directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Enrique Rodriguez <enriqu...@gmail.com>
Subject Re: Summer of Code Application
Date Mon, 13 Jun 2005 18:29:56 GMT
Hi,

Regarding the Summer of Code, I'll add a few points on ApacheDS projects 
and repeat what Trustin noted, for completeness.

1)  DHCP - DHCP codecs work, but without broadcast support in MINA and, 
fundamentally, in NIO, there isn't much to be done here until NIO2 in 
(hopefully) JDK 1.6.  I stopped here, so the handler workflow isn't 
totally complete, but should be straight-forward once MINA/NIO supports 
broadcast.  I consider this code dead until then and not a worthwhile 
project.

2)  DNS - DNS codecs and workflow are in good shape.  As Trustin 
mentioned, the handlers need to get wired into the ApacheDS backing 
store.  Right now I have the handler stubbed out to simply echo the DNS 
query as the response, but it is actually decoding and encoding.  Some 
time ago Alex added the DNS schema to the ApacheDS backend, so that 
should be ready to go.  This is seriously only a couple days work, but 
we put it on hold for a number of other initiatives and lack of demand. 
  What's missing, but probably not worth a summer of work, are the 
myriad of RFC's that add record types.  I coded in the most widely used 
ones, the ones supported by the schema, such as A and MX, but there are 
quite a few more.

3)  Kerberos - Kerberos is also mostly working, and tested for interop 
with Windows and Linux.  The major feature missing from RFC 1510 is 
cross realm authentication, aka trust relationships.  I have this on my 
plate already, and it is mostly backend work, figuring out now how I 
want to lay this out in the DIT.  From more recent clarifications 
documents, we are missing more modern encryption types, but these look 
to be basic assembly based on crypto in the JDK or Bouncy Castle.

4)  NTP - NTP is pretty much done.  It really just needs to be wired 
into the ApacheDS server at some point.  One possible project here is 
NTP authentication.  I didn't do any work on that, but the field is 
supported by the codecs.  NTP has no configuration, so part of tying it 
into ApacheDS would be to at least make the port configurable.

So, same projects that would be good to do over the summer:

5)  DNS GSS-TSIG - RFC 3645 - Generic Security Service Algorithm for 
Secret Key Transaction Authentication for DNS (GSS-TSIG).  I would be 
willing to mentor someone on this:

http://www.faqs.org/rfcs/rfc3645.html

6)  Kerberos RC4-HMAC encryption type.  This would be a nice project and 
would require next to zero messy integration work.  The package 
directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/crypto 
has the encryption engines, and you'd be writing a new one of these to 
produce Kerberos Cipher Text based on the RC4-HMAC algorithm.

http://mirror.aarnet.edu.au/pub/samba/specs/draft-brezak-win2k-krb-rc4-hmac-02.txt

There are also a couple "new" encryption types based on AES that we 
don't support, but combined with this RC4-HMAC engine, would add up to a 
nice-sized project.

7)  LDAP ACL - I know we want this but I'm no expert here, just familiar 
from a usage standpoint with OpenLDAP.  In the past Alex has mentioned 
RFC's 2820, 2829, 3112, and 3062.

8)  ApacheDS backing store - We don't talk about this much, but I don't 
think many of us like the JDBM backing store.  We've talked about doing 
versions with Derby or Prevayler.  JDBM has not had a release since 2001 
and doesn't appear to be in active development.  I seem to recall also 
that the performance stats were poor.

9)  SASL - SASL has been discussed a bunch on this list.  I refer you to 
the archives.  Specifically, we'd like to add GSS-API/Kerberos support.

-enrique


Mime
View raw message