directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pierre-Arnaud Marcelot ...@marcelot.net>
Subject [Shared] [LDAP API] Additional classes and method arguments for GSSAPI binds
Date Mon, 14 Feb 2011 08:05:48 GMT
Hi Dev,

These last days, I've been reviewing Authentication in Studio using the LDAP API.
I'm happy to say that all the Authentication methods that were supported in Studio with JNDI
are also working (not yet with the same options, though) with the LDAP API integrated in Studio.
This includes:
- All encryption methods
- No encryption
- SSL encryption (LDAPS)
- StartTLS via exended operation
- All authentication methods
- No authentication (anonymous)
- Simple authentication
- DIGEST-MD5 (SASL)
- CRAM-MD5 (SASL)
- GSSAPI (Kerberos)

That said, there are still some options which are not (yet) available in the LDAP API for
some authentication methods (specifically SASL and GSSAPI) like:
- For SASL
- Quality of Protection
- Protection Strength
- Mutual Authentication
- For Kerberos
- Use native TGT for Kerberos Credential Configuration
- Use native system configuration 
- Use a specific configuration file

All these new settings will increase the, already long, list of parameters for the SASL and
GSSAPI methods.
To resolve that, I'd like to add new classes that will hold all these informations and can
be passed to the SASL and GSSAPI methods.
We could keep one or two general methods for each type of authentication with the most commonly
used parameters and a more generic approach with the use of these new "configuration holder"
classes.

Thoughts?

One more question.
Should we push this into Shared-1.0.0-M1 or wait for the next iteration?

Regards
Pierre-Arnaud Marcelot 
Mime
View raw message