Return-Path: Delivered-To: apmail-directory-dev-archive@www.apache.org Received: (qmail 1889 invoked from network); 10 May 2007 22:32:27 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 10 May 2007 22:32:26 -0000 Received: (qmail 83979 invoked by uid 500); 10 May 2007 22:32:25 -0000 Delivered-To: apmail-directory-dev-archive@directory.apache.org Received: (qmail 83454 invoked by uid 500); 10 May 2007 22:32:23 -0000 Mailing-List: contact dev-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Apache Directory Developers List" Delivered-To: mailing list dev@directory.apache.org Received: (qmail 83406 invoked by uid 99); 10 May 2007 22:32:23 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 10 May 2007 15:32:23 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: domain of enriquer9@gmail.com designates 64.233.184.228 as permitted sender) Received: from [64.233.184.228] (HELO wr-out-0506.google.com) (64.233.184.228) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 10 May 2007 15:32:16 -0700 Received: by wr-out-0506.google.com with SMTP id 25so744677wry for ; Thu, 10 May 2007 15:31:55 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=XoTFwTzHHMl3FoytJU2TrIsmn7fzp5HguSl8MUuMbiRhDRZZB41eftQWyVmqem0PJ/gn+mgeEyAWMeoObYm7HsQ1WUSOBkdEK3AG52rBhULApUjq4GWLlb0myWCVGqJYer/++LbnUouoBN7D1897IV5hkddqNlk2xNR89hen38A= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=Fuy2zy6z7I5kwTNcs/Bhbr9jlIOe9aQ17Xc3QffnC/uPtpmcmxOTudoBGsBIz3LIy1Rgw/UsVfwdiU0kz1X6y36L2NUhOb34USs9wLZc8w5yFd0vJ4RQQQLtAMe6fIJe+gxMcvtlxrHyQDxw3e4+HblMYzXxCI7UomwEPzkZ/zA= Received: by 10.114.178.1 with SMTP id a1mr696899waf.1178836315005; Thu, 10 May 2007 15:31:55 -0700 (PDT) Received: by 10.115.111.11 with HTTP; Thu, 10 May 2007 15:31:54 -0700 (PDT) Message-ID: <568753d90705101531l299cc40cobb443cfa53a41bc8@mail.gmail.com> Date: Thu, 10 May 2007 15:31:54 -0700 From: "Enrique Rodriguez" Reply-To: erodriguez@apache.org To: "Apache Directory Developers List" Subject: Preferred command-line client library MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Virus-Checked: Checked by ClamAV on apache.org Hi, Directory developers, I started working towards "supporting Kerberos key provisioning (export)" (DIRSERVER-898). I got it working in unit tests. By adding a service principal to the DIT by LDAP, with 'userPassword' set to "randomKey," the KeyDerivationService creates 5 Kerberos keys for the principal. These random keys then need to be read from the DIT and written to a file, so they can be used with Kerberized services. For example, if you want to use SSHD or OpenLDAP server using Kerberos credentials you need to put these keys on the service host, similar to how you configure an SSL cert for Apache HTTPD. The unit tests write to a file that looks like this when read using 'klist' (I truncated the output for emailing): $ klist -5ket /path/to/test.keytab Keytab name: FILE:/path/to/test.keytab KVNO Timestamp Principal ---- ----------------- -------------------------------------------------------- 0 05/09/07 19:14:10 ldap/ldap.example.com@EXAMPLE.COM (AES-128 CTS mode ... 0 05/09/07 19:14:10 ldap/ldap.example.com@EXAMPLE.COM (ArcFour with HMAC/md5) 0 05/09/07 19:14:10 ldap/ldap.example.com@EXAMPLE.COM (Triple DES cbc mode ... 0 05/09/07 19:14:10 ldap/ldap.example.com@EXAMPLE.COM (AES-256 CTS mode ... 0 05/09/07 19:14:10 ldap/ldap.example.com@EXAMPLE.COM (DES cbc mode with ... Anyway, I want to make this into a command-line client, so I was wondering can you recommend a CLI library? I'm anticipating some command line arguments. Or is it better to just roll my own quick CLI helper? Enrique