directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Moyer (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIRKRB-450) Allow to pass KdcOption related options from KinitTool down to KrbClient
Date Wed, 18 Nov 2015 16:21:11 GMT

    [ https://issues.apache.org/jira/browse/DIRKRB-450?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15011300#comment-15011300
] 

Steve Moyer commented on DIRKRB-450:
------------------------------------

[Pull request #2](https://github.com/apache/directory-kerby/pull/2) on GitHub resolves this
issue.  In order to mimc the MIT kinit program, the KinitTool needs to be updated with code
that requests a TGT as follows:

    KrbClient client = new KrbClient();
    
    client.setKdcHost(KDC_HOST);
    client.setKdcUdpPort(KDC_PORT);
    client.setKdcTcpPort(KDC_PORT);
    client.setKdcRealm(KDC_REALM);
    client.setAllowTcp(true);
    client.setAllowUdp(true);
    client.setTimeout(5000);

    try {
      client.init();
    } catch (KrbException e1) {
      // TODO Auto-generated catch block
      e1.printStackTrace();
    }

    try {

      KOptions requestOptions = new KOptions();
      requestOptions.add(KrbOption.CLIENT_PRINCIPAL, CLIENT_PRINCIPAL);
      requestOptions.add(KrbOption.USE_PASSWD, true);
      requestOptions.add(KrbOption.USER_PASSWD, CLIENT_PASSWORD);

      requestOptions.add(KrbOption.FORWARDABLE, true);
      requestOptions.add(KrbOption.PROXIABLE, true);
      requestOptions.add(KrbOption.RENEWABLE_OK, true);

      TgtTicket tgTicket = client.requestTgtWithOptions(requestOptions);
    } catch (KrbException e) {
      e.printStackTrace();
    }

This code results in a

> Allow to pass KdcOption related options from KinitTool down to KrbClient
> ------------------------------------------------------------------------
>
>                 Key: DIRKRB-450
>                 URL: https://issues.apache.org/jira/browse/DIRKRB-450
>             Project: Directory Kerberos
>          Issue Type: Sub-task
>            Reporter: Steve Moyer
>            Assignee: Steve Moyer
>
> Currently, only KrbOptions can be set when making calls to the KrbClient.  At a minimum
a method with a signature like the following would suffice:
>     public TgtTicket requestTgtWithOptions(KOptions requestOptions, KdcOptions kdcOptions);
> I'd be interested in having a more general discussion about the future direction of the
Kerby client since we need the existing KrbClient functionality (which is KDC focused) as
well as (remote) kpasswd and kadmin functionality.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message