directory-kerby mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: state of KDC
Date Wed, 19 Aug 2015 11:33:02 GMT
+1 for proceeding with the release.

Colm.

On Wed, Aug 19, 2015 at 9:54 AM, Li, Jiajia <jiajia.li@intel.com> wrote:

> Refine the format.
>
> Kerby Status Summary
>
> From July 30 to August 19, 26 JIRA issues were resolved, including
> following:
> 1.  Update building the websites
> 2.  Update the admin guide and user guide.
> 3.  Complete the java doc of important APIs.
> 4.  Check the codebase and add license headers for missing places.
> 5.  Add a BUILDING readme to document the supported build options.
> 6.  Add JsonBackendBenchmark.
> 7.  Fix kadmin break down when input command is illegal.
> 8.  Fix throw KrbException problem when authentication fails.
> 9.  Glob filter for command list_principal and ktadd of Kadmin.
> 10. Debug option and usage fixup for the tools.
> 11. Create krb5.conf for kadmin authentication with jaas.
> 12. Fix Maven pom project version issues.
> 13. Serializable classes serialVersionUID field missing.
> 14. Raw Types should be parameterized.
> 15. Resource leaks in IOUtil and ToolUtil.
> 16. Fix some check style issues.
> 17. Refined kdc init tool and backend.
> 18. Fix some tests.
> 19. Change the version of mavibot dependency to 1.0.0-M8.
>
> Pkinit branch:
> 1. Merge from mater and fix some checkstyle issues.
> 2. Discuss in the community about how to implement the pkinit feature and
> find out the next things we can do.
>
> The remaining things listed as TODOs in July 30’s status are done.
> So could we think about cut the first release(1.0.0-RC1)?
> Is there anything we have to do for the release but gets missed? If no,
> how to proceed? Thanks for thinking about this!
>
> Thanks
> Jiajia
>
>
> -----Original Message-----
> From: Li, Jiajia [mailto:jiajia.li@intel.com]
> Sent: Wednesday, August 19, 2015 4:50 PM
> To: kerby@directory.apache.org
> Subject: RE: state of KDC
>
> Kerby Status Summary
>
> From July 30 to August 19, 26 JIRA issues were resolved, including
> following:
> 1.  Update building the websites
> 2.  Update the admin guide and user guide.
> 3.  Complete the java doc of important APIs 4.  Check the codebase and add
> license headers for missing places.
> 5.  Add a BUILDING readme to document the supported build options 6.  Add
> JsonBackendBenchmark 7.  Fix kadmin break down when input command is
> illegal 8.  Fix throw KrbException problem when authentication fails 9.
> Glob filter for command list_principal and ktadd of Kadmin 10.  Debug
> option and usage fixup for the tools 11.  Create krb5.conf for kadmin
> authentication with jaas.
> 12.  Fix Maven pom project version issues 13.  Serializable classes
> serialVersionUID field missing 14.  Raw Types should be parameterized.
> 15.  Resource leaks in IOUtil and ToolUtil.
> 16.  Fix some check style issues.
> 17.  Refined kdc init tool and backend
> 18.  Fix some tests
> 19.  Change the version of mavibot dependency to 1.0.0-M8.
>
> Pkinit branch:
> 1. Merge from mater and fix some checkstyle issues.
> 2. Discuss in the community about how to implement the pkinit feature and
> find out the next things we can do.
>
> The remaining things listed as TODOs in July 30’s status are done.
> So could we think about cut the first release(1.0.0-RC1)?
> Is there anything we have to do for the release but gets missed? If no,
> how to proceed? Thanks for thinking about this!
>
> Thanks
> Jiajia
>
>
> -----Original Message-----
> From: Li, Jiajia [mailto:jiajia.li@intel.com]
> Sent: Thursday, July 30, 2015 12:52 PM
> To: kerby@directory.apache.org
> Subject: RE: state of KDC
>
> Kerby Status Summary
>
> From July 3 to July 30, 60+ JIRA features were resolved, including
> following features:
> 1.      Add checkstyle plugin and fix all the checking style issues
> 2.      Add findbugs plugin and fix findbugs issues
> 3.      Add application server and client using GSSAPI/KRB to authenticate
> mutually
> 4.      Add some SASL tests using real application client and server
> 5.      Add the eclipse formatting rules
> 6.      Extract cache facility from abstract class into a separate backend
> 7.      Refine the kdc-dist, tool-dist and kerby-kdc package
> 8.      Removing page and sort search in the backend
> 9.      Add some scripts for windows
> 10.     Add some logs and binding Log4j with SLF4j
> 11.     Promote kerby-config and kerby-util as top level modules
> 12.     Add the kdcinit tool, allows an administrator to perform
> procedures on the KDC backend
> 13.     Add the authentication for kadmin tool before any operations
> 14.     Add the end to end test for the token mechanism
> 15.     Update the website and github readmes
>
> TODO(before the first release)
> 1.  Update building the website(include download content) 2.  Update the
> admin guide and user guide.
> 3.  Complete the java doc of important APIs
>
> Would you let me know if you think some important features need to be done
> before the release.
> And could we think about how and when to cut a first release(1.0.0-RC1)?
>
> Thanks
> Jiajia
>
> -----Original Message-----
> From: Li, Jiajia [mailto:jiajia.li@intel.com]
> Sent: Friday, July 03, 2015 4:02 PM
> To: kerby@directory.apache.org
> Subject: RE: state of KDC
>
> Refine the format for easying reading.
>
> Kerby Status Summary
>
> Supported(done and almost done):
> 1. Kerberos library:
>     a) KrbClient API
>     b) KDC server API
>     c) Kadmin API
>     d) Credential cache and keytab utilities
>
> 2. Provides a standalone KDC server .
>
> 3. Supports various identity backends including:
>     a) MemoryIdentityBackend
>     b) JsonIdentityBackend
>     c) LdapIdentityBackend
>     d) ZookeeperIdentityBackend
>     e) MavibotBackend.
>
> 4. Provides an embedded KDC server named SimpleKdcServer that applications
> can easily integrate into products, unit tests or integration tests.
>
> 5. Supports FAST/Preauthentication framework to allow popular and useful
> authentication mechanisms.
>
> 6. Supports Token Preauth mechanism to allow clients to request tickets
> using JWT tokens.
>
> 7. Client can request a TGT with:
>     a) User plain password credential
>     b) User keyTab
>     c) User token credential
>
> 8. Client can request a service ticket with:
>     a) user TGT credential for a server
>     b) user AccessToken credential for a server
>
> 9. Network support including UDP and TCP transport with two
> implementations:
>     a) Default implementation based on the JRE without depending on other
> libraries.
>     b) Netty based implementation for better throughput, lower latency.
>
> 10. Tools:
>     a) kadmin: Command-line interfaces to the Kerby administration system.
>     b) kinit: Obtains and caches an initial ticket-granting ticket for
> principal.
>     c) klist: Lists the Kerby principal and tickets held in a credentials
> cache, or the keys held in a keytab file.
>
> 11. Provides support for JAAS, GSSAPI and SASL frameworks that
> applications can leverage the authentication mechanisms provided by Kerby.
>
> In progress:
> 1. Supports PKINIT mechanism to allow clients to request tickets using
> x509 certificate credentials. (50% is finished)
>
> 2. Server scripts for Kerby KDC.
>
> 3. Building support: checking style and find bugs.
>
> 4. Integration and compatible tests.
>
> 5. Building the web site.
>
> Plan to do:
> 1. Supports OTP mechanism to allow clients to request tickets using One
> Time Password.
>
> 2. Consolidate the existing Change Password protocol implementation.
>
> 3. REST representation for Kadmin interface.
>
> 4. Implement remote mode kadmin tool based on Kadmin REST API
>
> 5. Web management console to simplify the configuration and management
>
> 6. Write the admin guide and user guide.
>
> 7. Implementing cross-realm support.
>
> Please look at here https://github.com/apache/directory-kerby for details.
>
> Thanks
> Jiajia
>
> -----Original Message-----
> From: Li, Jiajia [mailto:jiajia.li@intel.com]
> Sent: Friday, July 03, 2015 3:43 PM
> To: kerby@directory.apache.org
> Subject: RE: state of KDC
>
> Kerby Status Summary
>
> Supported(done and almost done):
> 1.      Kerberos library:
>    KrbClient API
>    KDC server API
>    Kadmin API
>    Credential cache and keytab utilities
> 2.      Provides a standalone KDC server .
> 3.      Supports various identity backends including:
> a)      MemoryIdentityBackend
> b)      JsonIdentityBackend
> c)      LdapIdentityBackend
> d)      ZookeeperIdentityBackend
> e)      MavibotBackend.
> 4.      Provides an embedded KDC server named SimpleKdcServer that
> applications can easily integrate into products, unit tests or integration
> tests.
> 5.      Supports FAST/Preauthentication framework to allow popular and
> useful authentication mechanisms.
> 6.      Supports Token Preauth mechanism to allow clients to request
> tickets using JWT tokens.
> 7.      Client can request a TGT with:
> a)      User plain password credential
> b)      User keyTab
> c)      User token credential
> 8.      Client can request a service ticket with:
> a)      user TGT credential for a server
> b)      user AccessToken credential for a server
> 9.      Network support including UDP and TCP transport with two
> implementations:
> a)      Default implementation based on the JRE without depending on other
> libraries.
> b)      Netty based implementation for better throughput, lower latency.
> 10.     Tools:
> a)      kadmin: Command-line interfaces to the Kerby administration system.
> b)      kinit: Obtains and caches an initial ticket-granting ticket for
> principal.
> c)      klist: Lists the Kerby principal and tickets held in a credentials
> cache, or the keys held in a keytab file.
> 11.     Provides support for JAAS, GSSAPI and SASL frameworks that
> applications can leverage the authentication mechanisms provided by Kerby.
>
> In progress:
> 1.      Supports PKINIT mechanism to allow clients to request tickets
> using x509 certificate credentials. (50% is finished)
> 2.      Server scripts for Kerby KDC.
> 3.      Building support: checking style and find bugs.
> 4.      Integration and compatible tests.
> 5.      Building the web site.
>
> Plan to do:
> 1.      Supports OTP mechanism to allow clients to request tickets using
> One Time Password.
> 2.      Consolidate the existing Change Password protocol implementation.
> 3.      REST representation for Kadmin interface.
> 4.      Implement remote mode kadmin tool based on Kadmin REST API
> 5.      Web management console to simplify the configuration and management
> 6.      Write the admin guide and user guide.
> 7.      Implementing cross-realm support.
>
> Please look at here https://github.com/apache/directory-kerby for details.
>
>
> Thanks
> Jiajia
>
> -----Original Message-----
> From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> Sent: Friday, July 03, 2015 11:33 AM
> To: kerby@directory.apache.org
> Subject: state of KDC
>
> Can anyone summarize what our KDC can and cannot do?
>
> I want to know what features are currently supported and what not and what
> are in progress.
>
> thank you
>
> --
> Kiran Ayyagari
> http://keydap.com
>
>


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message