directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Karasulu <aok...@bellsouth.net>
Subject Re: [kerberos] Adding kerberos to main
Date Mon, 02 May 2005 00:12:52 GMT
Enrique Rodriguez wrote:

> Alex Karasulu wrote:
>
>> Alex Karasulu wrote:
>>
>>> Enrique,
>>>
>>> The KerberosProtocolProvider constructor takes a KdcConfiguration 
>>> and a PrincipalStore argument.  I was adding support for the 
>>> Kerberos service to the executable.  This is to get he 0.9 release 
>>> out with Kerberos.  I was wondering what implementation of 
>>> PrincipalStore you were using.  I basically got stuck when I was 
>>> instantiating KerberosProtocolProvider.
>>
>>
>>
>> Ok I just found PrincipalStoreImpl ... looks really really thin (few 
>> lines).  Is this sufficient?  What pattern (Command pattern?) did you 
>> use with this ContextOperation?
>
>
> Yes, the implementation of PrincipalStore to use is PrincipalStoreImpl.
>
> Yes, the PrincipalStoreImpl is thin as the beef is in the Command 
> (pattern) objects.  Since it works, I believe that it is sufficient. 
> I've never seen accessors on Command objects, as you committed, nor do 
> I see why they are ever useful.

It's not about accessors.  As a rule you should never make members 
anything but private (you had them as protected).  If they need 
protected access you just expose a protected accessor for them rather 
than making the variable itself protected.

>
>>> BTW while going through the code I noticed a few things and had some 
>>> concerns regarding our upcoming release.
>>>
>>> There is barely any documentation in most of the Kerberos code.  
>>> Primarily referring to javadocs and a user guide.  If we are 
>>> releasing Kerberos we need some documentation.  In general (this 
>>> goes for me too) this project has to do a better job at getting 
>>> Javadocs done.   Furthermoe we need some sort of user guide similar 
>>> to the one for the ldap portion of apacheds.  Here's what I'm 
>>> referring to exactly:
>>>
>>> http://directory.apache.org/subprojects/apacheds/users/index.html
>>>
>>> I was asking myself how our users will be able to figure out a means 
>>> to configure the kerberos server.   There really is no guide at this 
>>> point and we're about to announce that we have a Kerberos server for 
>>> them inside ApacheDS.  At a bare minimum before we release we need 
>>> to describe all the different environment options.  WDYT?
>>
>
> You are right that I should create some user doco.  However, I don't 
> think it should be about the environment properties, as we planned to 
> move these into the system partition.  

Even if temporary you can't expect users to figure this out on their 
own.  Keep in mind releases are for users not us.  We talked about 
releasing the Kerberos service with ApacheDS on 0.9.  Kerberos and all 
the parameters needed to run and control it must have some kind of doco 
before a release.  Releases expose us as a TLP as well as the 
foundation.  We must make sure we maintain the quality with what is 
expected of an Apache project.  If the quality of this project is to be 
maintained we cannot start thinking, "this is temporary so I will not 
documenet it."  Even if its in a minimal form you need to take better 
care of users.

> A major selling point of ApacheDS was that instead of messing with 
> props and command-line interfaces, you could use nice GUI systems over 
> LDAP or JMX.  I see all this props stuff as temporary, so I'd rather 
> not document it since I'm hoping we can toss most of it.

You are right I agree with you here in terms of what should be the right 
way to go.  This still does not change our duties today even if dealing 
with temporary circumstances.  The quality of the Kerberos product is 
dependent on documentation as well as code. 

> What makes sense to make configurable for this release is the user and 
> service principals, which means doco about the schema we are using to 
> back Kerberos principals, so people can start to use JXplorer or the 
> LDIF files to work with user and service principals.  I will get on that.

We cannot release ApacheDS with Kerberos unless there is some real doco 
so users know what they can do with a 0.9 download.

    - Alex


Mime
View raw message