directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Enrique Rodriguez" <enriqu...@gmail.com>
Subject [Kerberos] Ciient status
Date Fri, 22 Jun 2007 01:41:53 GMT
Hi, Directory developers,

Kerberos and Change Password clients are at a point where they at
least work for the most common cases.  If you set everything up
correctly, you can get TGTs, service tickets, and do password changes.
 I verified that the most common error conditions will be handled
properly.  Of particular note, the Kerberos client component can
already replace JAAS in the infamous SaslGssapiBindITest.  A
LoginModule wrapping the Kerberos client component should be trivial
to write.

Note that these are components, and not "clients" in the sense of
having a CLI or GUI.  A CLI or GUI must be added.  Options here are AD
Studio and Commons-CLI.  For now I'm just focusing on getting the
components working and covered with tests.

I still have to wire in all the typical options and write tests for
each of them.  Right now the default options work fine and so I think
the clients are in good enough shape for most people.  In other words,
if you stick to default config options, aka the "short form" at the
following page, you'll be able to test these client components:

http://cwiki.apache.org/confluence/display/DIRxSBOX/Draft+-+Kerberos+client+components

Again, this is pre-alpha code but you can check it out at:

$ svn co https://svn.apache.org/repos/asf/directory/clients/trunk/kerberos
kerberos-clients

There are Main classes for running the clients against a standalone
KDC.  I have integration tests locally, in server-unit, but I have a
bit of a chicken-n-egg problem where I need to add the client modules
to server-unit to run integration tests, but I hesitate adding such a
dep since the clients are so new.  And adding the server-unit deps to
the clients to run the integration tests in the clients results in a
cyclic dep for some reason.  I'll keep working on the test situation
but for now you can look at how the API is shaping up.

Enrique

Mime
View raw message