directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny" <>
Subject Re: [Kerberos] Ciient status
Date Fri, 22 Jun 2007 13:03:24 GMT

I have a question : atm, we have to inject an LDIF file to setup
initial users. Is it possible to have a specific UI/GUI/CLI to create
a new user whithout crafting an LDIF file by hand ?

Otherwise, I'm interested in helping you to get a kerberos-unit
working, as without unit tests, the code is really impossible to
modify, as we don't have any way to do regression tests. Last, not
least, I think that the new codec implementation can be done for
subparts of the kerberos ASN.1 grammar. I have almost half of the
state machines designed (using an UML tool to do so), which is the
first step to get a decoder working.

May be we can discuss this point on IRC, so that I can jump into the
train faster.


On 6/22/07, Enrique Rodriguez <> wrote:
> Hi, Directory developers,
> Kerberos and Change Password clients are at a point where they at
> least work for the most common cases.  If you set everything up
> correctly, you can get TGTs, service tickets, and do password changes.
>  I verified that the most common error conditions will be handled
> properly.  Of particular note, the Kerberos client component can
> already replace JAAS in the infamous SaslGssapiBindITest.  A
> LoginModule wrapping the Kerberos client component should be trivial
> to write.
> Note that these are components, and not "clients" in the sense of
> having a CLI or GUI.  A CLI or GUI must be added.  Options here are AD
> Studio and Commons-CLI.  For now I'm just focusing on getting the
> components working and covered with tests.
> I still have to wire in all the typical options and write tests for
> each of them.  Right now the default options work fine and so I think
> the clients are in good enough shape for most people.  In other words,
> if you stick to default config options, aka the "short form" at the
> following page, you'll be able to test these client components:
> Again, this is pre-alpha code but you can check it out at:
> $ svn co
> kerberos-clients
> There are Main classes for running the clients against a standalone
> KDC.  I have integration tests locally, in server-unit, but I have a
> bit of a chicken-n-egg problem where I need to add the client modules
> to server-unit to run integration tests, but I hesitate adding such a
> dep since the clients are so new.  And adding the server-unit deps to
> the clients to run the integration tests in the clients results in a
> cyclic dep for some reason.  I'll keep working on the test situation
> but for now you can look at how the API is shaping up.
> Enrique

Emmanuel L├ęcharny

View raw message