You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dr...@apache.org on 2015/03/11 22:48:15 UTC
[02/14] directory-kerberos git commit: More refactoring
More refactoring
Project: http://git-wip-us.apache.org/repos/asf/directory-kerberos/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerberos/commit/79ab37e5
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerberos/tree/79ab37e5
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerberos/diff/79ab37e5
Branch: refs/heads/installation
Commit: 79ab37e5b9c53f4876b3412f7cacb131801c92e3
Parents: 97d0795
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Feb 10 17:02:56 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Feb 10 17:02:56 2015 +0000
----------------------------------------------------------------------
.../kerby/kerberos/kerb/client/KrbClient.java | 32 ++++++++---
.../kerby/kerberos/kerb/client/KrbOptions.java | 40 +++++++-------
.../kerb/client/preauth/PreauthContext.java | 4 +-
.../kerb/client/preauth/PreauthHandler.java | 9 ++--
.../kerb/client/preauth/UserResponser.java | 2 +-
.../src/main/resources/kdc-krb5.conf | 25 ---------
.../kerb-client/src/main/resources/kdc.ldiff | 46 ----------------
.../kerb-client/src/main/resources/krb5.conf | 57 --------------------
.../src/test/resources/kdc-krb5.conf | 25 +++++++++
.../kerb-client/src/test/resources/kdc.ldiff | 46 ++++++++++++++++
.../kerb-client/src/test/resources/krb5.conf | 57 ++++++++++++++++++++
.../kerb/identity/ComplexAttribute.java | 2 +-
.../kerby/kerberos/kerb/identity/Identity.java | 4 +-
.../kerberos/kerb/identity/KrbIdentity.java | 4 +-
.../backend/InMemoryIdentityBackend.java | 2 +-
.../kerby/kerberos/kerb/server/KdcConfig.java | 8 +--
.../kerberos/kerb/server/KdcConfigKey.java | 4 +-
.../kerby/kerberos/kerb/server/KdcServer.java | 12 ++---
.../server/preauth/pkinit/PkinitPreauth.java | 2 +-
.../kerb/server/replay/RequestRecord.java | 24 ++++++---
.../kerb/server/replay/SimpleCacheService.java | 2 +-
.../kerb-server/src/main/resources/kdc.conf | 51 ------------------
.../kerby/kerberos/kerb/server/KdcTest.java | 22 +++++++-
.../kerberos/kerb/server/TestKdcConfigLoad.java | 4 +-
.../kerb-server/src/test/resources/kdc.conf | 51 ++++++++++++++++++
25 files changed, 291 insertions(+), 244 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/79ab37e5/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClient.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClient.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClient.java
index 55e9b60..b5521e7 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClient.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClient.java
@@ -141,7 +141,9 @@ public class KrbClient {
* @throws KrbException
*/
public TgtTicket requestTgtTicket(String principal, KrbOptions options) throws KrbException {
- if (options == null) options = new KrbOptions();
+ if (options == null) {
+ options = new KrbOptions();
+ }
AsRequest asRequest = new AsRequest(context);
asRequest.setKrbOptions(options);
@@ -158,7 +160,9 @@ public class KrbClient {
*/
public TgtTicket requestTgtTicket(String principal, String password,
KrbOptions options) throws KrbException {
- if (options == null) options = new KrbOptions();
+ if (options == null) {
+ options = new KrbOptions();
+ }
AsRequest asRequest = new AsRequestWithPasswd(context);
options.add(KrbOption.USER_PASSWD, password);
@@ -177,7 +181,9 @@ public class KrbClient {
*/
public TgtTicket requestTgtTicket(String principal, Certificate certificate,
PrivateKey privateKey, KrbOptions options) throws KrbException {
- if (options == null) options = new KrbOptions();
+ if (options == null) {
+ options = new KrbOptions();
+ }
AsRequestWithCert asRequest = new AsRequestWithCert(context);
options.add(KrbOption.PKINIT_X509_CERTIFICATE, certificate);
@@ -193,7 +199,9 @@ public class KrbClient {
* @throws KrbException
*/
public TgtTicket requestTgtTicket(KrbOptions options) throws KrbException {
- if (options == null) options = new KrbOptions();
+ if (options == null) {
+ options = new KrbOptions();
+ }
AsRequestWithCert asRequest = new AsRequestWithCert(context);
options.add(KrbOption.PKINIT_X509_ANONYMOUS);
@@ -213,7 +221,9 @@ public class KrbClient {
*/
public TgtTicket requestTgtTicket(String principal, KerbToken token,
KrbOptions options) throws KrbException {
- if (options == null) options = new KrbOptions();
+ if (options == null) {
+ options = new KrbOptions();
+ }
AsRequestWithToken asRequest = new AsRequestWithToken(context);
options.add(KrbOption.TOKEN_USER_ID_TOKEN, token);
@@ -232,7 +242,9 @@ public class KrbClient {
*/
public ServiceTicket requestServiceTicket(String clientPrincipal, String password,
String serverPrincipal, KrbOptions options) throws KrbException {
- if (options == null) options = new KrbOptions();
+ if (options == null) {
+ options = new KrbOptions();
+ }
TgtTicket tgt = requestTgtTicket(clientPrincipal, password, options);
return requestServiceTicket(tgt, serverPrincipal, options);
@@ -249,7 +261,9 @@ public class KrbClient {
*/
public ServiceTicket requestServiceTicket(String clientPrincipal, KerbToken token,
String serverPrincipal, KrbOptions options) throws KrbException {
- if (options == null) options = new KrbOptions();
+ if (options == null) {
+ options = new KrbOptions();
+ }
TgtTicket tgt = requestTgtTicket(clientPrincipal, token, options);
return requestServiceTicket(tgt, serverPrincipal, options);
@@ -299,7 +313,9 @@ public class KrbClient {
*/
public ServiceTicket requestServiceTicket(TgtTicket tgt, String serverPrincipal,
KrbOptions options) throws KrbException {
- if (options == null) options = new KrbOptions();
+ if (options == null) {
+ options = new KrbOptions();
+ }
TgsRequest ticketReq = new TgsRequest(context, tgt);
ticketReq.setServerPrincipal(new PrincipalName(serverPrincipal));
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/79ab37e5/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbOptions.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbOptions.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbOptions.java
index 06bd361..b3333ca 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbOptions.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbOptions.java
@@ -24,7 +24,7 @@ import java.util.Map;
public class KrbOptions {
- private Map<KrbOption, KrbOption> options = new HashMap<KrbOption, KrbOption>(4);
+ private final Map<KrbOption, KrbOption> options = new HashMap<KrbOption, KrbOption>(4);
public void add(KrbOption option) {
if (option != null) {
@@ -33,8 +33,10 @@ public class KrbOptions {
}
public void add(KrbOption option, Object optionValue) {
- option.setValue(optionValue);
- add(option);
+ if (option != null) {
+ option.setValue(optionValue);
+ add(option);
+ }
}
public boolean contains(KrbOption option) {
@@ -58,7 +60,7 @@ public class KrbOptions {
public String getStringOption(KrbOption option) {
Object value = getOptionValue(option);
- if (value != null && value instanceof String) {
+ if (value instanceof String) {
return (String) value;
}
return null;
@@ -66,30 +68,26 @@ public class KrbOptions {
public boolean getBooleanOption(KrbOption option) {
Object value = getOptionValue(option);
- if (value != null) {
- if (value instanceof String) {
- String strVal = (String) value;
- if (strVal.equalsIgnoreCase("true") ||
- strVal.equalsIgnoreCase("yes") ||
- strVal.equals("1")) {
- return true;
- }
- } else if (value instanceof Boolean) {
- return (Boolean) value;
+ if (value instanceof String) {
+ String strVal = (String) value;
+ if (strVal.equalsIgnoreCase("true") ||
+ strVal.equalsIgnoreCase("yes") ||
+ strVal.equals("1")) {
+ return true;
}
+ } else if (value instanceof Boolean) {
+ return (Boolean) value;
}
return false;
}
public int getIntegerOption(KrbOption option) {
Object value = getOptionValue(option);
- if (value != null) {
- if (value instanceof String) {
- String strVal = (String) value;
- return Integer.valueOf(strVal);
- } else if (value instanceof Integer) {
- return (Integer) value;
- }
+ if (value instanceof String) {
+ String strVal = (String) value;
+ return Integer.valueOf(strVal);
+ } else if (value instanceof Integer) {
+ return (Integer) value;
}
return -1;
}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/79ab37e5/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/PreauthContext.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/PreauthContext.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/PreauthContext.java
index aa943e4..e622103 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/PreauthContext.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/PreauthContext.java
@@ -34,8 +34,8 @@ public class PreauthContext {
private UserResponser userResponser = new UserResponser();
private PaDataType selectedPaType;
private PaDataType allowedPaType;
- private List<PaDataType> triedPaTypes = new ArrayList<PaDataType>(1);
- private List<PreauthHandle> handles = new ArrayList<PreauthHandle>(5);
+ private final List<PaDataType> triedPaTypes = new ArrayList<PaDataType>(1);
+ private final List<PreauthHandle> handles = new ArrayList<PreauthHandle>(5);
public PreauthContext() {
this.selectedPaType = PaDataType.NONE;
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/79ab37e5/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/PreauthHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/PreauthHandler.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/PreauthHandler.java
index 39fe3a8..319179e 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/PreauthHandler.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/PreauthHandler.java
@@ -158,7 +158,7 @@ public class PreauthHandler {
for (PaDataEntry pae : inPadata.getElements()) {
// Restrict real mechanisms to the chosen one if we have one
- if (real >0 && !preauthContext.isPaTypeAllowed(pae.getPaDataType())) {
+ if (real > 0 && !preauthContext.isPaTypeAllowed(pae.getPaDataType())) {
continue;
}
@@ -190,10 +190,11 @@ public class PreauthHandler {
PaData inPadata, PaData outPadata) {
PreauthContext preauthContext = kdcRequest.getPreauthContext();
- PreauthHandle handle;
for (PaDataEntry pae : inPadata.getElements()) {
- handle = findHandle(kdcRequest, pae.getPaDataType());
- if (handle == null) continue;
+ PreauthHandle handle = findHandle(kdcRequest, pae.getPaDataType());
+ if (handle == null) {
+ continue;
+ }
boolean gotData = handle.tryAgain(kdcRequest,
pae.getPaDataType(), preauthContext.getErrorPaData(), outPadata);
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/79ab37e5/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/UserResponser.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/UserResponser.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/UserResponser.java
index 695e111..eeaad10 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/UserResponser.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/UserResponser.java
@@ -24,7 +24,7 @@ import java.util.List;
public class UserResponser {
- private List<UserResponseItem> items = new ArrayList<UserResponseItem>(1);
+ private final List<UserResponseItem> items = new ArrayList<UserResponseItem>(1);
/**
* Let customize an interface like CMD or WEB UI to selectively respond all the questions
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/79ab37e5/kerby-kerb/kerb-client/src/main/resources/kdc-krb5.conf
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/resources/kdc-krb5.conf b/kerby-kerb/kerb-client/src/main/resources/kdc-krb5.conf
deleted file mode 100644
index d118dd1..0000000
--- a/kerby-kerb/kerb-client/src/main/resources/kdc-krb5.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-[libdefaults]
- default_realm = {0}
- udp_preference_limit = 1
-
-[realms]
- {0} = '{'
- kdc = {1}:{2}
- '}'
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/79ab37e5/kerby-kerb/kerb-client/src/main/resources/kdc.ldiff
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/resources/kdc.ldiff b/kerby-kerb/kerb-client/src/main/resources/kdc.ldiff
deleted file mode 100644
index bc989c3..0000000
--- a/kerby-kerb/kerb-client/src/main/resources/kdc.ldiff
+++ /dev/null
@@ -1,46 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-dn: ou=users,dc=${0},dc=${1}
-objectClass: organizationalUnit
-objectClass: top
-ou: users
-
-dn: uid=krbtgt,ou=users,dc=${0},dc=${1}
-objectClass: top
-objectClass: person
-objectClass: inetOrgPerson
-objectClass: krb5principal
-objectClass: krb5kdcentry
-cn: KDC Service
-sn: Service
-uid: krbtgt
-userPassword: secret
-krb5PrincipalName: krbtgt/${2}.${3}@${2}.${3}
-krb5KeyVersionNumber: 0
-
-dn: uid=ldap,ou=users,dc=${0},dc=${1}
-objectClass: top
-objectClass: person
-objectClass: inetOrgPerson
-objectClass: krb5principal
-objectClass: krb5kdcentry
-cn: LDAP
-sn: Service
-uid: ldap
-userPassword: secret
-krb5PrincipalName: ldap/${4}@${2}.${3}
-krb5KeyVersionNumber: 0
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/79ab37e5/kerby-kerb/kerb-client/src/main/resources/krb5.conf
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/resources/krb5.conf b/kerby-kerb/kerb-client/src/main/resources/krb5.conf
deleted file mode 100644
index 4222475..0000000
--- a/kerby-kerb/kerb-client/src/main/resources/krb5.conf
+++ /dev/null
@@ -1,57 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-[libdefaults]
- default_realm = KRB.COM
- dns_lookup_kdc = false
- dns_lookup_realm = false
- allow_weak_crypto = true
- ticket_lifetime = 86400
- renew_lifetime = 604800
- forwardable = true
- permitted_enctypes = des-cbc-crc aes128-cts-hmac-sha1-96
- clockskew = 300
- proxiable = true
- default_tgs_enctypes = des-cbc-crc
- default_tkt_enctypes = des-cbc-crc
-[realms]
-# ATHENA.MIT.EDU = {
-# admin_server = KERBEROS.MIT.EDU
-# default_domain = MIT.EDU
-# v4_instance_convert = {
-# mit = mit.edu
-# lithium = lithium.lcs.mit.edu
-# }
-# }
-# ANDREW.CMU.EDU = {
-# admin_server = vice28.fs.andrew.cmu.edu
-# }
-# GNU.ORG = {
-# kdc = kerberos.gnu.org
-# kdc = kerberos-2.gnu.org
-# admin_server = kerberos.gnu.org
-# }
-[domain_realm]
- .mit.edu = ATHENA.MIT.EDU
- mit.edu = ATHENA.MIT.EDU
- .media.mit.edu = MEDIA-LAB.MIT.EDU
- media.mit.edu = MEDIA-LAB.MIT.EDU
- .ucsc.edu = CATS.UCSC.EDU
-[logging]
- default = FILE:/var/log/krb5libs.log
- kdc = FILE:/var/log/krb5kdc.log
- admin_server = FILE:/var/log/kadmind.log
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/79ab37e5/kerby-kerb/kerb-client/src/test/resources/kdc-krb5.conf
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/test/resources/kdc-krb5.conf b/kerby-kerb/kerb-client/src/test/resources/kdc-krb5.conf
new file mode 100644
index 0000000..d118dd1
--- /dev/null
+++ b/kerby-kerb/kerb-client/src/test/resources/kdc-krb5.conf
@@ -0,0 +1,25 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+[libdefaults]
+ default_realm = {0}
+ udp_preference_limit = 1
+
+[realms]
+ {0} = '{'
+ kdc = {1}:{2}
+ '}'
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/79ab37e5/kerby-kerb/kerb-client/src/test/resources/kdc.ldiff
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/test/resources/kdc.ldiff b/kerby-kerb/kerb-client/src/test/resources/kdc.ldiff
new file mode 100644
index 0000000..bc989c3
--- /dev/null
+++ b/kerby-kerb/kerb-client/src/test/resources/kdc.ldiff
@@ -0,0 +1,46 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+dn: ou=users,dc=${0},dc=${1}
+objectClass: organizationalUnit
+objectClass: top
+ou: users
+
+dn: uid=krbtgt,ou=users,dc=${0},dc=${1}
+objectClass: top
+objectClass: person
+objectClass: inetOrgPerson
+objectClass: krb5principal
+objectClass: krb5kdcentry
+cn: KDC Service
+sn: Service
+uid: krbtgt
+userPassword: secret
+krb5PrincipalName: krbtgt/${2}.${3}@${2}.${3}
+krb5KeyVersionNumber: 0
+
+dn: uid=ldap,ou=users,dc=${0},dc=${1}
+objectClass: top
+objectClass: person
+objectClass: inetOrgPerson
+objectClass: krb5principal
+objectClass: krb5kdcentry
+cn: LDAP
+sn: Service
+uid: ldap
+userPassword: secret
+krb5PrincipalName: ldap/${4}@${2}.${3}
+krb5KeyVersionNumber: 0
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/79ab37e5/kerby-kerb/kerb-client/src/test/resources/krb5.conf
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/test/resources/krb5.conf b/kerby-kerb/kerb-client/src/test/resources/krb5.conf
new file mode 100644
index 0000000..4222475
--- /dev/null
+++ b/kerby-kerb/kerb-client/src/test/resources/krb5.conf
@@ -0,0 +1,57 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+[libdefaults]
+ default_realm = KRB.COM
+ dns_lookup_kdc = false
+ dns_lookup_realm = false
+ allow_weak_crypto = true
+ ticket_lifetime = 86400
+ renew_lifetime = 604800
+ forwardable = true
+ permitted_enctypes = des-cbc-crc aes128-cts-hmac-sha1-96
+ clockskew = 300
+ proxiable = true
+ default_tgs_enctypes = des-cbc-crc
+ default_tkt_enctypes = des-cbc-crc
+[realms]
+# ATHENA.MIT.EDU = {
+# admin_server = KERBEROS.MIT.EDU
+# default_domain = MIT.EDU
+# v4_instance_convert = {
+# mit = mit.edu
+# lithium = lithium.lcs.mit.edu
+# }
+# }
+# ANDREW.CMU.EDU = {
+# admin_server = vice28.fs.andrew.cmu.edu
+# }
+# GNU.ORG = {
+# kdc = kerberos.gnu.org
+# kdc = kerberos-2.gnu.org
+# admin_server = kerberos.gnu.org
+# }
+[domain_realm]
+ .mit.edu = ATHENA.MIT.EDU
+ mit.edu = ATHENA.MIT.EDU
+ .media.mit.edu = MEDIA-LAB.MIT.EDU
+ media.mit.edu = MEDIA-LAB.MIT.EDU
+ .ucsc.edu = CATS.UCSC.EDU
+[logging]
+ default = FILE:/var/log/krb5libs.log
+ kdc = FILE:/var/log/krb5kdc.log
+ admin_server = FILE:/var/log/kadmind.log
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/79ab37e5/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/ComplexAttribute.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/ComplexAttribute.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/ComplexAttribute.java
index d56bb66..7372c01 100644
--- a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/ComplexAttribute.java
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/ComplexAttribute.java
@@ -24,7 +24,7 @@ import java.util.Collections;
import java.util.List;
public class ComplexAttribute extends Attribute {
- private List<String> values;
+ private final List<String> values;
public ComplexAttribute(String name) {
super(name);
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/79ab37e5/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/Identity.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/Identity.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/Identity.java
index 18da5f8..59dcd92 100644
--- a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/Identity.java
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/Identity.java
@@ -23,7 +23,7 @@ import java.util.*;
public class Identity {
private String name;
- private Map<String, Attribute> attributes;
+ private final Map<String, Attribute> attributes;
public Identity(String name) {
this.name = name;
@@ -53,7 +53,7 @@ public class Identity {
public String getSimpleAttribute(String name) {
Attribute attr = attributes.get(name);
if (! (attr instanceof SimpleAttribute)) {
- throw new RuntimeException("Not simple attribute");
+ throw new RuntimeException("Not a simple attribute");
}
return ((SimpleAttribute) attr).getValue();
}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/79ab37e5/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/KrbIdentity.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/KrbIdentity.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/KrbIdentity.java
index 8acd430..6402248 100644
--- a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/KrbIdentity.java
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/KrbIdentity.java
@@ -33,8 +33,8 @@ public class KrbIdentity {
private PrincipalName principal;
private int keyVersion = 1;
private int kdcFlags = 0;
- private boolean disabled = false;
- private boolean locked = false;
+ private boolean disabled;
+ private boolean locked;
private KerberosTime expireTime = KerberosTime.NEVER;
private KerberosTime createdTime = KerberosTime.now();
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/79ab37e5/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/InMemoryIdentityBackend.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/InMemoryIdentityBackend.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/InMemoryIdentityBackend.java
index 3ef6140..d5e8738 100644
--- a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/InMemoryIdentityBackend.java
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/InMemoryIdentityBackend.java
@@ -28,7 +28,7 @@ import java.util.Map;
public class InMemoryIdentityBackend extends AbstractIdentityBackend {
- private Map<String, KrbIdentity> identities;
+ private final Map<String, KrbIdentity> identities;
public InMemoryIdentityBackend() {
this.identities = new HashMap<String, KrbIdentity>();
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/79ab37e5/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
index 86fc6ad..083a706 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
@@ -61,14 +61,14 @@ public class KdcConfig {
return conf.getString(KdcConfigKey.KDC_HOST);
}
- public short getKdcTcpPort() {
+ public int getKdcTcpPort() {
Integer kdcTcpPort = KrbConfHelper.getIntUnderSection(conf, KdcConfigKey.KDC_TCP_PORT);
- return kdcTcpPort.shortValue();
+ return kdcTcpPort.intValue();
}
- public short getKdcUdpPort() {
+ public int getKdcUdpPort() {
Integer kdcUdpPort = KrbConfHelper.getIntUnderSection(conf, KdcConfigKey.KDC_UDP_PORT);
- return kdcUdpPort.shortValue();
+ return kdcUdpPort.intValue();
}
public String getKdcRealm() {
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/79ab37e5/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java
index 6180698..0a1cbdf 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java
@@ -24,7 +24,7 @@ import org.apache.kerby.kerberos.kerb.common.SectionConfigKey;
public enum KdcConfigKey implements SectionConfigKey {
KRB_DEBUG(true),
WORK_DIR,
- KDC_SERVICE_NAME("Haox_KDC_Server"),
+ KDC_SERVICE_NAME("Kerby_KDC_Server"),
KDC_HOST("127.0.0.1"),
KDC_UDP_PORT(8016, "kdcdefaults"),
KDC_TCP_PORT(8015, "kdcdefaults"),
@@ -48,7 +48,7 @@ public enum KdcConfigKey implements SectionConfigKey {
KDC_MAX_DGRAM_REPLY_SIZE(4096, "kdcdefaults"),
//logging location
- //TODO: the default log location need to be determinded.
+ //TODO: the default log location need to be determined.
DEFAULT(null, "logging"),
KDC(null, "logging"),
ADMIN_SERVER(null, "logging");
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/79ab37e5/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java
index 320bac0..a0c514e 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java
@@ -28,12 +28,12 @@ import java.io.File;
public class KdcServer {
private String kdcHost;
- private short kdcTcpPort;
- private short kdcUdpPort;
+ private int kdcTcpPort;
+ private int kdcUdpPort;
private String kdcRealm;
private boolean started;
- private String serviceName = "HaoxKdc";
+ private String serviceName = "KerbyKdc";
private KdcHandler kdcHandler;
private EventHub eventHub;
@@ -91,14 +91,14 @@ public class KdcServer {
return kdcConfig.getKdcHost();
}
- private short getKdcTcpPort() {
+ private int getKdcTcpPort() {
if (kdcTcpPort > 0) {
return kdcTcpPort;
}
return kdcConfig.getKdcTcpPort();
}
- private short getKdcUdpPort() {
+ private int getKdcUdpPort() {
if (kdcUdpPort > 0) {
return kdcUdpPort;
}
@@ -109,7 +109,7 @@ public class KdcServer {
this.kdcHost = kdcHost;
}
- public void setKdcTcpPort(short kdcTcpPort) {
+ public void setKdcTcpPort(int kdcTcpPort) {
this.kdcTcpPort = kdcTcpPort;
}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/79ab37e5/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
index c383037..7ab8c1a 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
@@ -36,7 +36,7 @@ import java.util.Map;
public class PkinitPreauth extends AbstractPreauthPlugin {
- private Map<String, PkinitKdcContext> pkinitContexts;
+ private final Map<String, PkinitKdcContext> pkinitContexts;
public PkinitPreauth() {
super(new PkinitPreauthMeta());
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/79ab37e5/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/replay/RequestRecord.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/replay/RequestRecord.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/replay/RequestRecord.java
index 3708d18..0cafefa 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/replay/RequestRecord.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/replay/RequestRecord.java
@@ -34,15 +34,27 @@ public class RequestRecord {
@Override
public boolean equals(Object o) {
- if (this == o) return true;
- if (o == null || getClass() != o.getClass()) return false;
+ if (this == o) {
+ return true;
+ }
+ if (o == null || getClass() != o.getClass()) {
+ return false;
+ }
RequestRecord that = (RequestRecord) o;
- if (microseconds != that.microseconds) return false;
- if (requestTime != that.requestTime) return false;
- if (!clientPrincipal.equals(that.clientPrincipal)) return false;
- if (!serverPrincipal.equals(that.serverPrincipal)) return false;
+ if (microseconds != that.microseconds) {
+ return false;
+ }
+ if (requestTime != that.requestTime) {
+ return false;
+ }
+ if (!clientPrincipal.equals(that.clientPrincipal)) {
+ return false;
+ }
+ if (!serverPrincipal.equals(that.serverPrincipal)) {
+ return false;
+ }
return true;
}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/79ab37e5/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/replay/SimpleCacheService.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/replay/SimpleCacheService.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/replay/SimpleCacheService.java
index 96d95c1..90b27ec 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/replay/SimpleCacheService.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/replay/SimpleCacheService.java
@@ -23,7 +23,7 @@ import java.util.HashSet;
import java.util.Set;
public class SimpleCacheService implements CacheService {
- private Set<RequestRecord> requests;
+ private final Set<RequestRecord> requests;
public SimpleCacheService() {
requests = new HashSet<RequestRecord>();
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/79ab37e5/kerby-kerb/kerb-server/src/main/resources/kdc.conf
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/resources/kdc.conf b/kerby-kerb/kerb-server/src/main/resources/kdc.conf
deleted file mode 100644
index 8f286a1..0000000
--- a/kerby-kerb/kerb-server/src/main/resources/kdc.conf
+++ /dev/null
@@ -1,51 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-[logging]
- default = FILE:/var/log/krb5libs.log
- kdc = FILE:/var/log/krb5kdc.log
- admin_server = FILE:/var/log/kadmind.log
-
-[kdcdefaults]
- kdc_udp_port = 88
- kdc_tcp_port = 8014
- restrict_anonymous_to_tgt = true
- kdc_max_dgram_reply_size = 4096
-
-[realms]
-# ATHENA.MIT.EDU = {
-# kadmind_port = 749
-# max_life = 12h 0m 0s
-# max_renewable_life = 7d 0h 0m 0s
-# master_key_type = des3-hmac-sha1
-# supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal des-cbc-crc:v4
-# database_module = openldap_ldapconf
-# }
-
-[dbdefaults]
- ldap_kerberos_container_dn = cn=krbcontainer dc=mit dc=edu
-
-[dbmodules]
-# openldap_ldapconf = {
-# db_library = kldap
-# disable_last_success = true
-# ldap_kdc_dn = cn=krbadmin dc=mit,dc=edu
-# ldap_kadmind_dn = cn=krbadmin dc=mit dc=edu
-# ldap_service_password_file = /etc/kerberos/service.keyfile
-# ldap_servers = ldaps://kerberos.mit.edu
-# ldap_conns_per_server = 5
-# }
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/79ab37e5/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java b/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java
index c98c00d..9b276b4 100644
--- a/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java
+++ b/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java
@@ -25,6 +25,7 @@ import org.junit.Test;
import java.io.IOException;
import java.net.InetSocketAddress;
+import java.net.ServerSocket;
import java.net.SocketAddress;
import java.nio.ByteBuffer;
import java.nio.channels.SocketChannel;
@@ -32,7 +33,7 @@ import java.nio.channels.SocketChannel;
public class KdcTest {
private String serverHost = "localhost";
- private short serverPort = 8089;
+ private int serverPort = 0;
private SimpleKdcServer kdcServer;
@@ -40,6 +41,7 @@ public class KdcTest {
public void setUp() throws Exception {
kdcServer = new SimpleKdcServer();
kdcServer.setKdcHost(serverHost);
+ serverPort = getServerPort();
kdcServer.setKdcTcpPort(serverPort);
kdcServer.init();
kdcServer.start();
@@ -62,6 +64,24 @@ public class KdcTest {
socketChannel.write(writeBuffer);
}
+
+ /**
+ * Get a server socket point for testing usage, either TCP or UDP.
+ * @return server socket point
+ */
+ private static int getServerPort() {
+ int serverPort = 0;
+
+ try {
+ ServerSocket serverSocket = new ServerSocket(0);
+ serverPort = serverSocket.getLocalPort();
+ serverSocket.close();
+ } catch (IOException e) {
+ throw new RuntimeException("Failed to get a server socket point");
+ }
+
+ return serverPort;
+ }
@After
public void tearDown() throws Exception {
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/79ab37e5/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcConfigLoad.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcConfigLoad.java b/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcConfigLoad.java
index 643b539..7f00a3a 100644
--- a/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcConfigLoad.java
+++ b/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcConfigLoad.java
@@ -44,8 +44,8 @@ public class TestKdcConfigLoad {
assertThat(krbConfig.getKdcLoggingLocation()).isEqualTo("FILE:/var/log/krb5kdc.log");
assertThat(krbConfig.getAdminLoggingLocation()).isEqualTo("FILE:/var/log/kadmind.log");
- assertThat(krbConfig.getKdcUdpPort()).isEqualTo((short)88);
- assertThat(krbConfig.getKdcTcpPort()).isEqualTo((short)8014);
+ assertThat(krbConfig.getKdcUdpPort()).isEqualTo(88);
+ assertThat(krbConfig.getKdcTcpPort()).isEqualTo(8014);
assertThat(krbConfig.isRestrictAnonymousToTgt()).isTrue();
assertThat(krbConfig.getKdcMaxDgramReplySize()).isEqualTo(4096);
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/79ab37e5/kerby-kerb/kerb-server/src/test/resources/kdc.conf
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/test/resources/kdc.conf b/kerby-kerb/kerb-server/src/test/resources/kdc.conf
new file mode 100644
index 0000000..8f286a1
--- /dev/null
+++ b/kerby-kerb/kerb-server/src/test/resources/kdc.conf
@@ -0,0 +1,51 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+[logging]
+ default = FILE:/var/log/krb5libs.log
+ kdc = FILE:/var/log/krb5kdc.log
+ admin_server = FILE:/var/log/kadmind.log
+
+[kdcdefaults]
+ kdc_udp_port = 88
+ kdc_tcp_port = 8014
+ restrict_anonymous_to_tgt = true
+ kdc_max_dgram_reply_size = 4096
+
+[realms]
+# ATHENA.MIT.EDU = {
+# kadmind_port = 749
+# max_life = 12h 0m 0s
+# max_renewable_life = 7d 0h 0m 0s
+# master_key_type = des3-hmac-sha1
+# supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal des-cbc-crc:v4
+# database_module = openldap_ldapconf
+# }
+
+[dbdefaults]
+ ldap_kerberos_container_dn = cn=krbcontainer dc=mit dc=edu
+
+[dbmodules]
+# openldap_ldapconf = {
+# db_library = kldap
+# disable_last_success = true
+# ldap_kdc_dn = cn=krbadmin dc=mit,dc=edu
+# ldap_kadmind_dn = cn=krbadmin dc=mit dc=edu
+# ldap_service_password_file = /etc/kerberos/service.keyfile
+# ldap_servers = ldaps://kerberos.mit.edu
+# ldap_conns_per_server = 5
+# }