directory-kerby mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: state of KDC
Date Fri, 03 Jul 2015 09:09:17 GMT
On Fri, Jul 3, 2015 at 4:43 PM, Zheng, Kai <kai.zheng@intel.com> wrote:

> Yeah, I agree.
>
> One thing to note is we're making use of JIRA not very well in my view.
> For most features we added, we have JIRA entries. The bad thing is they got
> very few inputs. I thought we should rely more on JIRA system to discuss so
> they could be tracked well for following contributors, as most ASF projects
> do.
>

you are all using JIRA well, but it is only referred when one is working on
a issue.
>From now onwards sending a summary note before making any significant
changes, cause I believe
the code base is already huge.


> Regards,
> Kai
>
> -----Original Message-----
> From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> Sent: Friday, July 03, 2015 4:34 PM
> To: kerby@directory.apache.org
> Subject: Re: state of KDC
>
> On Fri, Jul 3, 2015 at 4:24 PM, Zheng, Kai <kai.zheng@intel.com> wrote:
>
> > Thanks Jiajia for sorting this out! It's helpful to learn about the
> > new project. Maybe we should have such status update or lighter ones
> regularly?
> >
> >
> it is a good practice to let the team know before if you are planning to
> add any new features or any _significant_ changes to the code base.
>
>
> Regards,
> > Kai
> >
> > -----Original Message-----
> > From: Li, Jiajia [mailto:jiajia.li@intel.com]
> > Sent: Friday, July 03, 2015 4:02 PM
> > To: kerby@directory.apache.org
> > Subject: RE: state of KDC
> >
> > Refine the format for easying reading.
> >
> > Kerby Status Summary
> >
> > Supported(done and almost done):
> > 1. Kerberos library:
> >     a) KrbClient API
> >     b) KDC server API
> >     c) Kadmin API
> >     d) Credential cache and keytab utilities
> >
> > 2. Provides a standalone KDC server .
> >
> > 3. Supports various identity backends including:
> >     a) MemoryIdentityBackend
> >     b) JsonIdentityBackend
> >     c) LdapIdentityBackend
> >     d) ZookeeperIdentityBackend
> >     e) MavibotBackend.
> >
> > 4. Provides an embedded KDC server named SimpleKdcServer that
> > applications can easily integrate into products, unit tests or
> integration tests.
> >
> > 5. Supports FAST/Preauthentication framework to allow popular and
> > useful authentication mechanisms.
> >
> > 6. Supports Token Preauth mechanism to allow clients to request
> > tickets using JWT tokens.
> >
> > 7. Client can request a TGT with:
> >     a) User plain password credential
> >     b) User keyTab
> >     c) User token credential
> >
> > 8. Client can request a service ticket with:
> >     a) user TGT credential for a server
> >     b) user AccessToken credential for a server
> >
> > 9. Network support including UDP and TCP transport with two
> > implementations:
> >     a) Default implementation based on the JRE without depending on
> > other libraries.
> >     b) Netty based implementation for better throughput, lower latency.
> >
> > 10. Tools:
> >     a) kadmin: Command-line interfaces to the Kerby administration
> system.
> >     b) kinit: Obtains and caches an initial ticket-granting ticket for
> > principal.
> >     c) klist: Lists the Kerby principal and tickets held in a
> > credentials cache, or the keys held in a keytab file.
> >
> > 11. Provides support for JAAS, GSSAPI and SASL frameworks that
> > applications can leverage the authentication mechanisms provided by
> Kerby.
> >
> > In progress:
> > 1. Supports PKINIT mechanism to allow clients to request tickets using
> > x509 certificate credentials. (50% is finished)
> >
> > 2. Server scripts for Kerby KDC.
> >
> > 3. Building support: checking style and find bugs.
> >
> > 4. Integration and compatible tests.
> >
> > 5. Building the web site.
> >
> > Plan to do:
> > 1. Supports OTP mechanism to allow clients to request tickets using
> > One Time Password.
> >
> > 2. Consolidate the existing Change Password protocol implementation.
> >
> > 3. REST representation for Kadmin interface.
> >
> > 4. Implement remote mode kadmin tool based on Kadmin REST API
> >
> > 5. Web management console to simplify the configuration and management
> >
> > 6. Write the admin guide and user guide.
> >
> > 7. Implementing cross-realm support.
> >
> > Please look at here https://github.com/apache/directory-kerby for
> details.
> >
> > Thanks
> > Jiajia
> >
> > -----Original Message-----
> > From: Li, Jiajia [mailto:jiajia.li@intel.com]
> > Sent: Friday, July 03, 2015 3:43 PM
> > To: kerby@directory.apache.org
> > Subject: RE: state of KDC
> >
> > Kerby Status Summary
> >
> > Supported(done and almost done):
> > 1.      Kerberos library:
> >    KrbClient API
> >    KDC server API
> >    Kadmin API
> >    Credential cache and keytab utilities
> > 2.      Provides a standalone KDC server .
> > 3.      Supports various identity backends including:
> > a)      MemoryIdentityBackend
> > b)      JsonIdentityBackend
> > c)      LdapIdentityBackend
> > d)      ZookeeperIdentityBackend
> > e)      MavibotBackend.
> > 4.      Provides an embedded KDC server named SimpleKdcServer that
> > applications can easily integrate into products, unit tests or
> > integration tests.
> > 5.      Supports FAST/Preauthentication framework to allow popular and
> > useful authentication mechanisms.
> > 6.      Supports Token Preauth mechanism to allow clients to request
> > tickets using JWT tokens.
> > 7.      Client can request a TGT with:
> > a)      User plain password credential
> > b)      User keyTab
> > c)      User token credential
> > 8.      Client can request a service ticket with:
> > a)      user TGT credential for a server
> > b)      user AccessToken credential for a server
> > 9.      Network support including UDP and TCP transport with two
> > implementations:
> > a)      Default implementation based on the JRE without depending on
> other
> > libraries.
> > b)      Netty based implementation for better throughput, lower latency.
> > 10.     Tools:
> > a)      kadmin: Command-line interfaces to the Kerby administration
> system.
> > b)      kinit: Obtains and caches an initial ticket-granting ticket for
> > principal.
> > c)      klist: Lists the Kerby principal and tickets held in a
> credentials
> > cache, or the keys held in a keytab file.
> > 11.     Provides support for JAAS, GSSAPI and SASL frameworks that
> > applications can leverage the authentication mechanisms provided by
> Kerby.
> >
> > In progress:
> > 1.      Supports PKINIT mechanism to allow clients to request tickets
> > using x509 certificate credentials. (50% is finished)
> > 2.      Server scripts for Kerby KDC.
> > 3.      Building support: checking style and find bugs.
> > 4.      Integration and compatible tests.
> > 5.      Building the web site.
> >
> > Plan to do:
> > 1.      Supports OTP mechanism to allow clients to request tickets using
> > One Time Password.
> > 2.      Consolidate the existing Change Password protocol implementation.
> > 3.      REST representation for Kadmin interface.
> > 4.      Implement remote mode kadmin tool based on Kadmin REST API
> > 5.      Web management console to simplify the configuration and
> management
> > 6.      Write the admin guide and user guide.
> > 7.      Implementing cross-realm support.
> >
> > Please look at here https://github.com/apache/directory-kerby for
> details.
> >
> >
> > Thanks
> > Jiajia
> >
> > -----Original Message-----
> > From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> > Sent: Friday, July 03, 2015 11:33 AM
> > To: kerby@directory.apache.org
> > Subject: state of KDC
> >
> > Can anyone summarize what our KDC can and cannot do?
> >
> > I want to know what features are currently supported and what not and
> > what are in progress.
> >
> > thank you
> >
> > --
> > Kiran Ayyagari
> > http://keydap.com
> >
> >
>
>
> --
> Kiran Ayyagari
> http://keydap.com
>



-- 
Kiran Ayyagari
http://keydap.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message