You are viewing a plain text version of this content. The canonical link for it is here.
Posted to kerby@directory.apache.org by "Zheng, Kai" <ka...@intel.com> on 2015/08/03 16:58:02 UTC
RE: RE: state of KDC
I just thought of another two items to do for the release. They came to my mind during related discussions.
1. Double check all the left issues/JIRAs. If not must to have, we can retarget them for 1.0.0-rc2, 1.0.0, and 2.0.0 accordingly.
2. Mavibot backend, it still relying on SNAPSHOT version of Mavibot. If sounds good, how about retargeting it for 1.0.0, and move it out of the release?
Kiran, would you comment on this? Thanks.
Regards,
Kai
-----Original Message-----
From: Lin Chen [mailto:linchen7@foxmail.com]
Sent: Friday, July 31, 2015 3:23 PM
To: kerby
Subject: Re: RE: state of KDC
Great summary, thanks Jiajia!
In the month, we mostly done some refining works to make kerby more complete. And +1 for releasing when the remaining things listed as TODOs done.
Thanks,
Lin
------------------ Original ------------------
From: "zhengkai";<ka...@intel.com>;
Date: Thu, Jul 30, 2015 02:59 PM
To: "kerby@directory.apache.org"<ke...@directory.apache.org>;
Subject: RE: state of KDC
Thanks Jiajia for the nice status!
+1 to cut the 1.0.0-rc1 release when get the TODO items done.
Regards,
Kai
-----Original Message-----
From: Li, Jiajia [mailto:jiajia.li@intel.com]
Sent: Thursday, July 30, 2015 12:52 PM
To: kerby@directory.apache.org
Subject: RE: state of KDC
Kerby Status Summary
>From July 3 to July 30, 60+ JIRA features were resolved, including following features:
1. Add checkstyle plugin and fix all the checking style issues
2. Add findbugs plugin and fix findbugs issues
3. Add application server and client using GSSAPI/KRB to authenticate mutually
4. Add some SASL tests using real application client and server
5. Add the eclipse formatting rules
6. Extract cache facility from abstract class into a separate backend
7. Refine the kdc-dist, tool-dist and kerby-kdc package
8. Removing page and sort search in the backend
9. Add some scripts for windows
10. Add some logs and binding Log4j with SLF4j
11. Promote kerby-config and kerby-util as top level modules
12. Add the kdcinit tool, allows an administrator to perform procedures on the KDC backend
13. Add the authentication for kadmin tool before any operations
14. Add the end to end test for the token mechanism
15. Update the website and github readmes
TODO(before the first release)
1. Update building the website(include download content) 2. Update the admin guide and user guide.
3. Complete the java doc of important APIs
Would you let me know if you think some important features need to be done before the release.
And could we think about how and when to cut a first release(1.0.0-RC1)?
Thanks
Jiajia
-----Original Message-----
From: Li, Jiajia [mailto:jiajia.li@intel.com]
Sent: Friday, July 03, 2015 4:02 PM
To: kerby@directory.apache.org
Subject: RE: state of KDC
Refine the format for easying reading.
Kerby Status Summary
Supported(done and almost done):
1. Kerberos library:
a) KrbClient API
b) KDC server API
c) Kadmin API
d) Credential cache and keytab utilities
2. Provides a standalone KDC server .
3. Supports various identity backends including:
a) MemoryIdentityBackend
b) JsonIdentityBackend
c) LdapIdentityBackend
d) ZookeeperIdentityBackend
e) MavibotBackend.
4. Provides an embedded KDC server named SimpleKdcServer that applications can easily integrate into products, unit tests or integration tests.
5. Supports FAST/Preauthentication framework to allow popular and useful authentication mechanisms.
6. Supports Token Preauth mechanism to allow clients to request tickets using JWT tokens.
7. Client can request a TGT with:
a) User plain password credential
b) User keyTab
c) User token credential
8. Client can request a service ticket with:
a) user TGT credential for a server
b) user AccessToken credential for a server
9. Network support including UDP and TCP transport with two implementations:
a) Default implementation based on the JRE without depending on other libraries.
b) Netty based implementation for better throughput, lower latency.
10. Tools:
a) kadmin: Command-line interfaces to the Kerby administration system.
b) kinit: Obtains and caches an initial ticket-granting ticket for principal.
c) klist: Lists the Kerby principal and tickets held in a credentials cache, or the keys held in a keytab file.
11. Provides support for JAAS, GSSAPI and SASL frameworks that applications can leverage the authentication mechanisms provided by Kerby.
In progress:
1. Supports PKINIT mechanism to allow clients to request tickets using x509 certificate credentials. (50% is finished)
2. Server scripts for Kerby KDC.
3. Building support: checking style and find bugs.
4. Integration and compatible tests.
5. Building the web site.
Plan to do:
1. Supports OTP mechanism to allow clients to request tickets using One Time Password.
2. Consolidate the existing Change Password protocol implementation.
3. REST representation for Kadmin interface.
4. Implement remote mode kadmin tool based on Kadmin REST API
5. Web management console to simplify the configuration and management
6. Write the admin guide and user guide.
7. Implementing cross-realm support.
Please look at here https://github.com/apache/directory-kerby for details.
Thanks
Jiajia
-----Original Message-----
From: Li, Jiajia [mailto:jiajia.li@intel.com]
Sent: Friday, July 03, 2015 3:43 PM
To: kerby@directory.apache.org
Subject: RE: state of KDC
Kerby Status Summary
Supported(done and almost done):
1. Kerberos library:
KrbClient API
KDC server API
Kadmin API
Credential cache and keytab utilities
2. Provides a standalone KDC server .
3. Supports various identity backends including:
a) MemoryIdentityBackend
b) JsonIdentityBackend
c) LdapIdentityBackend
d) ZookeeperIdentityBackend
e) MavibotBackend.
4. Provides an embedded KDC server named SimpleKdcServer that applications can easily integrate into products, unit tests or integration tests.
5. Supports FAST/Preauthentication framework to allow popular and useful authentication mechanisms.
6. Supports Token Preauth mechanism to allow clients to request tickets using JWT tokens.
7. Client can request a TGT with:
a) User plain password credential
b) User keyTab
c) User token credential
8. Client can request a service ticket with:
a) user TGT credential for a server
b) user AccessToken credential for a server
9. Network support including UDP and TCP transport with two implementations:
a) Default implementation based on the JRE without depending on other libraries.
b) Netty based implementation for better throughput, lower latency.
10. Tools:
a) kadmin: Command-line interfaces to the Kerby administration system.
b) kinit: Obtains and caches an initial ticket-granting ticket for principal.
c) klist: Lists the Kerby principal and tickets held in a credentials cache, or the keys held in a keytab file.
11. Provides support for JAAS, GSSAPI and SASL frameworks that applications can leverage the authentication mechanisms provided by Kerby.
In progress:
1. Supports PKINIT mechanism to allow clients to request tickets using x509 certificate credentials. (50% is finished)
2. Server scripts for Kerby KDC.
3. Building support: checking style and find bugs.
4. Integration and compatible tests.
5. Building the web site.
Plan to do:
1. Supports OTP mechanism to allow clients to request tickets using One Time Password.
2. Consolidate the existing Change Password protocol implementation.
3. REST representation for Kadmin interface.
4. Implement remote mode kadmin tool based on Kadmin REST API
5. Web management console to simplify the configuration and management
6. Write the admin guide and user guide.
7. Implementing cross-realm support.
Please look at here https://github.com/apache/directory-kerby for details.
Thanks
Jiajia
-----Original Message-----
From: Kiran Ayyagari [mailto:kayyagari@apache.org]
Sent: Friday, July 03, 2015 11:33 AM
To: kerby@directory.apache.org
Subject: state of KDC
Can anyone summarize what our KDC can and cannot do?
I want to know what features are currently supported and what not and what are in progress.
thank you
--
Kiran Ayyagari
http://keydap.com
RE: state of KDC
Posted by "Zheng, Kai" <ka...@intel.com>.
Thank you Kiran!
-----Original Message-----
From: Kiran Ayyagari [mailto:kayyagari@apache.org]
Sent: Wednesday, August 05, 2015 10:15 AM
To: kerby@directory.apache.org
Subject: Re: state of KDC
On Wed, Aug 5, 2015 at 8:58 AM, Zheng, Kai <ka...@intel.com> wrote:
> Kiran,
>
> Could I know when we would cut the Mavibot release? Thanks.
>
I can cut it during this weekend and it should be available in Maven repo next week.
>
> Regards,
> Kai
>
> -----Original Message-----
> From: Zheng, Kai [mailto:kai.zheng@intel.com]
> Sent: Tuesday, August 04, 2015 11:37 AM
> To: kerby@directory.apache.org
> Subject: RE: state of KDC
>
> Thanks Emmanuel and Kiran for the discussion.
> Yes it would be great if we can cut a Mavibot release (even milestone)
> and get the Mavibot backend ready for the Kerby release.
>
> Regards,
> Kai
>
> -----Original Message-----
> From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> Sent: Tuesday, August 04, 2015 10:27 AM
> To: kerby@directory.apache.org
> Subject: Re: state of KDC
>
> On Mon, Aug 3, 2015 at 11:31 PM, Emmanuel Lécharny
> <el...@gmail.com>
> wrote:
>
> > Le 03/08/15 16:58, Zheng, Kai a écrit :
> > > I just thought of another two items to do for the release. They
> > > came to
> > my mind during related discussions.
> > > 1. Double check all the left issues/JIRAs. If not must to have, we
> > > can
> > retarget them for 1.0.0-rc2, 1.0.0, and 2.0.0 accordingly.
> > > 2. Mavibot backend, it still relying on SNAPSHOT version of Mavibot.
> > > If
> > sounds good, how about retargeting it for 1.0.0, and move it out of
> > the release?
> > >
> > > Kiran, would you comment on this? Thanks.
> > We can cut a release of Mavibot, but it will be a Milstone, not a RC.
> > In
> >
> we can cut a release
>
> > any case, if needed, we can either discard the Mavobot backend, or
> > if we have a RC for Mavinot, use it.
> >
> > IMHO mavibot backend is a must, cause this is the only embeddable
> > simple
> persisting <K,V> store
> present in Kerby, the other stores are either in-memory or run in a
> separate process.
>
> --
> Kiran Ayyagari
> http://keydap.com
>
--
Kiran Ayyagari
http://keydap.com
Re: state of KDC
Posted by Kiran Ayyagari <ka...@apache.org>.
On Wed, Aug 5, 2015 at 8:58 AM, Zheng, Kai <ka...@intel.com> wrote:
> Kiran,
>
> Could I know when we would cut the Mavibot release? Thanks.
>
I can cut it during this weekend and it should be available in Maven repo
next week.
>
> Regards,
> Kai
>
> -----Original Message-----
> From: Zheng, Kai [mailto:kai.zheng@intel.com]
> Sent: Tuesday, August 04, 2015 11:37 AM
> To: kerby@directory.apache.org
> Subject: RE: state of KDC
>
> Thanks Emmanuel and Kiran for the discussion.
> Yes it would be great if we can cut a Mavibot release (even milestone) and
> get the Mavibot backend ready for the Kerby release.
>
> Regards,
> Kai
>
> -----Original Message-----
> From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> Sent: Tuesday, August 04, 2015 10:27 AM
> To: kerby@directory.apache.org
> Subject: Re: state of KDC
>
> On Mon, Aug 3, 2015 at 11:31 PM, Emmanuel Lécharny <el...@gmail.com>
> wrote:
>
> > Le 03/08/15 16:58, Zheng, Kai a écrit :
> > > I just thought of another two items to do for the release. They came
> > > to
> > my mind during related discussions.
> > > 1. Double check all the left issues/JIRAs. If not must to have, we
> > > can
> > retarget them for 1.0.0-rc2, 1.0.0, and 2.0.0 accordingly.
> > > 2. Mavibot backend, it still relying on SNAPSHOT version of Mavibot.
> > > If
> > sounds good, how about retargeting it for 1.0.0, and move it out of
> > the release?
> > >
> > > Kiran, would you comment on this? Thanks.
> > We can cut a release of Mavibot, but it will be a Milstone, not a RC.
> > In
> >
> we can cut a release
>
> > any case, if needed, we can either discard the Mavobot backend, or if
> > we have a RC for Mavinot, use it.
> >
> > IMHO mavibot backend is a must, cause this is the only embeddable
> > simple
> persisting <K,V> store
> present in Kerby, the other stores are either in-memory or run in a
> separate process.
>
> --
> Kiran Ayyagari
> http://keydap.com
>
--
Kiran Ayyagari
http://keydap.com
RE: state of KDC
Posted by "Zheng, Kai" <ka...@intel.com>.
Kiran,
Could I know when we would cut the Mavibot release? Thanks.
Regards,
Kai
-----Original Message-----
From: Zheng, Kai [mailto:kai.zheng@intel.com]
Sent: Tuesday, August 04, 2015 11:37 AM
To: kerby@directory.apache.org
Subject: RE: state of KDC
Thanks Emmanuel and Kiran for the discussion.
Yes it would be great if we can cut a Mavibot release (even milestone) and get the Mavibot backend ready for the Kerby release.
Regards,
Kai
-----Original Message-----
From: Kiran Ayyagari [mailto:kayyagari@apache.org]
Sent: Tuesday, August 04, 2015 10:27 AM
To: kerby@directory.apache.org
Subject: Re: state of KDC
On Mon, Aug 3, 2015 at 11:31 PM, Emmanuel Lécharny <el...@gmail.com>
wrote:
> Le 03/08/15 16:58, Zheng, Kai a écrit :
> > I just thought of another two items to do for the release. They came
> > to
> my mind during related discussions.
> > 1. Double check all the left issues/JIRAs. If not must to have, we
> > can
> retarget them for 1.0.0-rc2, 1.0.0, and 2.0.0 accordingly.
> > 2. Mavibot backend, it still relying on SNAPSHOT version of Mavibot.
> > If
> sounds good, how about retargeting it for 1.0.0, and move it out of
> the release?
> >
> > Kiran, would you comment on this? Thanks.
> We can cut a release of Mavibot, but it will be a Milstone, not a RC.
> In
>
we can cut a release
> any case, if needed, we can either discard the Mavobot backend, or if
> we have a RC for Mavinot, use it.
>
> IMHO mavibot backend is a must, cause this is the only embeddable
> simple
persisting <K,V> store
present in Kerby, the other stores are either in-memory or run in a separate process.
--
Kiran Ayyagari
http://keydap.com
RE: state of KDC
Posted by "Zheng, Kai" <ka...@intel.com>.
Thanks Emmanuel and Kiran for the discussion.
Yes it would be great if we can cut a Mavibot release (even milestone) and get the Mavibot backend ready for the Kerby release.
Regards,
Kai
-----Original Message-----
From: Kiran Ayyagari [mailto:kayyagari@apache.org]
Sent: Tuesday, August 04, 2015 10:27 AM
To: kerby@directory.apache.org
Subject: Re: state of KDC
On Mon, Aug 3, 2015 at 11:31 PM, Emmanuel Lécharny <el...@gmail.com>
wrote:
> Le 03/08/15 16:58, Zheng, Kai a écrit :
> > I just thought of another two items to do for the release. They came
> > to
> my mind during related discussions.
> > 1. Double check all the left issues/JIRAs. If not must to have, we
> > can
> retarget them for 1.0.0-rc2, 1.0.0, and 2.0.0 accordingly.
> > 2. Mavibot backend, it still relying on SNAPSHOT version of Mavibot.
> > If
> sounds good, how about retargeting it for 1.0.0, and move it out of
> the release?
> >
> > Kiran, would you comment on this? Thanks.
> We can cut a release of Mavibot, but it will be a Milstone, not a RC.
> In
>
we can cut a release
> any case, if needed, we can either discard the Mavobot backend, or if
> we have a RC for Mavinot, use it.
>
> IMHO mavibot backend is a must, cause this is the only embeddable
> simple
persisting <K,V> store
present in Kerby, the other stores are either in-memory or run in a separate process.
--
Kiran Ayyagari
http://keydap.com
Re: state of KDC
Posted by Kiran Ayyagari <ka...@apache.org>.
On Mon, Aug 3, 2015 at 11:31 PM, Emmanuel Lécharny <el...@gmail.com>
wrote:
> Le 03/08/15 16:58, Zheng, Kai a écrit :
> > I just thought of another two items to do for the release. They came to
> my mind during related discussions.
> > 1. Double check all the left issues/JIRAs. If not must to have, we can
> retarget them for 1.0.0-rc2, 1.0.0, and 2.0.0 accordingly.
> > 2. Mavibot backend, it still relying on SNAPSHOT version of Mavibot. If
> sounds good, how about retargeting it for 1.0.0, and move it out of the
> release?
> >
> > Kiran, would you comment on this? Thanks.
> We can cut a release of Mavibot, but it will be a Milstone, not a RC. In
>
we can cut a release
> any case, if needed, we can either discard the Mavobot backend, or if we
> have a RC for Mavinot, use it.
>
> IMHO mavibot backend is a must, cause this is the only embeddable simple
persisting <K,V> store
present in Kerby, the other stores are either in-memory or run in a
separate process.
--
Kiran Ayyagari
http://keydap.com
Re: state of KDC
Posted by Emmanuel Lécharny <el...@gmail.com>.
Le 03/08/15 16:58, Zheng, Kai a écrit :
> I just thought of another two items to do for the release. They came to my mind during related discussions.
> 1. Double check all the left issues/JIRAs. If not must to have, we can retarget them for 1.0.0-rc2, 1.0.0, and 2.0.0 accordingly.
> 2. Mavibot backend, it still relying on SNAPSHOT version of Mavibot. If sounds good, how about retargeting it for 1.0.0, and move it out of the release?
>
> Kiran, would you comment on this? Thanks.
We can cut a release of Mavibot, but it will be a Milstone, not a RC. In
any case, if needed, we can either discard the Mavobot backend, or if we
have a RC for Mavinot, use it.