directory-kerby mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Zheng, Kai" <kai.zh...@intel.com>
Subject RE: state of KDC
Date Fri, 03 Jul 2015 08:54:30 GMT
This is the master JIRA that almost lists all the sub-tasks.
https://issues.apache.org/jira/browse/DIRKRB-102

-----Original Message-----
From: Zheng, Kai [mailto:kai.zheng@intel.com] 
Sent: Friday, July 03, 2015 4:43 PM
To: kerby@directory.apache.org
Subject: RE: state of KDC

Yeah, I agree. 

One thing to note is we're making use of JIRA not very well in my view. For most features
we added, we have JIRA entries. The bad thing is they got very few inputs. I thought we should
rely more on JIRA system to discuss so they could be tracked well for following contributors,
as most ASF projects do.

Regards,
Kai

-----Original Message-----
From: Kiran Ayyagari [mailto:kayyagari@apache.org]
Sent: Friday, July 03, 2015 4:34 PM
To: kerby@directory.apache.org
Subject: Re: state of KDC

On Fri, Jul 3, 2015 at 4:24 PM, Zheng, Kai <kai.zheng@intel.com> wrote:

> Thanks Jiajia for sorting this out! It's helpful to learn about the 
> new project. Maybe we should have such status update or lighter ones regularly?
>
>
it is a good practice to let the team know before if you are planning to add any new features
or any _significant_ changes to the code base.


Regards,
> Kai
>
> -----Original Message-----
> From: Li, Jiajia [mailto:jiajia.li@intel.com]
> Sent: Friday, July 03, 2015 4:02 PM
> To: kerby@directory.apache.org
> Subject: RE: state of KDC
>
> Refine the format for easying reading.
>
> Kerby Status Summary
>
> Supported(done and almost done):
> 1. Kerberos library:
>     a) KrbClient API
>     b) KDC server API
>     c) Kadmin API
>     d) Credential cache and keytab utilities
>
> 2. Provides a standalone KDC server .
>
> 3. Supports various identity backends including:
>     a) MemoryIdentityBackend
>     b) JsonIdentityBackend
>     c) LdapIdentityBackend
>     d) ZookeeperIdentityBackend
>     e) MavibotBackend.
>
> 4. Provides an embedded KDC server named SimpleKdcServer that 
> applications can easily integrate into products, unit tests or integration tests.
>
> 5. Supports FAST/Preauthentication framework to allow popular and 
> useful authentication mechanisms.
>
> 6. Supports Token Preauth mechanism to allow clients to request 
> tickets using JWT tokens.
>
> 7. Client can request a TGT with:
>     a) User plain password credential
>     b) User keyTab
>     c) User token credential
>
> 8. Client can request a service ticket with:
>     a) user TGT credential for a server
>     b) user AccessToken credential for a server
>
> 9. Network support including UDP and TCP transport with two
> implementations:
>     a) Default implementation based on the JRE without depending on 
> other libraries.
>     b) Netty based implementation for better throughput, lower latency.
>
> 10. Tools:
>     a) kadmin: Command-line interfaces to the Kerby administration system.
>     b) kinit: Obtains and caches an initial ticket-granting ticket for 
> principal.
>     c) klist: Lists the Kerby principal and tickets held in a 
> credentials cache, or the keys held in a keytab file.
>
> 11. Provides support for JAAS, GSSAPI and SASL frameworks that 
> applications can leverage the authentication mechanisms provided by Kerby.
>
> In progress:
> 1. Supports PKINIT mechanism to allow clients to request tickets using
> x509 certificate credentials. (50% is finished)
>
> 2. Server scripts for Kerby KDC.
>
> 3. Building support: checking style and find bugs.
>
> 4. Integration and compatible tests.
>
> 5. Building the web site.
>
> Plan to do:
> 1. Supports OTP mechanism to allow clients to request tickets using 
> One Time Password.
>
> 2. Consolidate the existing Change Password protocol implementation.
>
> 3. REST representation for Kadmin interface.
>
> 4. Implement remote mode kadmin tool based on Kadmin REST API
>
> 5. Web management console to simplify the configuration and management
>
> 6. Write the admin guide and user guide.
>
> 7. Implementing cross-realm support.
>
> Please look at here https://github.com/apache/directory-kerby for details.
>
> Thanks
> Jiajia
>
> -----Original Message-----
> From: Li, Jiajia [mailto:jiajia.li@intel.com]
> Sent: Friday, July 03, 2015 3:43 PM
> To: kerby@directory.apache.org
> Subject: RE: state of KDC
>
> Kerby Status Summary
>
> Supported(done and almost done):
> 1.      Kerberos library:
>    KrbClient API
>    KDC server API
>    Kadmin API
>    Credential cache and keytab utilities
> 2.      Provides a standalone KDC server .
> 3.      Supports various identity backends including:
> a)      MemoryIdentityBackend
> b)      JsonIdentityBackend
> c)      LdapIdentityBackend
> d)      ZookeeperIdentityBackend
> e)      MavibotBackend.
> 4.      Provides an embedded KDC server named SimpleKdcServer that
> applications can easily integrate into products, unit tests or 
> integration tests.
> 5.      Supports FAST/Preauthentication framework to allow popular and
> useful authentication mechanisms.
> 6.      Supports Token Preauth mechanism to allow clients to request
> tickets using JWT tokens.
> 7.      Client can request a TGT with:
> a)      User plain password credential
> b)      User keyTab
> c)      User token credential
> 8.      Client can request a service ticket with:
> a)      user TGT credential for a server
> b)      user AccessToken credential for a server
> 9.      Network support including UDP and TCP transport with two
> implementations:
> a)      Default implementation based on the JRE without depending on other
> libraries.
> b)      Netty based implementation for better throughput, lower latency.
> 10.     Tools:
> a)      kadmin: Command-line interfaces to the Kerby administration system.
> b)      kinit: Obtains and caches an initial ticket-granting ticket for
> principal.
> c)      klist: Lists the Kerby principal and tickets held in a credentials
> cache, or the keys held in a keytab file.
> 11.     Provides support for JAAS, GSSAPI and SASL frameworks that
> applications can leverage the authentication mechanisms provided by Kerby.
>
> In progress:
> 1.      Supports PKINIT mechanism to allow clients to request tickets
> using x509 certificate credentials. (50% is finished)
> 2.      Server scripts for Kerby KDC.
> 3.      Building support: checking style and find bugs.
> 4.      Integration and compatible tests.
> 5.      Building the web site.
>
> Plan to do:
> 1.      Supports OTP mechanism to allow clients to request tickets using
> One Time Password.
> 2.      Consolidate the existing Change Password protocol implementation.
> 3.      REST representation for Kadmin interface.
> 4.      Implement remote mode kadmin tool based on Kadmin REST API
> 5.      Web management console to simplify the configuration and management
> 6.      Write the admin guide and user guide.
> 7.      Implementing cross-realm support.
>
> Please look at here https://github.com/apache/directory-kerby for details.
>
>
> Thanks
> Jiajia
>
> -----Original Message-----
> From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> Sent: Friday, July 03, 2015 11:33 AM
> To: kerby@directory.apache.org
> Subject: state of KDC
>
> Can anyone summarize what our KDC can and cannot do?
>
> I want to know what features are currently supported and what not and 
> what are in progress.
>
> thank you
>
> --
> Kiran Ayyagari
> http://keydap.com
>
>


--
Kiran Ayyagari
http://keydap.com
Mime
View raw message