You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Stefan Seelmann (JIRA)" <ji...@apache.org> on 2009/08/10 13:19:15 UTC
[jira] Commented: (DIRSTUDIO-262) Improve SASL authentication
[ https://issues.apache.org/jira/browse/DIRSTUDIO-262?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12741264#action_12741264 ]
Stefan Seelmann commented on DIRSTUDIO-262:
-------------------------------------------
Partially fixed here: http://svn.apache.org/viewvc?rev=802731&view=rev:
It's possible to set advanced SASL parmeters:
- QoP (Quality of Protection)
- Protection Strength
- Mutual Authentication
Added GSSAPI/Kerberos authentication. There are some configurable settings in the connection properties:
- Credentials to use: Either use a native TGT (real SSO) or obtain a new TGT from KDC using principal and password.
- Kerberos configuration: Either use native configuration (/etc/krb5.conf) or specify a config file or enter the configuration parameters.
This makes it possible to authenticate to different KDCs, could be useful for test environments.
In Preferences->LDAP->Connections it is possible to activate configuration via System Properties to allow more special configuration.
Tested SASL QoP with ApacheDS and Active Directory
Tested GSSAPI authentication with
- Apache Directory KDC and LDAP Server using native TGT, obtained via kinit on Linux
- Acitve Directory using native TGT (added allowtgtsessionkey to registry)
- Active Directory by obtaining TGT within Studio
Open issues:
- Add more SASL parameters: AuthorizationID and buffer size
- Test with other Kerberos and LDAP servers (Heimdal/OpenLDAP, FreeIPA)
- Doesn't work with Apache Harmony
- User documentation
> Improve SASL authentication
> ---------------------------
>
> Key: DIRSTUDIO-262
> URL: https://issues.apache.org/jira/browse/DIRSTUDIO-262
> Project: Directory Studio
> Issue Type: Improvement
> Components: studio-connection
> Reporter: Stefan Seelmann
> Assignee: Christine Koppelt
> Priority: Minor
> Fix For: 1.5.0
>
>
> We could add some feature to the SASL authentication
> - DIGEST-MD5 qop options
> - a check if the current selected SASL mechanism is supported
> - GSSAPI as authentication mechanism
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.