directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Enrique Rodriguez (JIRA)" <>
Subject [jira] Closed: (DIRSERVER-897) Support automatic centralized key generation for Kerberos principals
Date Sat, 30 Jun 2007 08:04:04 GMT


Enrique Rodriguez closed DIRSERVER-897.

    Resolution: Fixed

With r552114 key derivation is working well.  Keys will automatically be derived for principals
by LDAP, LDIF, or Change Password.  Usage of the KeyDerivationService interceptor is described,
in context, in a number of lessons in the ApacheDS 1.5 Advanced User's Guide (AUG) and the
Interop site:


> Support automatic centralized key generation for Kerberos principals
> --------------------------------------------------------------------
>                 Key: DIRSERVER-897
>                 URL:
>             Project: Directory ApacheDS
>          Issue Type: Improvement
>          Components: changepw, core, kerberos, ldap
>            Reporter: Enrique Rodriguez
>            Assignee: Enrique Rodriguez
>             Fix For: 1.5.1
> We need to make it easier to get keys into the directory. Today we can get keys in with
console LDIF load or OSGi console command.  We can also change keys with Change Password.
 However, each mechanism has its own code for changing key material.  Also, changes made by
LDAP protocol don't result in keys being generated.  We should centralize key derivation and
random key generation using an interceptor or triggers.  This would allow standard LDAP and
JNDI-based admin of user principals.
> Centralizing the code to derive or generate keys will also make it much easier to expand
the encryption types we support.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message