This is excellent!  Will try to look over the doco soon.

Alex

On 3/9/07, Enrique Rodriguez <enriquer9@gmail.com > wrote:
Hi, Directory developers,

I moved an old page called "Security initiatives" from the Safehaus
Confluence site over to our Sandbox.  Also, I updated that page to
reflect a suite of features I'd like to work on to improve our
usability as a realm controller.  In particular, the current work in
the SASL branch is going to force us to deal with some aspects of user
management and Kerberos key provisioning.  I don't think any of this
will be technically hard, but it will mean integrating a bunch of work
that hasn't been integrated before, such as LDAP, Kerberos, and some
of the great features in the core.  The basic "todo" list is:

o  Add SASL GSSAPI authentication to the LDAP protocol.
o  Close the loop on Kerberos key provisioning - make it easier to get
keys into the directory and to get keys out.
o  Centralize password management

More at:

http://cwiki.apache.org/confluence/display/DIRxSBOX/Security+Initiatives

Enrique