directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Enrique Rodriguez <>
Subject Re: [kerberos] Adding kerberos to main
Date Sun, 01 May 2005 17:33:44 GMT
Alex Karasulu wrote:
> Alex Karasulu wrote:
>> Enrique,
>> The KerberosProtocolProvider constructor takes a KdcConfiguration and 
>> a PrincipalStore argument.  I was adding support for the Kerberos 
>> service to the executable.  This is to get he 0.9 release out with 
>> Kerberos.  I was wondering what implementation of PrincipalStore you 
>> were using.  I basically got stuck when I was instantiating 
>> KerberosProtocolProvider.
> Ok I just found PrincipalStoreImpl ... looks really really thin (few 
> lines).  Is this sufficient?  What pattern (Command pattern?) did you 
> use with this ContextOperation?

Yes, the implementation of PrincipalStore to use is PrincipalStoreImpl.

Yes, the PrincipalStoreImpl is thin as the beef is in the Command 
(pattern) objects.  Since it works, I believe that it is sufficient. 
I've never seen accessors on Command objects, as you committed, nor do I 
see why they are ever useful.

>> BTW while going through the code I noticed a few things and had some 
>> concerns regarding our upcoming release.
>> There is barely any documentation in most of the Kerberos code.  
>> Primarily referring to javadocs and a user guide.  If we are releasing 
>> Kerberos we need some documentation.  In general (this goes for me 
>> too) this project has to do a better job at getting Javadocs done.   
>> Furthermoe we need some sort of user guide similar to the one for the 
>> ldap portion of apacheds.  Here's what I'm referring to exactly:
>> I was asking myself how our users will be able to figure out a means 
>> to configure the kerberos server.   There really is no guide at this 
>> point and we're about to announce that we have a Kerberos server for 
>> them inside ApacheDS.  At a bare minimum before we release we need to 
>> describe all the different environment options.  WDYT?

You are right that I should create some user doco.  However, I don't 
think it should be about the environment properties, as we planned to 
move these into the system partition.  A major selling point of ApacheDS 
was that instead of messing with props and command-line interfaces, you 
could use nice GUI systems over LDAP or JMX.  I see all this props stuff 
as temporary, so I'd rather not document it since I'm hoping we can toss 
most of it.

What makes sense to make configurable for this release is the user and 
service principals, which means doco about the schema we are using to 
back Kerberos principals, so people can start to use JXplorer or the 
LDIF files to work with user and service principals.  I will get on that.

>> Thanks,
>> Alex

View raw message