You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Steve Moyer (JIRA)" <ji...@apache.org> on 2013/04/16 18:13:16 UTC
[jira] [Commented] (DIRKRB-4) Provide Kerberos client
[ https://issues.apache.org/jira/browse/DIRKRB-4?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13632951#comment-13632951 ]
Steve Moyer commented on DIRKRB-4:
----------------------------------
h1. Preliminary (light-weight) specifications for a cross-platform client:
h2. Server support
The Kerberos Client shall support the following servers:
* Active Directory Kerberos server
* Apache Directory Server Kerberos server
* Heimdal Kerberos server
* MIT Kerberos server
h2. Client functionality
The client functionality shall be available from the KerberosClient class. It's functions shall be divided into the following three categories:
* Authentication
* Self-serve password changing (kpasswd)
* Administration of principals (kadmin)
Each of these categories provide the functions listed in the sections below.
h3. Authentication
* Authenticate
* Get TGT
* Get TGS
h3. Self-serve password changing (kpasswd - see the protocol in the references below for command description, syntax and responses)
* QUIT
* CHECKPW
* CHANGEPW
* MOTD (*)
* MIME (*)
* LANGUAGE (*)
h3. Administration of principals (kadmin - see the protocol in the references below for command descriptions, syntax and responses)
* ADD-PRINCIPAL
* DELETE-PRINCIPAL
* RENAME-PRINCIPAL
* MODIFY-PRINCIPAL
* OTHER-CHANGEPW
* OTHER-RANDOM-CHANGEPW
* INQUIRE-PRINCIPAL
* EXTRACT-KEY (*+)
* ADD-KEY (+)
* DELETE-KEY (+)
h2. References:
RFC4120 - [The Kerberos Network Authentication Service (V5)|http://www.ietf.org/rfc/rfc4120.txt]
RFC3244 - [Microsoft Windows 2000 Kerberos Change Password and Set Password Protocols|http://www.ietf.org/rfc/rfc3244.txt]
kadmin.protocol - [A Proposal for a Standardized Kerberos Password Changing Protocol|http://web.mit.edu/kerberos/www/krb5-1.3/krb5-1.3.1/doc/kadmin/kadmin.protocol]
kpasswd.protocol - [A Proposal for a Standardized Kerberos Password Changing Protocol|http://web.mit.edu/kerberos/www/krb5-1.3/krb5-1.3.1/doc/kadmin/kpasswd.protocol]
> Provide Kerberos client
> -----------------------
>
> Key: DIRKRB-4
> URL: https://issues.apache.org/jira/browse/DIRKRB-4
> Project: Directory Kerberos
> Issue Type: New Feature
> Reporter: Enrique Rodriguez
> Assignee: Enrique Rodriguez
> Priority: Minor
> Fix For: 2.0.0-RC2
>
>
> We could really use our own Kerberos client library. We have a lot of the necessary code in kerberos-shared. We would use this for:
> o Integration tests
> o Experimental pre-authentication types
> o Experimental authorization mechanisms
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira