directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Moyer (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (DIRKRB-450) Allow to pass KdcOption related options from KinitTool down to KrbClient
Date Wed, 18 Nov 2015 16:26:10 GMT

    [ https://issues.apache.org/jira/browse/DIRKRB-450?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15011300#comment-15011300
] 

Steve Moyer edited comment on DIRKRB-450 at 11/18/15 4:26 PM:
--------------------------------------------------------------

[Pull request #2](https://github.com/apache/directory-kerby/pull/2) on GitHub resolves this
issue.  In order to mimc the MIT kinit program, the KinitTool needs to be updated with code
that requests a TGT as follows:

{code:java}
    KrbClient client = new KrbClient();
    
    client.setKdcHost(KDC_HOST);
    client.setKdcUdpPort(KDC_PORT);
    client.setKdcTcpPort(KDC_PORT);
    client.setKdcRealm(KDC_REALM);
    client.setAllowTcp(true);
    client.setAllowUdp(true);
    client.setTimeout(5000);

    try {
      client.init();
    } catch (KrbException e1) {
      // TODO Auto-generated catch block
      e1.printStackTrace();
    }

    try {

      KOptions requestOptions = new KOptions();
      requestOptions.add(KrbOption.CLIENT_PRINCIPAL, CLIENT_PRINCIPAL);
      requestOptions.add(KrbOption.USE_PASSWD, true);
      requestOptions.add(KrbOption.USER_PASSWD, CLIENT_PASSWORD);

      requestOptions.add(KrbOption.FORWARDABLE, true);
      requestOptions.add(KrbOption.PROXIABLE, true);
      requestOptions.add(KrbOption.RENEWABLE_OK, true);

      TgtTicket tgTicket = client.requestTgtWithOptions(requestOptions);
    } catch (KrbException e) {
      e.printStackTrace();
    }
{code}

This code results in an AsRequest that mimics the one generated by the MIT kinit program.
 See DIRKRB-440 for a screenshot of an AsRequest sent by the MIT kinit utility.

!https://issues.apache.org/jira/secure/attachment/12773021/kerby-mit-like-tgtrequest.png!


was (Author: smoyer1):
[Pull request #2](https://github.com/apache/directory-kerby/pull/2) on GitHub resolves this
issue.  In order to mimc the MIT kinit program, the KinitTool needs to be updated with code
that requests a TGT as follows:

{code:java}
    KrbClient client = new KrbClient();
    
    client.setKdcHost(KDC_HOST);
    client.setKdcUdpPort(KDC_PORT);
    client.setKdcTcpPort(KDC_PORT);
    client.setKdcRealm(KDC_REALM);
    client.setAllowTcp(true);
    client.setAllowUdp(true);
    client.setTimeout(5000);

    try {
      client.init();
    } catch (KrbException e1) {
      // TODO Auto-generated catch block
      e1.printStackTrace();
    }

    try {

      KOptions requestOptions = new KOptions();
      requestOptions.add(KrbOption.CLIENT_PRINCIPAL, CLIENT_PRINCIPAL);
      requestOptions.add(KrbOption.USE_PASSWD, true);
      requestOptions.add(KrbOption.USER_PASSWD, CLIENT_PASSWORD);

      requestOptions.add(KrbOption.FORWARDABLE, true);
      requestOptions.add(KrbOption.PROXIABLE, true);
      requestOptions.add(KrbOption.RENEWABLE_OK, true);

      TgtTicket tgTicket = client.requestTgtWithOptions(requestOptions);
    } catch (KrbException e) {
      e.printStackTrace();
    }
{code}

This code results in a

> Allow to pass KdcOption related options from KinitTool down to KrbClient
> ------------------------------------------------------------------------
>
>                 Key: DIRKRB-450
>                 URL: https://issues.apache.org/jira/browse/DIRKRB-450
>             Project: Directory Kerberos
>          Issue Type: Sub-task
>            Reporter: Steve Moyer
>            Assignee: Steve Moyer
>         Attachments: kerby-mit-like-tgtrequest.png
>
>
> Currently, only KrbOptions can be set when making calls to the KrbClient.  At a minimum
a method with a signature like the following would suffice:
>     public TgtTicket requestTgtWithOptions(KOptions requestOptions, KdcOptions kdcOptions);
> I'd be interested in having a more general discussion about the future direction of the
Kerby client since we need the existing KrbClient functionality (which is KDC focused) as
well as (remote) kpasswd and kadmin functionality.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message