You are viewing a plain text version of this content. The canonical link for it is here.
Posted to kerby@directory.apache.org by "Zheng, Kai" <ka...@intel.com> on 2016/01/03 13:24:43 UTC
Remote mode kadmin interoperable with MIT KDC
Hi folks,
As we discussed some time ago, we would need to support remote kadmin that's interoperable with MIT KDC. As part of the upcoming release, I just reviewed and refined kerb-admin module. As a result of it, I split Kadmin codes into two parts: LocalKadmin(impl) and RemoteKadmin(impl), similar to the constructs in MIT Kerberos: kadmin local mode and kadmin remote mode. Please check out the latest commit for it. Doing that way, it prepared the necessary setup for the support. We'll also need to support XDR encoding/decoding for the required GSS-RPC stub. I will spend some time in this direction laying on the necessary facilities and would welcome any contribution to the feature functionalities. Note the major work for the client side is all about communication (collecting operation parameters, encoding in XDR packet, and sending via GSS protected layer); the real work in KadminServer side is trivial because we can just reuse and delegate the call to LocalKadmin. Hope it can be done after RC2 before 1.0.0 formal release.
Wish we can move even faster in the new year!
Regards,
Kai
FW: Remote mode kadmin interoperable with MIT KDC
Posted by "Zheng, Kai" <ka...@intel.com>.
This explained about the kadmin remote mode support feature. In case this is missed, or misunderstood.
Regards,
Kai
From: Zheng, Kai
Sent: Sunday, January 03, 2016 8:25 PM
To: kerby@directory.apache.org
Subject: Remote mode kadmin interoperable with MIT KDC
Hi folks,
As we discussed some time ago, we would need to support remote kadmin that's interoperable with MIT KDC. As part of the upcoming release, I just reviewed and refined kerb-admin module. As a result of it, I split Kadmin codes into two parts: LocalKadmin(impl) and RemoteKadmin(impl), similar to the constructs in MIT Kerberos: kadmin local mode and kadmin remote mode. Please check out the latest commit for it. Doing that way, it prepared the necessary setup for the support. We'll also need to support XDR encoding/decoding for the required GSS-RPC stub. I will spend some time in this direction laying on the necessary facilities and would welcome any contribution to the feature functionalities. Note the major work for the client side is all about communication (collecting operation parameters, encoding in XDR packet, and sending via GSS protected layer); the real work in KadminServer side is trivial because we can just reuse and delegate the call to LocalKadmin. Hope it can be done after RC2 before 1.0.0 formal release.
Wish we can move even faster in the new year!
Regards,
Kai