Return-Path: X-Original-To: apmail-directory-dev-archive@www.apache.org Delivered-To: apmail-directory-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 3388618C11 for ; Tue, 24 Nov 2015 08:54:16 +0000 (UTC) Received: (qmail 91466 invoked by uid 500); 24 Nov 2015 08:54:16 -0000 Delivered-To: apmail-directory-dev-archive@directory.apache.org Received: (qmail 91395 invoked by uid 500); 24 Nov 2015 08:54:16 -0000 Mailing-List: contact dev-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Apache Directory Developers List" Delivered-To: mailing list dev@directory.apache.org Received: (qmail 91373 invoked by uid 99); 24 Nov 2015 08:54:15 -0000 Received: from Unknown (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 24 Nov 2015 08:54:15 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 4527F1A0BCB; Tue, 24 Nov 2015 08:54:15 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.575 X-Spam-Level: X-Spam-Status: No, score=-0.575 tagged_above=-999 required=6.31 tests=[RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.554, SPF_PASS=-0.001] autolearn=disabled Received: from mx1-eu-west.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id uEo3wG0XP9Lp; Tue, 24 Nov 2015 08:54:14 +0000 (UTC) Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by mx1-eu-west.apache.org (ASF Mail Server at mx1-eu-west.apache.org) with ESMTP id 0C87024E19; Tue, 24 Nov 2015 08:54:12 +0000 (UTC) Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga103.jf.intel.com with ESMTP; 24 Nov 2015 00:54:03 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.20,338,1444719600"; d="scan'208";a="693239858" Received: from fmsmsx108.amr.corp.intel.com ([10.18.124.206]) by orsmga003.jf.intel.com with ESMTP; 24 Nov 2015 00:54:02 -0800 Received: from fmsmsx114.amr.corp.intel.com (10.18.116.8) by FMSMSX108.amr.corp.intel.com (10.18.124.206) with Microsoft SMTP Server (TLS) id 14.3.248.2; Tue, 24 Nov 2015 00:54:02 -0800 Received: from shsmsx103.ccr.corp.intel.com (10.239.4.69) by FMSMSX114.amr.corp.intel.com (10.18.116.8) with Microsoft SMTP Server (TLS) id 14.3.248.2; Tue, 24 Nov 2015 00:54:02 -0800 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.42]) by SHSMSX103.ccr.corp.intel.com ([169.254.4.138]) with mapi id 14.03.0248.002; Tue, 24 Nov 2015 16:53:54 +0800 From: "Li, Jiajia" To: "kerby@directory.apache.org" , "dev@directory.apache.org" Subject: RE: Kerby client library refactoring Thread-Topic: Kerby client library refactoring Thread-Index: AdEmd2d+kDNtvzviTFKkjWMa06g6YQABbzrQAAXuLAA= Date: Tue, 24 Nov 2015 08:53:53 +0000 Message-ID: <9037BCED616A964EB486B12FCA9DCFCF027AB59D@shsmsx102.ccr.corp.intel.com> References: <8D5F7E3237B3ED47B84CF187BB17B66611CD3F1C@SHSMSX152.ccr.corp.intel.com> <8D5F7E3237B3ED47B84CF187BB17B66611CD3F37@SHSMSX152.ccr.corp.intel.com> In-Reply-To: <8D5F7E3237B3ED47B84CF187BB17B66611CD3F37@SHSMSX152.ccr.corp.intel.com> Accept-Language: zh-CN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 It sounds great and will be easier to use these apis to write tools. Thanks Jiajia -----Original Message----- From: Zheng, Kai [mailto:kai.zheng@intel.com]=20 Sent: Tuesday, November 24, 2015 1:59 PM To: kerby@directory.apache.org; dev@directory.apache.org Subject: Kerby client library refactoring There are good feedbacks from Steve recently. Based on discussions with him= and Emmanuel, I assembled below thoughts. KrbClient and its relatives like KrbOption would be broken down according t= o supported mechanisms and functionalities. Eventually we would have these client side APIs for applications to use. =3D=3D KrbClient =3D=3D Focus on classical Kerberos protocol, allowing to request/update tickets to= KDC using password, keytab, credential cache and etc. =3D=3D KrbPkinitClient =3D=3D Support PKINIT mechanism, allowing to request tickets to KDC using anonymou= s and x509 certficate. =3D=3D KrbTokenClient =3D=3D Support standard JWT token, allowing to request tickets to KDC using JWT to= ken. =3D=3D KrbPwChange =3D=3D Change passwd client, interacting with KDC using the change password protoc= ol. =3D=3D KrbAdmin =3D=3D KDC admin utilities compatible with MIT kadmin tool in either local or remo= te mode. In remote mode interacting with KDC, though no spec standardizing= that. Note there're already keytab and credential cache utilities. All these components will define their own options with good specific descr= iptions; For the components that use configurations, krb5.conf is default f= ormat; For the components that interacts with KDC side servers, common netw= ork and message support will be used; All will provide both intuitive funct= ions and advanced function that supports directly calling into the underlyi= ng layer. These library APIs can be used to write tools like kinit, or embedded in ap= plications. It would be good to provide corresponding server side components or support= s, but not mandatory. Better to have at least for easier tests. When sounds good, we can break this down into smaller tasks and get the maj= or work done before the 1.0.0 formal release. Regards, Kai