You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by Emmanuel Lecharny <el...@gmail.com> on 2010/12/04 04:45:28 UTC
Kerberos progress
Hi guys,
still cleaning the place, but we definitively make progress. Yesterday,
Kiran and I removed many of the old data structures to replace them with
the new ones, adjusting them when needed.
So far, the first exchange from a client to the server is working back :
AS-REQ --> server --> KRB-ERROR (requesting for PaAuth). That means the
message sent by the client has been fully decoded, and the error sent
back (a functional and expected error) has been encoded and sent.
We have now to continue to fix the next exchanged messages, but I think
we can move fast. Remember that we are still in a branch, so don't
worry, we aren't breaking the trunk.
One issue we have is that we use PrincipalName when the current
implementation is using a KerberosPrincipal all over the code (the
difference is that the KerberosPrincipal contains the realm). We have to
fix that.
I hope we can have most of the code fixed in a few days now, as it's
going faster than expected (way faster than writing all the
encoders/decoders).
Stay tuned !
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com