directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Enrique Rodriguez (JIRA)" <>
Subject [jira] Created: (DIRSERVER-897) Support automatic centralized key generation for Kerberos principals
Date Mon, 09 Apr 2007 06:19:32 GMT
Support automatic centralized key generation for Kerberos principals

                 Key: DIRSERVER-897
             Project: Directory ApacheDS
          Issue Type: Improvement
          Components: changepw, core, kerberos, ldap
            Reporter: Enrique Rodriguez
         Assigned To: Enrique Rodriguez
             Fix For: 1.5.1

We need to make it easier to get keys into the directory. Today we can get keys in with console
LDIF load or OSGi console command.  We can also change keys with Change Password.  However,
each mechanism has its own code for changing key material.  Also, changes made by LDAP protocol
don't result in keys being generated.  We should centralize key derivation and random key
generation using an interceptor or triggers.  This would allow standard LDAP and JNDI-based
admin of user principals.

Centralizing the code to derive or generate keys will also make it much easier to expand the
encryption types we support.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message