Return-Path: Delivered-To: apmail-directory-dev-archive@www.apache.org Received: (qmail 4334 invoked from network); 22 Jun 2007 01:42:16 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 22 Jun 2007 01:42:16 -0000 Received: (qmail 64323 invoked by uid 500); 22 Jun 2007 01:42:19 -0000 Delivered-To: apmail-directory-dev-archive@directory.apache.org Received: (qmail 64277 invoked by uid 500); 22 Jun 2007 01:42:19 -0000 Mailing-List: contact dev-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Apache Directory Developers List" Delivered-To: mailing list dev@directory.apache.org Received: (qmail 64265 invoked by uid 99); 22 Jun 2007 01:42:19 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 21 Jun 2007 18:42:19 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: domain of enriquer9@gmail.com designates 209.85.146.182 as permitted sender) Received: from [209.85.146.182] (HELO wa-out-1112.google.com) (209.85.146.182) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 21 Jun 2007 18:42:15 -0700 Received: by wa-out-1112.google.com with SMTP id k40so617260wah for ; Thu, 21 Jun 2007 18:41:54 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=LMpxyuezckmuudCXuL4cil1ehfgx8Zo64/RYB4wY/v236/wFb5CL4eZUI6uroUVa51Zxm3fqT5BPlBtYHCRHMNsrqmqyVW3XYNPsW0pxFSafCbhomnkTIU4ySPvc7576B5FGZFrBFH2v9dxcrJ8jH3FFQAj5ZiBEF9h6Ze4kLRU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=COgyYroVAWdUhLEWZBnbd/h6WUhxf0P16KNrZPUvwLHCbZthoYS7vC+9n6PL4sjIybEzf/Qy/jii8QcIEuiRXcAj+/WiqoRj94UfTnY+Ve6tT/cGkx06ibRrnUTT5u++vqP/xoBIsC4Va5e8/ujorY/345b4VeziayLsBkmlF3U= Received: by 10.114.81.1 with SMTP id e1mr2352835wab.1182476513907; Thu, 21 Jun 2007 18:41:53 -0700 (PDT) Received: by 10.114.67.5 with HTTP; Thu, 21 Jun 2007 18:41:53 -0700 (PDT) Message-ID: <568753d90706211841m13f9a96bt4b4018e8c02043b@mail.gmail.com> Date: Thu, 21 Jun 2007 18:41:53 -0700 From: "Enrique Rodriguez" Reply-To: erodriguez@apache.org To: "Apache Directory Developers List" Subject: [Kerberos] Ciient status MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Virus-Checked: Checked by ClamAV on apache.org Hi, Directory developers, Kerberos and Change Password clients are at a point where they at least work for the most common cases. If you set everything up correctly, you can get TGTs, service tickets, and do password changes. I verified that the most common error conditions will be handled properly. Of particular note, the Kerberos client component can already replace JAAS in the infamous SaslGssapiBindITest. A LoginModule wrapping the Kerberos client component should be trivial to write. Note that these are components, and not "clients" in the sense of having a CLI or GUI. A CLI or GUI must be added. Options here are AD Studio and Commons-CLI. For now I'm just focusing on getting the components working and covered with tests. I still have to wire in all the typical options and write tests for each of them. Right now the default options work fine and so I think the clients are in good enough shape for most people. In other words, if you stick to default config options, aka the "short form" at the following page, you'll be able to test these client components: http://cwiki.apache.org/confluence/display/DIRxSBOX/Draft+-+Kerberos+client+components Again, this is pre-alpha code but you can check it out at: $ svn co https://svn.apache.org/repos/asf/directory/clients/trunk/kerberos kerberos-clients There are Main classes for running the clients against a standalone KDC. I have integration tests locally, in server-unit, but I have a bit of a chicken-n-egg problem where I need to add the client modules to server-unit to run integration tests, but I hesitate adding such a dep since the clients are so new. And adding the server-unit deps to the clients to run the integration tests in the clients results in a cyclic dep for some reason. I'll keep working on the test situation but for now you can look at how the API is shaping up. Enrique