You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Steve Moyer (JIRA)" <ji...@apache.org> on 2013/04/16 18:13:16 UTC

[jira] [Commented] (DIRKRB-4) Provide Kerberos client

    [ https://issues.apache.org/jira/browse/DIRKRB-4?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13632951#comment-13632951 ] 

Steve Moyer commented on DIRKRB-4:
----------------------------------

h1. Preliminary (light-weight) specifications for a cross-platform client:

h2. Server support

The Kerberos Client shall support the following servers:

* Active Directory Kerberos server
* Apache Directory Server Kerberos server
* Heimdal Kerberos server
* MIT Kerberos server

h2. Client functionality

The client functionality shall be available from the KerberosClient class.  It's functions shall be divided into the following three categories:

* Authentication
* Self-serve password changing (kpasswd)
* Administration of principals (kadmin)

Each of these categories provide the functions listed in the sections below.

h3. Authentication

* Authenticate
* Get TGT
* Get TGS

h3. Self-serve password changing (kpasswd - see the protocol in the references below for command description, syntax and responses)

* QUIT
* CHECKPW
* CHANGEPW
* MOTD (*)
* MIME (*)
* LANGUAGE (*)

h3. Administration of principals (kadmin - see the protocol in the references below for command descriptions, syntax and responses)

* ADD-PRINCIPAL
* DELETE-PRINCIPAL
* RENAME-PRINCIPAL
* MODIFY-PRINCIPAL
* OTHER-CHANGEPW
* OTHER-RANDOM-CHANGEPW
* INQUIRE-PRINCIPAL
* EXTRACT-KEY		(*+)
* ADD-KEY			(+)
* DELETE-KEY		(+)

h2. References:

RFC4120 - [The Kerberos Network Authentication Service (V5)|http://www.ietf.org/rfc/rfc4120.txt]
RFC3244 - [Microsoft Windows 2000 Kerberos Change Password and Set Password Protocols|http://www.ietf.org/rfc/rfc3244.txt]
kadmin.protocol - [A Proposal for a Standardized Kerberos Password Changing Protocol|http://web.mit.edu/kerberos/www/krb5-1.3/krb5-1.3.1/doc/kadmin/kadmin.protocol]
kpasswd.protocol - [A Proposal for a Standardized Kerberos Password Changing Protocol|http://web.mit.edu/kerberos/www/krb5-1.3/krb5-1.3.1/doc/kadmin/kpasswd.protocol]
                
> Provide Kerberos client
> -----------------------
>
>                 Key: DIRKRB-4
>                 URL: https://issues.apache.org/jira/browse/DIRKRB-4
>             Project: Directory Kerberos
>          Issue Type: New Feature
>            Reporter: Enrique Rodriguez
>            Assignee: Enrique Rodriguez
>            Priority: Minor
>             Fix For: 2.0.0-RC2
>
>
> We could really use our own Kerberos client library.  We have a lot of the necessary code in kerberos-shared.  We would use this for:
> o  Integration tests
> o  Experimental pre-authentication types
> o  Experimental authorization mechanisms

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira