdminServerContext adminContext;
+    private KdcNetwork network;
+
+    public DefaultInternalAdminServerImpl(AdminServerSetting adminSetting) {
+        super(adminSetting);
+    }
+
+    @Override
+    protected void doStart() throws Exception {
+        super.doStart();
+
+        prepareHandler();
+
+        executor = Executors.newCachedThreadPool();
+
+        network = new KdcNetwork() {
+            @Override
+            protected void onNewTransport(KrbTransport transport) {
+                DefaultAdminServerHandler kdcHandler = 
+                    new DefaultAdminServerHandler(adminContext, transport);
+                executor.execute(kdcHandler);
+            }
+        };
+
+        network.init();
+        TransportPair tpair = AdminServerUtil.getTransportPair(getSetting());
+        network.listen(tpair);
+        network.start();
+    }
+
+    private void prepareHandler() {
+        adminContext = new AdminServerContext(getSetting());
+        adminContext.setIdentityService(getIdentityService());
+    }
+
+    @Override
+    protected void doStop() throws Exception {
+        super.doStop();
+
+        network.stop();
+
+        executor.shutdownNow();
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/86138490/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/admin/impl/InternalAdminServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/admin/impl/InternalAdminServer.java b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/admin/impl/InternalAdminServer.java
new file mode 100644
index 0000000..c3db675
--- /dev/null
+++ b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/admin/impl/InternalAdminServer.java
@@ -0,0 +1,60 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.server.admin.impl;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.server.admin.AdminServerSetting;
+import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
+
+/**
+ * An internal KDC admin interface.
+ */
+public interface InternalAdminServer {
+
+    /**
+     * Initialize.
+     * @throws KrbException e
+     */
+    void init() throws KrbException;
+
+    /**
+     * Start the KDC admin.
+     * @throws KrbException e
+     */
+    void start() throws KrbException;
+
+    /**
+     * Stop the KDC admin.
+     * @throws KrbException e
+     */
+    void stop() throws KrbException;
+
+    /**
+     * Get admin admin setting.
+     * @return setting
+     */
+    AdminServerSetting getSetting();
+
+    /**
+     * Get identity backend.
+     * @return IdentityBackend
+     */
+    IdentityBackend getIdentityBackend();
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/86138490/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/impl/AbstractInternalAdminServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/impl/AbstractInternalAdminServer.java b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/impl/AbstractInternalAdminServer.java
deleted file mode 100644
index 466b4b4..0000000
--- a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/impl/AbstractInternalAdminServer.java
+++ /dev/null
@@ -1,118 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License. 
- *
- */
-package org.apache.kerby.kerberos.kerb.admin.server.impl;
-
-import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.admin.server.AdminServerConfig;
-import org.apache.kerby.kerberos.kerb.admin.server.AdminServerSetting;
-import org.apache.kerby.kerberos.kerb.identity.CacheableIdentityService;
-import org.apache.kerby.kerberos.kerb.identity.IdentityService;
-import org.apache.kerby.kerberos.kerb.identity.backend.BackendConfig;
-import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
-import org.apache.kerby.kerberos.kerb.identity.backend.MemoryIdentityBackend;
-import org.apache.kerby.kerberos.kerb.server.KdcConfig;
-import org.apache.kerby.kerberos.kerb.server.KdcSetting;
-import org.apache.kerby.kerberos.kerb.server.KdcUtil;
-
-/**
- * Abstract Kadmin server implementation.
- */
-public class AbstractInternalAdminServer implements InternalAdminServer {
-    private boolean started;
-    private final AdminServerConfig kdcConfig;
-    private final BackendConfig backendConfig;
-    private final AdminServerSetting kdcSetting;
-    private IdentityBackend backend;
-    private IdentityService identityService;
-
-    public AbstractInternalAdminServer(AdminServerSetting kdcSetting) {
-        this.kdcSetting = kdcSetting;
-        this.kdcConfig = kdcSetting.getAdminServerConfig();
-        this.backendConfig = kdcSetting.getBackendConfig();
-    }
-
-    @Override
-    public AdminServerSetting getSetting() {
-        return kdcSetting;
-    }
-
-    public boolean isStarted() {
-        return started;
-    }
-
-    protected String getServiceName() {
-        return kdcConfig.getKdcServiceName();
-    }
-
-    protected IdentityService getIdentityService() {
-        if (identityService == null) {
-            if (backend instanceof MemoryIdentityBackend) { // Already in memory
-                identityService = backend;
-            } else {
-                identityService = new CacheableIdentityService(
-                        backendConfig, backend);
-            }
-        }
-        return identityService;
-    }
-
-    @Override
-    public void init() throws KrbException {
-        backend = KdcUtil.getBackend(backendConfig);
-    }
-
-    @Override
-    public void start() throws KrbException {
-        try {
-            doStart();
-        } catch (Exception e) {
-            throw new KrbException("Failed to start " + getServiceName(), e);
-        }
-
-        started = true;
-    }
-
-    public boolean enableDebug() {
-        return kdcConfig.enableDebug();
-    }
-
-    @Override
-    public IdentityBackend getIdentityBackend() {
-        return backend;
-    }
-
-    protected void doStart() throws Exception {
-        backend.start();
-    }
-
-    public void stop() throws KrbException {
-        try {
-            doStop();
-        } catch (Exception e) {
-            throw new KrbException("Failed to stop " + getServiceName(), e);
-        }
-
-        started = false;
-    }
-
-    protected void doStop() throws Exception {
-        backend.stop();
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/86138490/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/impl/DefaultAdminServerHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/impl/DefaultAdminServerHandler.java b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/impl/DefaultAdminServerHandler.java
deleted file mode 100644
index bd8ff17..0000000
--- a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/impl/DefaultAdminServerHandler.java
+++ /dev/null
@@ -1,76 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *  
- *    http://www.apache.org/licenses/LICENSE-2.0
- *  
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License. 
- *  
- */
-package org.apache.kerby.kerberos.kerb.admin.server.impl;
-
-import org.apache.kerby.kerberos.kerb.admin.server.AdminServerContext;
-import org.apache.kerby.kerberos.kerb.admin.server.AdminServerHandler;
-import org.apache.kerby.kerberos.kerb.server.KdcContext;
-import org.apache.kerby.kerberos.kerb.server.KdcHandler;
-import org.apache.kerby.kerberos.kerb.transport.KrbTcpTransport;
-import org.apache.kerby.kerberos.kerb.transport.KrbTransport;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.io.IOException;
-import java.net.InetAddress;
-import java.nio.ByteBuffer;
-
-public class DefaultAdminServerHandler extends AdminServerHandler implements Runnable {
-    private static Logger logger = LoggerFactory.getLogger(DefaultAdminServerHandler.class);
-    private final KrbTransport transport;
-
-    public DefaultAdminServerHandler(AdminServerContext adminServerContext, KrbTransport transport) {
-        super(adminServerContext);
-        this.transport  = transport;
-    }
-
-    @Override
-    public void run() {
-        while (true) {
-            try {
-                ByteBuffer message = transport.receiveMessage();
-                if (message == null) {
-                    logger.debug("No valid request recved. Disconnect actively");
-                    transport.release();
-                    break;
-                }
-                handleMessage(message);
-            } catch (IOException e) {
-                transport.release();
-                logger.debug("Transport or decoding error occurred, "
-                        + "disconnecting abnormally", e);
-                break;
-            }
-        }
-    }
-
-    protected void handleMessage(ByteBuffer message) {
-        InetAddress clientAddress = transport.getRemoteAddress();
-        boolean isTcp = transport instanceof KrbTcpTransport;
-
-        try {
-            ByteBuffer krbResponse = handleMessage(message, clientAddress);
-            transport.sendMessage(krbResponse);
-        } catch (Exception e) {
-            transport.release();
-            logger.error("Error occured while processing request:", e);
-        }
-    }
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/86138490/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/impl/DefaultInternalAdminServerImpl.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/impl/DefaultInternalAdminServerImpl.java b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/impl/DefaultInternalAdminServerImpl.java
deleted file mode 100644
index 04af0e7..0000000
--- a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/impl/DefaultInternalAdminServerImpl.java
+++ /dev/null
@@ -1,80 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License. 
- *
- */
-package org.apache.kerby.kerberos.kerb.admin.server.impl;
-
-import org.apache.kerby.kerberos.kerb.admin.server.AdminServerContext;
-import org.apache.kerby.kerberos.kerb.admin.server.AdminServerSetting;
-import org.apache.kerby.kerberos.kerb.admin.server.AdminServerUtil;
-import org.apache.kerby.kerberos.kerb.transport.KdcNetwork;
-import org.apache.kerby.kerberos.kerb.transport.KrbTransport;
-import org.apache.kerby.kerberos.kerb.transport.TransportPair;
-
-import java.util.concurrent.ExecutorService;
-import java.util.concurrent.Executors;
-
-/**
- * A default admin server implementation.
- */
-public class DefaultInternalAdminServerImpl extends AbstractInternalAdminServer {
-    private ExecutorService executor;
-    private AdminServerContext adminContext;
-    private KdcNetwork network;
-
-    public DefaultInternalAdminServerImpl(AdminServerSetting adminSetting) {
-        super(adminSetting);
-    }
-
-    @Override
-    protected void doStart() throws Exception {
-        super.doStart();
-
-        prepareHandler();
-
-        executor = Executors.newCachedThreadPool();
-
-        network = new KdcNetwork() {
-            @Override
-            protected void onNewTransport(KrbTransport transport) {
-                DefaultAdminServerHandler kdcHandler = 
-                    new DefaultAdminServerHandler(adminContext, transport);
-                executor.execute(kdcHandler);
-            }
-        };
-
-        network.init();
-        TransportPair tpair = AdminServerUtil.getTransportPair(getSetting());
-        network.listen(tpair);
-        network.start();
-    }
-
-    private void prepareHandler() {
-        adminContext = new AdminServerContext(getSetting());
-        adminContext.setIdentityService(getIdentityService());
-    }
-
-    @Override
-    protected void doStop() throws Exception {
-        super.doStop();
-
-        network.stop();
-
-        executor.shutdownNow();
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/86138490/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/impl/InternalAdminServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/impl/InternalAdminServer.java b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/impl/InternalAdminServer.java
deleted file mode 100644
index f370380..0000000
--- a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/impl/InternalAdminServer.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License. 
- *
- */
-package org.apache.kerby.kerberos.kerb.admin.server.impl;
-
-import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.admin.server.AdminServerSetting;
-import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
-
-/**
- * An internal KDC server interface.
- */
-public interface InternalAdminServer {
-
-    /**
-     * Initialize.
-     * @throws KrbException e
-     */
-    void init() throws KrbException;
-
-    /**
-     * Start the KDC server.
-     * @throws KrbException e
-     */
-    void start() throws KrbException;
-
-    /**
-     * Stop the KDC server.
-     * @throws KrbException e
-     */
-    void stop() throws KrbException;
-
-    /**
-     * Get admin server setting.
-     * @return setting
-     */
-    AdminServerSetting getSetting();
-
-    /**
-     * Get identity backend.
-     * @return IdentityBackend
-     */
-    IdentityBackend getIdentityBackend();
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/86138490/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/passwd/PasswdServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/passwd/PasswdServer.java b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/passwd/PasswdServer.java
new file mode 100644
index 0000000..e6fffeb
--- /dev/null
+++ b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/passwd/PasswdServer.java
@@ -0,0 +1,251 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.server.passwd;
+
+import org.apache.kerby.KOptions;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.server.passwd.PasswdServerConfig;
+import org.apache.kerby.kerberos.kerb.admin.server.passwd.impl.InternalPasswdServer;
+import org.apache.kerby.kerberos.kerb.identity.backend.BackendConfig;
+import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
+
+import java.io.File;
+
+/**
+ * The implemented Kerberos passwd passwd API.
+ */
+public class PasswdServer {
+    private final PasswdServerConfig passwdServerConfig;
+    private final BackendConfig backendConfig;
+    private final PasswdServerSetting passwdServerSetting;
+    private final KOptions startupOptions;
+
+    private InternalPasswdServer innerPasswdServer;
+
+    /**
+     * Constructor passing both passwdConfig and backendConfig.
+     * @param passwdConfig The passwd config
+     * @param backendConfig The backend config
+     * @throws KrbException e
+     */
+    public PasswdServer(PasswdServerConfig passwdConfig,
+                        BackendConfig backendConfig) throws KrbException {
+        this.passwdServerConfig = passwdConfig;
+        this.backendConfig = backendConfig;
+        startupOptions = new KOptions();
+        passwdServerSetting = new PasswdServerSetting(startupOptions,
+            passwdConfig, backendConfig);
+    }
+
+    /**
+     * Constructor given confDir where 'passwd.conf' and 'backend.conf' should be
+     * available.
+     * passwd.conf, that contains passwd passwd related items.
+     * backend.conf, that contains identity backend related items.
+     *
+     * @param confDir The conf dir
+     * @throws KrbException e
+     */
+    public PasswdServer(File confDir) throws KrbException {
+        PasswdServerConfig tmpPasswdServerConfig =
+            PasswdServerUtil.getPasswdServerConfig(confDir);
+        if (tmpPasswdServerConfig == null) {
+            tmpPasswdServerConfig = new PasswdServerConfig();
+        }
+        this.passwdServerConfig = tmpPasswdServerConfig;
+
+        BackendConfig tmpBackendConfig = PasswdServerUtil.getBackendConfig(confDir);
+        if (tmpBackendConfig == null) {
+            tmpBackendConfig = new BackendConfig();
+        }
+        tmpBackendConfig.setConfDir(confDir);
+        this.backendConfig = tmpBackendConfig;
+
+        startupOptions = new KOptions();
+        passwdServerSetting = new PasswdServerSetting(startupOptions,
+            passwdServerConfig, backendConfig);
+    }
+
+    /**
+     * Default constructor.
+     */
+    public PasswdServer() {
+        passwdServerConfig = new PasswdServerConfig();
+        backendConfig = new BackendConfig();
+        startupOptions = new KOptions();
+        passwdServerSetting = new PasswdServerSetting(startupOptions,
+            passwdServerConfig, backendConfig);
+    }
+
+    /**
+     * Set Passwd realm for ticket request
+     * @param realm The passwd realm
+     */
+    public void setPasswdServerRealm(String realm) {
+        startupOptions.add(PasswdServerOption.ADMIN_REALM, realm);
+    }
+
+    /**
+     * Set Passwd host.
+     * @param passwdHost The passwd host
+     */
+    public void setPasswdHost(String passwdHost) {
+        startupOptions.add(org.apache.kerby.kerberos.kerb.admin.server.passwd.PasswdServerOption.ADMIN_HOST, passwdHost);
+    }
+
+    /**
+     * Set Passwd port.
+     * @param passwdPort The passwd port
+     */
+    public void setPasswdServerPort(int passwdPort) {
+        startupOptions.add(org.apache.kerby.kerberos.kerb.admin.server.passwd.PasswdServerOption.ADMIN_PORT, passwdPort);
+    }
+
+    /**
+     * Set Passwd tcp port.
+     * @param passwdTcpPort The passwd tcp port
+     */
+    public void setPasswdTcpPort(int passwdTcpPort) {
+        startupOptions.add(org.apache.kerby.kerberos.kerb.admin.server.passwd.PasswdServerOption.ADMIN_TCP_PORT, passwdTcpPort);
+    }
+
+    /**
+     * Set to allow UDP or not.
+     * @param allowUdp true if allow udp
+     */
+    public void setAllowUdp(boolean allowUdp) {
+        startupOptions.add(org.apache.kerby.kerberos.kerb.admin.server.passwd.PasswdServerOption.ALLOW_UDP, allowUdp);
+    }
+
+    /**
+     * Set to allow TCP or not.
+     * @param allowTcp true if allow tcp
+     */
+    public void setAllowTcp(boolean allowTcp) {
+        startupOptions.add(org.apache.kerby.kerberos.kerb.admin.server.passwd.PasswdServerOption.ALLOW_TCP, allowTcp);
+    }
+    /**
+     * Set Passwd udp port. Only makes sense when allowUdp is set.
+     * @param passwdUdpPort The passwd udp port
+     */
+    public void setPasswdUdpPort(int passwdUdpPort) {
+        startupOptions.add(org.apache.kerby.kerberos.kerb.admin.server.passwd.PasswdServerOption.ADMIN_UDP_PORT, passwdUdpPort);
+    }
+
+    /**
+     * Set runtime folder.
+     * @param workDir The work dir
+     */
+    public void setWorkDir(File workDir) {
+        startupOptions.add(org.apache.kerby.kerberos.kerb.admin.server.passwd.PasswdServerOption.WORK_DIR, workDir);
+    }
+
+    /**
+     * Allow to debug so have more logs.
+     */
+    public void enableDebug() {
+        startupOptions.add(org.apache.kerby.kerberos.kerb.admin.server.passwd.PasswdServerOption.ENABLE_DEBUG);
+    }
+
+    /**
+     * Allow to hook customized passwd implementation.
+     *
+     * @param innerPasswdServerImpl The inner passwd implementation
+     */
+    public void setInnerPasswdServerImpl(InternalPasswdServer innerPasswdServerImpl) {
+        startupOptions.add(org.apache.kerby.kerberos.kerb.admin.server.passwd.PasswdServerOption.INNER_ADMIN_IMPL, innerPasswdServerImpl);
+    }
+
+    /**
+     * Get Passwd setting from startup options and configs.
+     * @return setting
+     */
+    public org.apache.kerby.kerberos.kerb.admin.server.passwd.PasswdServerSetting getPasswdServerSetting() {
+        return passwdServerSetting;
+    }
+
+    /**
+     * Get the Passwd config.
+     * @return PasswdServerConfig
+     */
+    public PasswdServerConfig getPasswdServerConfig() {
+        return passwdServerConfig;
+    }
+
+    /**
+     * Get backend config.
+     *
+     * @return backend configuration
+     */
+    public BackendConfig getBackendConfig() {
+        return backendConfig;
+    }
+
+    /**
+     * Get identity service.
+     * @return IdentityService
+     */
+    public IdentityBackend getIdentityService() {
+        if (innerPasswdServer == null) {
+            throw new RuntimeException("Not init yet");
+        }
+        return innerPasswdServer.getIdentityBackend();
+    }
+
+    /**
+     * Initialize.
+     *
+     * @throws KrbException e.
+     */
+    public void init() throws KrbException {
+        if (startupOptions.contains(org.apache.kerby.kerberos.kerb.admin.server.passwd.PasswdServerOption.INNER_ADMIN_IMPL)) {
+            innerPasswdServer = (InternalPasswdServer) startupOptions.getOptionValue(
+                org.apache.kerby.kerberos.kerb.admin.server.passwd.PasswdServerOption.INNER_ADMIN_IMPL);
+        } else {
+            innerPasswdServer =
+                new org.apache.kerby.kerberos.kerb.admin.server.passwd.impl.DefaultInternalPasswdServerImpl(passwdServerSetting);
+        }
+
+        innerPasswdServer.init();
+    }
+
+    /**
+     * Start the Passwd passwd.
+     *
+     * @throws KrbException e.
+     */
+    public void start() throws KrbException {
+        if (innerPasswdServer == null) {
+            throw new RuntimeException("Not init yet");
+        }
+        innerPasswdServer.start();
+    }
+
+    /**
+     * Stop the Passwd passwd.
+     *
+     * @throws KrbException e.
+     */
+    public void stop() throws KrbException {
+        if (innerPasswdServer != null) {
+            innerPasswdServer.stop();
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/86138490/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/passwd/PasswdServerConfig.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/passwd/PasswdServerConfig.java b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/passwd/PasswdServerConfig.java
new file mode 100644
index 0000000..fdf6722
--- /dev/null
+++ b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/passwd/PasswdServerConfig.java
@@ -0,0 +1,94 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.server.passwd;
+
+
+import org.apache.kerby.kerberos.kerb.common.Krb5Conf;
+
+/**
+ * Kerb KDC side configuration API.
+ */
+public class PasswdServerConfig extends Krb5Conf {
+    private static final String KDCDEFAULT = "passwddefaults";
+
+    public boolean enableDebug() {
+        return getBoolean(PasswdServerConfigKey.KRB_DEBUG, true, KDCDEFAULT);
+    }
+
+    public String getPasswdServiceName() {
+        return getString(PasswdServerConfigKey.ADMIN_SERVICE_NAME, true, KDCDEFAULT);
+    }
+
+    public String getPasswdHost() {
+        return getString(PasswdServerConfigKey.ADMIN_HOST, true, KDCDEFAULT);
+    }
+
+    public int getPasswdPort() {
+        Integer passwdPort = getInt(PasswdServerConfigKey.ADMIN_PORT, true, KDCDEFAULT);
+        if (passwdPort != null && passwdPort > 0) {
+            return passwdPort.intValue();
+        }
+        return -1;
+    }
+
+    public int getPasswdTcpPort() {
+        Integer passwdTcpPort = getInt(PasswdServerConfigKey.ADMIN_TCP_PORT, true, KDCDEFAULT);
+        if (passwdTcpPort != null && passwdTcpPort > 0) {
+            return passwdTcpPort.intValue();
+        }
+        return getPasswdPort();
+    }
+
+    /**
+     * Is to allow TCP for KDC
+     * @return true to allow TCP, false otherwise
+     */
+    public Boolean allowTcp() {
+        return getBoolean(PasswdServerConfigKey.ADMIN_ALLOW_TCP, true, KDCDEFAULT)
+                || getInt(PasswdServerConfigKey.ADMIN_TCP_PORT, true, KDCDEFAULT) != null
+            || getInt(PasswdServerConfigKey.ADMIN_PORT, false, KDCDEFAULT) != null;
+    }
+
+    /**
+     * Is to allow UDP for KDC
+     * @return true to allow UDP, false otherwise
+     */
+    public Boolean allowUdp() {
+        return getBoolean(PasswdServerConfigKey.ADMIN_ALLOW_UDP, true, KDCDEFAULT)
+                || getInt(PasswdServerConfigKey.ADMIN_UDP_PORT, true, KDCDEFAULT) != null
+            || getInt(PasswdServerConfigKey.ADMIN_PORT, false, KDCDEFAULT) != null;
+    }
+
+    public int getPasswdUdpPort() {
+        Integer passwdUdpPort = getInt(PasswdServerConfigKey.ADMIN_UDP_PORT, true, KDCDEFAULT);
+        if (passwdUdpPort != null && passwdUdpPort > 0) {
+            return passwdUdpPort.intValue();
+        }
+        return getPasswdPort();
+    }
+
+    public String getPasswdRealm() {
+        return getString(PasswdServerConfigKey.ADMIN_REALM, true, KDCDEFAULT);
+    }
+
+    public String getPasswdDomain() {
+        return getString(PasswdServerConfigKey.ADMIN_DOMAIN, true, KDCDEFAULT);
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/86138490/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/passwd/PasswdServerConfigKey.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/passwd/PasswdServerConfigKey.java b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/passwd/PasswdServerConfigKey.java
new file mode 100644
index 0000000..50dc66b
--- /dev/null
+++ b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/passwd/PasswdServerConfigKey.java
@@ -0,0 +1,56 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.server.passwd;
+
+import org.apache.kerby.config.ConfigKey;
+
+public enum PasswdServerConfigKey implements ConfigKey {
+    KRB_DEBUG(true),
+    ADMIN_SERVICE_NAME("Kpasswd-Server"),
+    KDC_IDENTITY_BACKEND,
+    ADMIN_HOST("127.0.0.1"),
+    ADMIN_PORT,
+    ADMIN_ALLOW_TCP(true),
+    ADMIN_ALLOW_UDP(true),
+    ADMIN_UDP_PORT,
+    ADMIN_TCP_PORT,
+    ADMIN_DOMAIN("example.com"),
+    ADMIN_REALM("EXAMPLE.COM");
+
+    private Object defaultValue;
+
+    private PasswdServerConfigKey() {
+        this.defaultValue = null;
+    }
+
+    private PasswdServerConfigKey(Object defaultValue) {
+        this.defaultValue = defaultValue;
+    }
+
+    @Override
+    public String getPropertyKey() {
+        return name().toLowerCase();
+    }
+
+    @Override
+    public Object getDefaultValue() {
+        return this.defaultValue;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/86138490/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/passwd/PasswdServerContext.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/passwd/PasswdServerContext.java b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/passwd/PasswdServerContext.java
new file mode 100644
index 0000000..f5578a0
--- /dev/null
+++ b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/passwd/PasswdServerContext.java
@@ -0,0 +1,52 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.admin.server.passwd;
+
+import org.apache.kerby.kerberos.kerb.identity.IdentityService;
+
+public class PasswdServerContext {
+    private final PasswdServerSetting passwdServerSetting;
+
+    private IdentityService identityService;
+
+    public PasswdServerContext(PasswdServerSetting passwdServerSetting) {
+        this.passwdServerSetting = passwdServerSetting;
+    }
+
+    public PasswdServerSetting getPasswdServerSetting() {
+        return passwdServerSetting;
+    }
+
+    public PasswdServerConfig getConfig() {
+        return passwdServerSetting.getPasswdServerConfig();
+    }
+
+    public void setIdentityService(IdentityService identityService) {
+        this.identityService = identityService;
+    }
+
+    public IdentityService getIdentityService() {
+        return identityService;
+    }
+
+    public String getPasswdRealm() {
+        return passwdServerSetting.getPasswdRealm();
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/86138490/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/passwd/PasswdServerHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/passwd/PasswdServerHandler.java b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/passwd/PasswdServerHandler.java
new file mode 100644
index 0000000..984da10
--- /dev/null
+++ b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/passwd/PasswdServerHandler.java
@@ -0,0 +1,127 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.server.passwd;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.net.InetAddress;
+import java.nio.ByteBuffer;
+
+/**
+ * KDC handler to process client requests. Currently only one realm is supported.
+ */
+public class PasswdServerHandler {
+    private static final Logger LOG = LoggerFactory.getLogger(PasswdServerHandler.class);
+    private final PasswdServerContext passwdServerContext;
+
+    /**
+     * Constructor with passwd context.
+     *
+     * @param passwdServerContext passwd passwd context
+     */
+    public PasswdServerHandler(PasswdServerContext passwdServerContext) {
+        this.passwdServerContext = passwdServerContext;
+    }
+
+    /**
+     * Process the client request message.
+     *
+     * @throws KrbException e
+     * @param receivedMessage The client request message
+     * @param remoteAddress Address from remote side
+     * @return The response message
+     */
+    public ByteBuffer handleMessage(ByteBuffer receivedMessage,
+                                    InetAddress remoteAddress) throws KrbException {
+        return null;
+        /*
+        KrbMessage krbRequest;
+        KdcRequest passwdRequest = null;
+        KrbMessage krbResponse;
+
+        ByteBuffer message = receivedMessage.duplicate();
+
+        try {
+            krbRequest = KrbCodec.decodeMessage(receivedMessage);
+        } catch (IOException e) {
+            LOG.error("Krb decoding message failed", e);
+            throw new KrbException(KrbErrorCode.KRB_AP_ERR_MSG_TYPE, "Krb decoding message failed");
+        }
+
+        KrbMessageType messageType = krbRequest.getMsgType();
+        if (messageType == KrbMessageType.TGS_REQ || messageType
+                == KrbMessageType.AS_REQ) {
+            KdcReq passwdReq = (KdcReq) krbRequest;
+            String realm = getRequestRealm(passwdReq);
+            if (realm == null || !passwdContext.getPasswdRealm().equals(realm)) {
+                LOG.error("Invalid realm from passwd request: " + realm);
+                throw new KrbException("Invalid realm from passwd request: " + realm);
+            }
+
+            if (messageType == KrbMessageType.TGS_REQ) {
+                passwdRequest = new TgsRequest((TgsReq) passwdReq, passwdContext);
+            } else if (messageType == KrbMessageType.AS_REQ) {
+                passwdRequest = new AsRequest((AsReq) passwdReq, passwdContext);
+            } else {
+                LOG.error("Invalid message type: " + messageType);
+                throw new KrbException(KrbErrorCode.KRB_AP_ERR_MSG_TYPE);
+            }
+        }
+
+        // For checksum
+        if (passwdRequest == null) {
+            throw new KrbException("Kdc request is null.");
+        }
+        passwdRequest.setReqPackage(message);
+        if (remoteAddress == null) {
+            throw new KrbException("Remote address is null, not available.");
+        }
+        passwdRequest.setClientAddress(remoteAddress);
+        passwdRequest.isTcp(isTcp);
+
+        try {
+            passwdRequest.process();
+            krbResponse = passwdRequest.getReply();
+        } catch (KrbException e) {
+            if (e instanceof KdcRecoverableException) {
+                krbResponse = handleRecoverableException(
+                        (KdcRecoverableException) e, passwdRequest);
+            } else {
+                throw e;
+            }
+        }
+
+        int bodyLen = krbResponse.encodingLength();
+        ByteBuffer responseMessage;
+        if (isTcp) {
+            responseMessage = ByteBuffer.allocate(bodyLen + 4);
+            responseMessage.putInt(bodyLen);
+        } else {
+            responseMessage = ByteBuffer.allocate(bodyLen);
+        }
+        KrbCodec.encode(krbResponse, responseMessage);
+        responseMessage.flip();
+
+        return responseMessage;
+        */
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/86138490/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/passwd/PasswdServerImpl.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/passwd/PasswdServerImpl.java b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/passwd/PasswdServerImpl.java
new file mode 100644
index 0000000..8a34346
--- /dev/null
+++ b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/passwd/PasswdServerImpl.java
@@ -0,0 +1,250 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.server.passwd;
+
+import org.apache.kerby.KOptions;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.identity.backend.BackendConfig;
+import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
+import org.apache.kerby.kerberos.kerb.server.KdcConfig;
+import org.apache.kerby.kerberos.kerb.server.KdcServerOption;
+import org.apache.kerby.kerberos.kerb.server.KdcSetting;
+import org.apache.kerby.kerberos.kerb.server.KdcUtil;
+import org.apache.kerby.kerberos.kerb.server.impl.DefaultInternalKdcServerImpl;
+import org.apache.kerby.kerberos.kerb.server.impl.InternalKdcServer;
+
+import java.io.File;
+
+/**
+ * The implemented Kerberos Server API.
+ */
+public class PasswdServerImpl {
+    private final KdcConfig passwdConfig;
+    private final BackendConfig backendConfig;
+    private final KdcSetting passwdSetting;
+    private final KOptions startupOptions;
+
+    private InternalKdcServer innerKdc;
+
+    /**
+     * Constructor passing both passwdConfig and backendConfig.
+     * @param passwdConfig The passwd config
+     * @param backendConfig The backend config
+     * @throws KrbException e
+     */
+    public PasswdServerImpl(KdcConfig passwdConfig,
+                           BackendConfig backendConfig) throws KrbException {
+        this.passwdConfig = passwdConfig;
+        this.backendConfig = backendConfig;
+        startupOptions = new KOptions();
+        passwdSetting = new KdcSetting(startupOptions, passwdConfig, backendConfig);
+    }
+
+    /**
+     * Constructor given confDir where 'passwd.conf' and 'backend.conf' should be
+     * available.
+     * passwd.conf, that contains passwd passwd related items.
+     * backend.conf, that contains identity backend related items.
+     *
+     * @param confDir The conf dir
+     * @throws KrbException e
+     */
+    public PasswdServerImpl(File confDir) throws KrbException {
+        KdcConfig tmpKdcConfig = KdcUtil.getKdcConfig(confDir);
+        if (tmpKdcConfig == null) {
+            tmpKdcConfig = new KdcConfig();
+        }
+        this.passwdConfig = tmpKdcConfig;
+
+        BackendConfig tmpBackendConfig = KdcUtil.getBackendConfig(confDir);
+        if (tmpBackendConfig == null) {
+            tmpBackendConfig = new BackendConfig();
+        }
+        tmpBackendConfig.setConfDir(confDir);
+        this.backendConfig = tmpBackendConfig;
+
+        startupOptions = new KOptions();
+        passwdSetting = new KdcSetting(startupOptions, passwdConfig, backendConfig);
+    }
+
+    /**
+     * Default constructor.
+     */
+    public PasswdServerImpl() {
+        passwdConfig = new KdcConfig();
+        backendConfig = new BackendConfig();
+        startupOptions = new KOptions();
+        passwdSetting = new KdcSetting(startupOptions, passwdConfig, backendConfig);
+    }
+
+    /**
+     * Set KDC realm for ticket request
+     * @param realm The passwd realm
+     */
+    public void setKdcRealm(String realm) {
+        startupOptions.add(KdcServerOption.KDC_REALM, realm);
+    }
+
+    /**
+     * Set KDC host.
+     * @param passwdHost The passwd host
+     */
+    public void setKdcHost(String passwdHost) {
+        startupOptions.add(KdcServerOption.KDC_HOST, passwdHost);
+    }
+
+    /**
+     * Set KDC port.
+     * @param passwdPort The passwd port
+     */
+    public void setKdcPort(int passwdPort) {
+        startupOptions.add(KdcServerOption.KDC_PORT, passwdPort);
+    }
+
+    /**
+     * Set KDC tcp port.
+     * @param passwdTcpPort The passwd tcp port
+     */
+    public void setKdcTcpPort(int passwdTcpPort) {
+        startupOptions.add(KdcServerOption.KDC_TCP_PORT, passwdTcpPort);
+    }
+
+    /**
+     * Set to allow UDP or not.
+     * @param allowUdp true if allow udp
+     */
+    public void setAllowUdp(boolean allowUdp) {
+        startupOptions.add(KdcServerOption.ALLOW_UDP, allowUdp);
+    }
+
+    /**
+     * Set to allow TCP or not.
+     * @param allowTcp true if allow tcp
+     */
+    public void setAllowTcp(boolean allowTcp) {
+        startupOptions.add(KdcServerOption.ALLOW_TCP, allowTcp);
+    }
+    /**
+     * Set KDC udp port. Only makes sense when allowUdp is set.
+     * @param passwdUdpPort The passwd udp port
+     */
+    public void setKdcUdpPort(int passwdUdpPort) {
+        startupOptions.add(KdcServerOption.KDC_UDP_PORT, passwdUdpPort);
+    }
+
+    /**
+     * Set runtime folder.
+     * @param workDir The work dir
+     */
+    public void setWorkDir(File workDir) {
+        startupOptions.add(KdcServerOption.WORK_DIR, workDir);
+    }
+
+    /**
+     * Allow to debug so have more logs.
+     */
+    public void enableDebug() {
+        startupOptions.add(KdcServerOption.ENABLE_DEBUG);
+    }
+
+    /**
+     * Allow to hook customized passwd implementation.
+     *
+     * @param innerKdcImpl The inner passwd implementation
+     */
+    public void setInnerKdcImpl(InternalKdcServer innerKdcImpl) {
+        startupOptions.add(KdcServerOption.INNER_KDC_IMPL, innerKdcImpl);
+    }
+
+    /**
+     * Get KDC setting from startup options and configs.
+     * @return setting
+     */
+    public KdcSetting getKdcSetting() {
+        return passwdSetting;
+    }
+
+    /**
+     * Get the KDC config.
+     * @return PasswdServerConfig
+     */
+    public KdcConfig getKdcConfig() {
+        return passwdConfig;
+    }
+
+    /**
+     * Get backend config.
+     *
+     * @return backend configuration
+     */
+    public BackendConfig getBackendConfig() {
+        return backendConfig;
+    }
+
+    /**
+     * Get identity service.
+     * @return IdentityService
+     */
+    public IdentityBackend getIdentityService() {
+        if (innerKdc == null) {
+            throw new RuntimeException("Not init yet");
+        }
+        return innerKdc.getIdentityBackend();
+    }
+
+    /**
+     * Initialize.
+     *
+     * @throws KrbException e.
+     */
+    public void init() throws KrbException {
+        if (startupOptions.contains(KdcServerOption.INNER_KDC_IMPL)) {
+            innerKdc = (InternalKdcServer) startupOptions.getOptionValue(
+                    KdcServerOption.INNER_KDC_IMPL);
+        } else {
+            innerKdc = new DefaultInternalKdcServerImpl(passwdSetting);
+        }
+
+        innerKdc.init();
+    }
+
+    /**
+     * Start the KDC passwd.
+     *
+     * @throws KrbException e.
+     */
+    public void start() throws KrbException {
+        if (innerKdc == null) {
+            throw new RuntimeException("Not init yet");
+        }
+        innerKdc.start();
+    }
+
+    /**
+     * Stop the KDC passwd.
+     *
+     * @throws KrbException e.
+     */
+    public void stop() throws KrbException {
+        if (innerKdc != null) {
+            innerKdc.stop();
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/86138490/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/passwd/PasswdServerOption.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/passwd/PasswdServerOption.java b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/passwd/PasswdServerOption.java
new file mode 100644
index 0000000..dc9a9f2
--- /dev/null
+++ b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/passwd/PasswdServerOption.java
@@ -0,0 +1,52 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.server.passwd;
+
+import org.apache.kerby.KOption;
+import org.apache.kerby.KOptionInfo;
+import org.apache.kerby.KOptionType;
+
+/**
+ * KDC passwd startup options
+ */
+public enum PasswdServerOption implements KOption {
+    NONE(null),
+    INNER_ADMIN_IMPL(new KOptionInfo("inner KDC impl", "inner KDC impl", KOptionType.OBJ)),
+    ADMIN_REALM(new KOptionInfo("passwd realm", "passwd realm", KOptionType.STR)),
+    ADMIN_HOST(new KOptionInfo("passwd host", "passwd host", KOptionType.STR)),
+    ADMIN_PORT(new KOptionInfo("passwd port", "passwd port", KOptionType.INT)),
+    ALLOW_TCP(new KOptionInfo("allow tcp", "allow tcp", KOptionType.BOOL)),
+    ADMIN_TCP_PORT(new KOptionInfo("passwd tcp port", "passwd tcp port", KOptionType.INT)),
+    ALLOW_UDP(new KOptionInfo("allow udp", "allow udp", KOptionType.BOOL)),
+    ADMIN_UDP_PORT(new KOptionInfo("passwd udp port", "passwd udp port", KOptionType.INT)),
+    WORK_DIR(new KOptionInfo("work dir", "work dir", KOptionType.DIR)),
+    ENABLE_DEBUG(new KOptionInfo("enable debug", "enable debug", KOptionType.BOOL));
+
+    private final KOptionInfo optionInfo;
+
+    PasswdServerOption(KOptionInfo optionInfo) {
+        this.optionInfo = optionInfo;
+    }
+
+    @Override
+    public KOptionInfo getOptionInfo() {
+        return optionInfo;
+    }
+}


Mime
View raw message