You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@directory.apache.org by er...@apache.org on 2007/05/29 05:58:43 UTC

svn commit: r542400 - /directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/kerberos/KeyDerivationService.java

Author: erodriguez
Date: Mon May 28 20:58:42 2007
New Revision: 542400

URL: http://svn.apache.org/viewvc?view=rev&rev=542400
Log:
Added more Javadocs and comments to KeyDerivationService.

Modified:
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/kerberos/KeyDerivationService.java

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/kerberos/KeyDerivationService.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/kerberos/KeyDerivationService.java?view=diff&rev=542400&r1=542399&r2=542400
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/kerberos/KeyDerivationService.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/kerberos/KeyDerivationService.java Mon May 28 20:58:42 2007
@@ -112,6 +112,12 @@
     }
 
 
+    /**
+     * Intercept the addition of the 'userPassword' and 'krb5PrincipalName' attributes.  Use the 'userPassword'
+     * and 'krb5PrincipalName' attributes to derive Kerberos keys for the principal.  If the 'userPassword' is
+     * the special keyword 'randomKey', set random keys for the principal.  Set the key version number (kvno)
+     * to '0'.
+     */
     public void add( NextInterceptor next, OperationContext addContext ) throws NamingException
     {
         LdapDN normName = addContext.getDn();
@@ -163,12 +169,10 @@
 
 
     /**
-     * Detect case.
-     * Log detection.
-     * Retrieve old value.
-     * Log retrieved values.
-     * Make now attr/mods.
-     * Log new values.
+     * Intercept the modification of the 'userPassword' attribute.  Use the 'userPassword' and 'krb5PrincipalName'
+     * attributes to derive Kerberos keys for the principal.  If the 'userPassword' is the special keyword
+     * 'randomKey', set random keys for the principal.  Perform a lookup to check for an existing key version
+     * number (kvno).  If a kvno exists, increment the kvno; otherwise, set the kvno to '0'.
      */
     public void modify( NextInterceptor next, OperationContext opContext ) throws NamingException
     {
@@ -319,7 +323,7 @@
             log.debug( "Found kvno '" + oldKeyVersionNumber + "', setting to '" + newKeyVersionNumber + "'." );
         }
 
-        // TODO - just checking ...
+        // TODO - We may wish to lookup the principal name if one is not present in the modification items.
         Attribute principalName = userEntry.get( KerberosAttribute.PRINCIPAL );
         log.debug( "Found principal = " + ( String ) principalName.get() );