directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Zheng, Kai" <kai.zh...@intel.com>
Subject RE: Leveraging Kerby Kerberos library in ApacheDS
Date Tue, 04 Aug 2015 02:13:06 GMT
Thanks Kiran for the confirm! I agree.

Regards,
Kai

From: Kiran Ayyagari [mailto:kayyagari@apache.org]
Sent: Tuesday, August 04, 2015 10:11 AM
To: Apache Directory Developers List
Subject: Re: Leveraging Kerby Kerberos library in ApacheDS

Hi Kai,

On Mon, Aug 3, 2015 at 11:03 PM, Zheng, Kai <kai.zheng@intel.com<mailto:kai.zheng@intel.com>>
wrote:
Hi Kiran,

Sorry for the late response. I got your point and agree we can have a standard configuration
format like
np
JSON or YAML in addition to krb5.conf format. Maybe we don’t have to get it done before
the first cut of release? How about doing it in 1.0.0-rc2? If ok let me fire an issue to bookmark
this proposal. Thanks.
I think we don't need to support anything else, cause we are already supporting the krb5.conf
so I think we are good without any additional config formats (except the LDAP format which
we can take
care of later)
wdyt?

Regards,
Kai

From: Kiran Ayyagari [mailto:kayyagari@apache.org<mailto:kayyagari@apache.org>]
Sent: Friday, July 31, 2015 2:46 PM

To: Apache Directory Developers List
Subject: Re: Leveraging Kerby Kerberos library in ApacheDS



On Fri, Jul 31, 2015 at 1:27 PM, Zheng, Kai <kai.zheng@intel.com<mailto:kai.zheng@intel.com>>
wrote:
>> once Kerby is matured enough then we can add a dependency on it in ApacheDS and integrate.
Is there any good sign in your view for the maturity? It looks reasonable, but should we wait
and do it then? I guess some pioneering work in ApacheDS side would be tried first.
my point was only w.r.t standardizing the configuration and stick to one/two formats

>> The current code base tries to support way too many configuration formats and I would
like to see it support only one format, well and complete.
Well, kerby-config may attempt to support various formats, but in the main/Kerberos part,
only MIT format is used right now. I agree we may support a ‘standard’ format if krb5.conf
isn’t any good standard. In your view, what’s left to be complete? Writing or generating
of configuration file in a format? Or whatever?
I am totally fine with using krb5.conf and perhaps we can just stick to it, ignoring all other
formats.
I have only checked various implementations present in the code, not checked if they are in
use
so proposed to support an additional format.

If we are already supporting krb5.conf then let us stick to it, and our effort can be diverted
to other parts

>> And then we can add a GUI config editor in Studio easily.
Did you mean we need to generate a config file after some editing using the GUI tool? Kerby-config
module allows to load configuration items from a Java Map/Properties, which may work here.
I mean, the edited values can be stored in any form and then all the values can be loaded
in a map for config to use.

no, no, just mentioning that if we have one format writing a config editor becomes easier

Regards,
Kai

From: Kiran Ayyagari [mailto:kayyagari@apache.org<mailto:kayyagari@apache.org>]
Sent: Friday, July 31, 2015 12:15 PM
To: Apache Directory Developers List
Subject: Re: Leveraging Kerby Kerberos library in ApacheDS



On Fri, Jul 31, 2015 at 6:49 AM, Zheng, Kai <kai.zheng@intel.com<mailto:kai.zheng@intel.com>>
wrote:
Hi all,

I’m thinking about what would be next steps after Kerby 1.0.0 out. We originally discussed
when Kerby is ready, we’ll replace existing Kerberos related codes to simplify the code
base in ApacheDS. This will include both the server and the studio. I thought this is important
for the parent project, IMHO, the code base with so many external dependencies is rather complicated
to move on (checking styles etc.), and also not easy to use. For example, so many modules,
just hard to figure out the combination when only need a part of it in my app.

once Kerby is matured enough then we can add a dependency on it in ApacheDS and integrate.

The concern that I have at the moment is Kerby's configuration, The current code base tries
to support
 way too many configuration formats and I would like to see it support only one format, well
and complete.
I am fine if we plan to support MIT krb5.conf format in _addition_ to our standard format
but having more than these two formats slows us down.

My personal preference would be to support JSON or YAML besides the krb5.conf. And then we
can add
 a GUI config editor in Studio easily.

Any thoughts?

Regards,
Kai



--
Kiran Ayyagari
http://keydap.com



--
Kiran Ayyagari
http://keydap.com



--
Kiran Ayyagari
http://keydap.com
Mime
View raw message