You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2016/02/15 03:42:31 UTC
[07/36] directory-kerby git commit: DIRKRB-528 Adding the rc1 and rc2
apis docs under docs folder.
DIRKRB-528 Adding the rc1 and rc2 apis docs under docs folder.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/e90619e0
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/e90619e0
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/e90619e0
Branch: refs/heads/kadmin-remote
Commit: e90619e0d54cd6dc2fe5bd99b7e15d1bd3425115
Parents: 5bedb0c
Author: plusplusjiajia <ji...@intel.com>
Authored: Tue Jan 19 16:11:15 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Tue Jan 19 16:11:15 2016 +0800
----------------------------------------------------------------------
README.md | 26 +-
docs/1.0.0-RC1-APIs/1.0.0-RC1-release-note.md | 67 ++++
docs/1.0.0-RC1-APIs/kadmin.md | 77 ++++
docs/1.0.0-RC1-APIs/kdcserver.md | 71 ++++
docs/1.0.0-RC1-APIs/kerby-asn1.md | 302 ++++++++++++++++
docs/1.0.0-RC1-APIs/krbclient.md | 51 +++
docs/1.0.0-RC1-APIs/simplekdc.md | 84 +++++
docs/1.0.0-RC2-APIs/1.0.0-RC2-release-note.md | 42 +++
docs/1.0.0-RC2-APIs/kadmin.md | 81 +++++
docs/1.0.0-RC2-APIs/kdcserver.md | 71 ++++
docs/1.0.0-RC2-APIs/kerby-asn1.md | 389 +++++++++++++++++++++
docs/1.0.0-RC2-APIs/krbclient.md | 106 ++++++
docs/1.0.0-RC2-APIs/simplekdc.md | 85 +++++
kerby-common/kerby-asn1/README.md | 389 ---------------------
kerby-kerb/kerb-admin/README.md | 81 -----
kerby-kerb/kerb-client/README.md | 106 ------
kerby-kerb/kerb-server/README.md | 71 ----
kerby-kerb/kerb-simplekdc/README.md | 85 -----
18 files changed, 1440 insertions(+), 744 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/e90619e0/README.md
----------------------------------------------------------------------
diff --git a/README.md b/README.md
index b525265..7218543 100644
--- a/README.md
+++ b/README.md
@@ -38,26 +38,22 @@ Apache Kerby is a Java Kerberos binding. It provides a rich, intuitive and inter
### KrbClient APIs
A Krb client API for applications to interact with KDC.
-Please look at [kerb-client](kerby-kerb/kerb-client/README.md) for details.
### Kadmin
Server side admin facilities.
-Please look at [kerb-admin](kerby-kerb/kerb-admin/README.md) for details.
### KdcServer
Kerberos Server API.
-Please look at [kerb-server](kerby-kerb/kerb-server/README.md) for details.
### SimpleKdcServer
A simplified Kdc server. It can be imported by other project to work as a kdc server.
-Please look at [kerb-simplekdc](kerby-kerb/kerb-simplekdc/README.md) for details.
+
+### ASN-1 support
+A model driven ASN-1 encoding and decoding framework implemented with Java.
### How to play with the standalone KDC
Please look at [Kerby KDC](kerby-dist/README.md) for details.
-### ASN-1 support
-Please look at [kerby-asn1](kerby-asn1/) for details.
-
### Kerberos Crypto and Encryption Types
Implementing des, des3, rc4, aes, camellia encryption and corresponding checksum types
Interoperates with MIT Kerberos and Microsoft AD
@@ -125,13 +121,14 @@ A standalone KDC server that can integrate various identity backends including:
- [Zookeeper](https://zookeeper.apache.org/), needed by zookeeper identity backend.
### How to use library
-The Apache Kerby is also available as a Maven dependency:
+The Apache Kerby is also available as a Maven dependency.
+
- Kerby Client API:
```
<dependency>
<groupId>org.apache.kerby</groupId>
<artifactId>kerb-client-api-all</artifactId>
- <version>1.0.0-RC1</version>
+ <version>${kerby-version}</version>
</dependency>
```
@@ -140,7 +137,7 @@ The Apache Kerby is also available as a Maven dependency:
<dependency>
<groupId>org.apache.kerby</groupId>
<artifactId>kerb-server-api-all</artifactId>
- <version>1.0.0-RC1</version>
+ <version>${kerby-version}</version>
</dependency>
```
@@ -149,7 +146,7 @@ The Apache Kerby is also available as a Maven dependency:
<dependency>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-asn1</artifactId>
- <version>1.0.0-RC1</version>
+ <version>${kerby-version}</version>
</dependency>
```
@@ -158,9 +155,11 @@ The Apache Kerby is also available as a Maven dependency:
<dependency>
<groupId>org.apache.kerby</groupId>
<artifactId>kerb-simplekdc</artifactId>
- <version>1.0.0-RC1</version>
+ <version>${kerby-version}/version>
</dependency>
```
+- please replace the ${kerby-version} with the release version.
+- Apache Kerby 1.0.0-RC1 is the latest release and recommended version for all users.
### License
Apache License V2.0
@@ -173,3 +172,6 @@ Apache License V2.0
### Downloads
- [Version 1.0.0-RC1](https://directory.apache.org/kerby/download/download-sources.html)
+
+### News
+- Sep 23, the first release 1.0.0-RC1 of Kerby was released.
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/e90619e0/docs/1.0.0-RC1-APIs/1.0.0-RC1-release-note.md
----------------------------------------------------------------------
diff --git a/docs/1.0.0-RC1-APIs/1.0.0-RC1-release-note.md b/docs/1.0.0-RC1-APIs/1.0.0-RC1-release-note.md
new file mode 100644
index 0000000..085375e
--- /dev/null
+++ b/docs/1.0.0-RC1-APIs/1.0.0-RC1-release-note.md
@@ -0,0 +1,67 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+Apache Kerby 1.0.0-RC1 Release Note
+===================================
+
+In this release 236 JIRA issues were resolved and the following features are supported:
+
+- 1. Kerberos libraries:
+ a) Client
+ b) KDC server
+ c) Kadmin
+ d) Credential cache and keytab utilities
+
+- 2. Standalone KDC server .
+
+- 3. Support for various identity backends:
+ a) In-memory
+ b) JSON
+ c) LDAP
+ d) Mavibot(MVCC BTree)
+ e) Zookeeper
+
+- 4. Embedded KDC server allows easy integration into products for unit tests or production deployment.
+
+- 5. FAST/Preauthentication framework to allow popular and useful authentication mechanisms.
+
+- 6. Token Preauth mechanism to allow clients to request tickets using JWT tokens.
+
+- 7. Client can request a TGT with:
+ a) User plain password credential
+ b) User keyTab
+ c) User token credential
+
+- 8. Client can request a service ticket with:
+ a) user TGT credential for a server
+ b) user AccessToken credential for a server
+
+- 9. Network support including UDP and TCP transport with two implementations:
+ a) Default implementation based on the JRE without depending on other libraries.
+ b) Netty based implementation for better throughput, lower latency.
+
+- 10. Tools:
+ a) kdcinit: Initialize and prepare KDC, like choose storage type, setting up necessary principals (tgs, kadmin) etc.
+ b) kadmin: Command-line interfaces to administration system.
+ c) kinit: Obtains and caches an initial ticket-granting ticket for principal.
+ d) klist: Lists the Kerby principal and tickets held in a credentials cache, or the keys held in a keytab file.
+
+- 11. Support for JAAS, GSSAPI and SASL frameworks that applications can leverage the authentication mechanisms provided by Kerby.
+
+- 12. Building support: checking style and find bugs.
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/e90619e0/docs/1.0.0-RC1-APIs/kadmin.md
----------------------------------------------------------------------
diff --git a/docs/1.0.0-RC1-APIs/kadmin.md b/docs/1.0.0-RC1-APIs/kadmin.md
new file mode 100644
index 0000000..eebb949
--- /dev/null
+++ b/docs/1.0.0-RC1-APIs/kadmin.md
@@ -0,0 +1,77 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+kerb-admin
+============
+
+### Initiate a Kadmin
+* Initiate a Kadmin with confDir.
+<pre>
+Kadmin kadmin = new Kadmin(confDir);
+</pre>
+* Initiate a Kadmin with kdcSetting and backend.
+<pre>
+Kadmin kadmin = new Kadmin(kdcSetting, backend);
+</pre>
+
+### Principal operating
+* Add principle with principal name.
+<pre>
+addPrincipal(principal);
+</pre>
+* Add principle with principal name and password.
+<pre>
+addPrincipal(principal, password);
+</pre>
+* Add principle with principal name and kOptions.
+<pre>
+addPrincipal(principal, kOptions);
+</pre>
+* Add principle with principal name, password and kOptions.
+<pre>
+addPrincipal(principal, password kOptions);
+</pre>
+* Delete principle with principal name.
+<pre>
+deletePrincipal(principal);
+</pre>
+* Modify principle with principal name and kOptions.
+<pre>
+modifyPrincipal(principal, kOptions);
+</pre>
+* Rename principle.
+<pre>
+renamePrincipal(oldPrincipalName, newPrincipalName);
+</pre>
+* Get principle with principal name.
+<pre>
+getPrincipal(principalName);
+</pre>
+* Get all the principles.
+<pre>
+getPrincipals();
+</pre>
+* Update password with principal name and new password.
+<pre>
+updatePassword(principal, newPassword);
+</pre>
+* Export all identity keys to the specified keytab file.
+<pre>
+exportKeyTab(keyTabFile);
+</pre>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/e90619e0/docs/1.0.0-RC1-APIs/kdcserver.md
----------------------------------------------------------------------
diff --git a/docs/1.0.0-RC1-APIs/kdcserver.md b/docs/1.0.0-RC1-APIs/kdcserver.md
new file mode 100644
index 0000000..76f2310
--- /dev/null
+++ b/docs/1.0.0-RC1-APIs/kdcserver.md
@@ -0,0 +1,71 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+kerb-server
+============
+
+### Initiate kdc server
+* Initiate a kdc server with prepared confDir.
+<pre>
+KdcServer server = new KdcServer(confDir);
+</pre>
+
+### Start and set kdc server
+* Start kdc server.
+<pre>
+start();
+</pre>
+* Set KDC realm for ticket request
+<pre>
+setKdcRealm(realm);
+</pre>
+* Set KDC host.
+<pre>
+setKdcHost(kdcHost);
+</pre>
+* Set KDC tcp port.
+<pre>
+setKdcTcpPort(kdcTcpPort);
+</pre>
+* Set KDC udp port. Only makes sense when allowUdp is set.
+<pre>
+setKdcUdpPort(kdcUdpPort);
+</pre>
+* Set to allow TCP or not.
+<pre>
+setAllowTcp(allowTcp);
+</pre>
+* Set to allow UDP or not.
+<pre>
+setAllowUdp(allowUdp);
+</pre>
+* Allow to debug so have more logs.
+<pre>
+enableDebug();
+</pre>
+* Allow to hook customized kdc implementation.
+<pre>
+setInnerKdcImpl(innerKdcImpl);
+</pre>
+
+### Stop kdc server
+* Start kdc server.
+<pre>
+stop();
+</pre>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/e90619e0/docs/1.0.0-RC1-APIs/kerby-asn1.md
----------------------------------------------------------------------
diff --git a/docs/1.0.0-RC1-APIs/kerby-asn1.md b/docs/1.0.0-RC1-APIs/kerby-asn1.md
new file mode 100644
index 0000000..5ca2e17
--- /dev/null
+++ b/docs/1.0.0-RC1-APIs/kerby-asn1.md
@@ -0,0 +1,302 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+kerby-asn1
+=========
+
+### A ASN1 parser with easy and simple API
+
+```
+// encoding
+Asn1Integer aValue = new Asn1Integer(8899);
+byte[] encoded = aValue.encode();
+
+// decoding
+byte[] contentToDecode = ...
+Asn1Integer decodedValue = new Asn1Integer();
+decodedValue.decode(contentToDecode);
+Integer value = decodedValue.getValue();
+```
+
+### Data-driven ASN1 encoding/decoding framework and parser
+
+With the following definition from Kerberos protocol
+```
+ AuthorizationData ::= SEQUENCE OF SEQUENCE {
+ ad-type [0] Int32,
+ ad-data [1] OCTET STRING
+ }
+ ```
+
+You can model AuthzDataEntry as follows
+```java
+public class AuthzDataEntry extends Asn1SequenceType {
+ static int AD_TYPE = 0;
+ static int AD_DATA = 1;
+
+ public AuthzDataEntry() {
+ super(new Asn1FieldInfo[] {
+ new Asn1FieldInfo(AD_TYPE, Asn1Integer.class),
+ new Asn1FieldInfo(AD_DATA, Asn1OctetString.class)
+ });
+ }
+
+ public int getAuthzType() {
+ Integer value = getFieldAsInteger(AD_TYPE);
+ return value;
+ }
+
+ public byte[] getAuthzData() {
+ return getFieldAsOctetBytes(AD_DATA);
+ }
+}
+```
+
+And then define AuthorizationData simply
+```java
+public class AuthorizationData extends Asn1SequenceOf<AuthzDataEntry> {
+
+}
+```
+
+Then you can process with above definitions, encode and decode, without caring about the details.
+
+Think about how to implement the following more complex and pratical sample from [ITU-T Rec. X.680 ISO/IEC 8824-1](http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf):
+```
+A.1 ASN.1 description of the record structure
+The structure of the hypothetical personnel record is formally described below using ASN.1 specified in
+ITU-T Rec. X.680 | ISO/IEC 8824-1 for defining types.
+
+PersonnelRecord ::= [APPLICATION 0] IMPLICIT SET {
+ Name Name,
+ title [0] VisibleString,
+ number EmployeeNumber,
+ dateOfHire [1] Date,
+ nameOfSpouse [2] Name,
+ children [3] IMPLICIT
+ SEQUENCE OF ChildInformation DEFAULT {}
+}
+
+ChildInformation ::= SET {
+ name Name,
+ dateOfBirth [0] Date
+}
+
+Name ::= [APPLICATION 1] IMPLICIT SEQUENCE {
+ givenName VisibleString,
+ initial VisibleString,
+ familyName VisibleString
+}
+
+EmployeeNumber ::= [APPLICATION 2] IMPLICIT INTEGER
+Date ::= [APPLICATION 3] IMPLICIT VisibleString -- YYYYMMDD
+```
+Similarly as above, we can have (from the unit test codes):
+```java
+public class PersonnelRecord extends TaggingSet {
+ private static int NAME = 0;
+ private static int TITLE = 1;
+ private static int NUMBER = 2;
+ private static int DATEOFHIRE= 3;
+ private static int NAMEOFSPOUSE = 4;
+ private static int CHILDREN = 5;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(NAME, -1, Name.class),
+ new Asn1FieldInfo(TITLE, 0, Asn1VisibleString.class),
+ new Asn1FieldInfo(NUMBER, -1, EmployeeNumber.class),
+ new Asn1FieldInfo(DATEOFHIRE, 1, Date.class),
+ new Asn1FieldInfo(NAMEOFSPOUSE, 2, Name.class),
+ new Asn1FieldInfo(CHILDREN, 3, Children.class, true)
+ };
+
+ public PersonnelRecord() {
+ super(0, fieldInfos, true);
+ setEncodingOption(EncodingOption.IMPLICIT);
+ }
+
+ public void setName(Name name) {
+ setFieldAs(NAME, name);
+ }
+
+ public Name getName() {
+ return getFieldAs(NAME, Name.class);
+ }
+
+ public void setTitle(String title) {
+ setFieldAs(TITLE, new Asn1VisibleString(title));
+ }
+
+ public String getTitle() {
+ return getFieldAsString(TITLE);
+ }
+
+ public void setEmployeeNumber(EmployeeNumber employeeNumber) {
+ setFieldAs(NUMBER, employeeNumber);
+ }
+
+ public EmployeeNumber getEmployeeNumber() {
+ return getFieldAs(NUMBER, EmployeeNumber.class);
+ }
+
+ public void setDateOfHire(Date dateOfHire) {
+ setFieldAs(DATEOFHIRE, dateOfHire);
+ }
+
+ public Date getDateOfHire() {
+ return getFieldAs(DATEOFHIRE, Date.class);
+ }
+
+ public void setNameOfSpouse(Name spouse) {
+ setFieldAs(NAMEOFSPOUSE, spouse);
+ }
+
+ public Name getNameOfSpouse() {
+ return getFieldAs(NAMEOFSPOUSE, Name.class);
+ }
+
+ public void setChildren(Children children) {
+ setFieldAs(CHILDREN, children);
+ }
+
+ public Children getChildren() {
+ return getFieldAs(CHILDREN, Children.class);
+ }
+
+ public static class Children extends Asn1SequenceOf<ChildInformation> {
+ public Children(ChildInformation ... children) {
+ super();
+ for (ChildInformation child : children) {
+ addElement(child);
+ }
+ }
+
+ public Children() {
+ super();
+ }
+ }
+
+ public static class ChildInformation extends Asn1SetType {
+ private static int NAME = 0;
+ private static int DATEOFBIRTH = 1;
+
+ static Asn1FieldInfo[] tags = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(NAME, -1, Name.class),
+ new Asn1FieldInfo(DATEOFBIRTH, 0, Date.class)
+ };
+
+ public ChildInformation() {
+ super(tags);
+ }
+
+ public void setName(Name name) {
+ setFieldAs(NAME, name);
+ }
+
+ public Name getName() {
+ return getFieldAs(NAME, Name.class);
+ }
+
+ public void setDateOfBirth(Date date) {
+ setFieldAs(DATEOFBIRTH, date);
+ }
+
+ public Date getDateOfBirth() {
+ return getFieldAs(DATEOFBIRTH, Date.class);
+ }
+ }
+
+ public static class Name extends TaggingSequence {
+ private static int GIVENNAME = 0;
+ private static int INITIAL = 1;
+ private static int FAMILYNAME = 2;
+
+ static Asn1FieldInfo[] tags = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(GIVENNAME, -1, Asn1VisibleString.class),
+ new Asn1FieldInfo(INITIAL, -1, Asn1VisibleString.class),
+ new Asn1FieldInfo(FAMILYNAME, -1, Asn1VisibleString.class)
+ };
+
+ public Name() {
+ super(1, tags, true);
+ setEncodingOption(EncodingOption.IMPLICIT);
+ }
+
+ public Name(String givenName, String initial, String familyName) {
+ this();
+ setGivenName(givenName);
+ setInitial(initial);
+ setFamilyName(familyName);
+ }
+
+ public void setGivenName(String givenName) {
+ setFieldAs(GIVENNAME, new Asn1VisibleString(givenName));
+ }
+
+ public String getGivenName() {
+ return getFieldAsString(GIVENNAME);
+ }
+
+ public void setInitial(String initial) {
+ setFieldAs(INITIAL, new Asn1VisibleString(initial));
+ }
+
+ public String getInitial() {
+ return getFieldAsString(INITIAL);
+ }
+
+ public void setFamilyName(String familyName) {
+ setFieldAs(FAMILYNAME, new Asn1VisibleString(familyName));
+ }
+
+ public String getFamilyName() {
+ return getFieldAsString(FAMILYNAME);
+ }
+ }
+
+ public static class EmployeeNumber extends Asn1Tagging<Asn1Integer> {
+ public EmployeeNumber(Integer value) {
+ super(2, new Asn1Integer(value), true);
+ setEncodingOption(EncodingOption.IMPLICIT);
+ }
+ public EmployeeNumber() {
+ this(null);
+ }
+ }
+
+ public static class Date extends Asn1Tagging<Asn1VisibleString> {
+ public Date(String value) {
+ super(3, new Asn1VisibleString(value), true);
+ setEncodingOption(EncodingOption.IMPLICIT);
+ }
+ public Date() {
+ this(null);
+ }
+ }
+}
+```
+### Notes
+* 90% tests coverage for DER encoding
+* For BER & CER encoding, to be fully supported
+* No extra dependency
+
+### License
+Apache V2 License
+
+
+
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/e90619e0/docs/1.0.0-RC1-APIs/krbclient.md
----------------------------------------------------------------------
diff --git a/docs/1.0.0-RC1-APIs/krbclient.md b/docs/1.0.0-RC1-APIs/krbclient.md
new file mode 100644
index 0000000..14a4972
--- /dev/null
+++ b/docs/1.0.0-RC1-APIs/krbclient.md
@@ -0,0 +1,51 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+kerb-client
+============
+
+### Initiate a KrbClient
+* Initiate a KrbClient with prepared KrbConfig.
+<pre>
+KrbClient krbClient = new KrbClient(krbConfig);
+</pre>
+* Initiate a KrbClient with with conf dir.
+<pre>
+KrbClient krbClient = new KrbClient(confDir);
+</pre>
+
+### Request a TGT
+* Request a TGT with user plain password credential
+<pre>
+requestTgtWithPassword(principal, password);
+</pre>
+* Request a TGT with user token credential
+<pre>
+requestTgtWithToken(token, armorCache);
+</pre>
+
+### Request a service ticket
+* Request a service ticket with user TGT credential for a server
+<pre>
+requestServiceTicketWithTgt(tgt, serverPrincipal);
+</pre>
+* Request a service ticket with user AccessToken credential for a server
+<pre>
+requestServiceTicketWithAccessToken(accessToken, serverPrincipal, armorCache);
+</pre>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/e90619e0/docs/1.0.0-RC1-APIs/simplekdc.md
----------------------------------------------------------------------
diff --git a/docs/1.0.0-RC1-APIs/simplekdc.md b/docs/1.0.0-RC1-APIs/simplekdc.md
new file mode 100644
index 0000000..08c03ee
--- /dev/null
+++ b/docs/1.0.0-RC1-APIs/simplekdc.md
@@ -0,0 +1,84 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+kerb-simplekdc
+============
+
+### Kdc server
+</pre>
+* Start simple kdc server.
+<pre>
+start();
+</pre>
+* Set KDC realm for ticket request
+<pre>
+setKdcRealm(realm);
+</pre>
+* Set KDC host.
+<pre>
+setKdcHost(kdcHost);
+</pre>
+* Set KDC tcp port.
+<pre>
+setKdcTcpPort(kdcTcpPort);
+</pre>
+* Set KDC udp port. Only makes sense when allowUdp is set.
+<pre>
+setKdcUdpPort(kdcUdpPort);
+</pre>
+* Set to allow TCP or not.
+<pre>
+setAllowTcp(allowTcp);
+</pre>
+* Set to allow UDP or not.
+<pre>
+setAllowUdp(allowUdp);
+
+### Kadmin
+</pre>
+* Create principle with principal name.
+<pre>
+createPrincipal(principal);
+</pre>
+* Add principle with principal name and password.
+<pre>
+createPrincipal(principal, password);
+</pre>
+* Create principles with principal names.
+<pre>
+createPrincipals(principals);
+</pre>
+* Creates principals and export their keys to the specified keytab file.
+<pre>
+createAndExportPrincipals(keytabFile principals);
+</pre>
+* Delete principle with principal name.
+<pre>
+deletePrincipal(principal);
+</pre>
+</pre>
+* Delete principles with principal names.
+<pre>
+deletePrincipals(principals);
+</pre>
+</pre>
+* Export principles to keytab file.
+<pre>
+exportPrincipals(keytabFile);
+</pre>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/e90619e0/docs/1.0.0-RC2-APIs/1.0.0-RC2-release-note.md
----------------------------------------------------------------------
diff --git a/docs/1.0.0-RC2-APIs/1.0.0-RC2-release-note.md b/docs/1.0.0-RC2-APIs/1.0.0-RC2-release-note.md
new file mode 100644
index 0000000..f9b9b61
--- /dev/null
+++ b/docs/1.0.0-RC2-APIs/1.0.0-RC2-release-note.md
@@ -0,0 +1,42 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+Apache Kerby 1.0.0-RC2 Release Note
+===================================
+
+105 JIRA issues were resolved and with the following Features and important changes since 1.0.0-RC1:
+
+- 1. Anonymous PKINIT support(BETA): allows a client to obtain anonymous credentials without authenticating as any particular principal.
+- 2. PKINIT in RSA case (75%).
+- 3. Finished token support:
+ - Add ability to encrypt and sign using non-RSA keys;
+ - Get the verify key for signed JWT token from kdc config;
+ - Token issuer must be trusted as one of preconfigured issuers;
+ - Add support for decrypting JWT tokens in the KDC.
+- 4. PKIX CMS/X509 support.
+- 5. Full BER encoding support.
+- 6. Improved the ASN1 framework:
+ - Separate Asn1 parser;
+ - Support decoding of primitive but constructed encoded types;
+ - Allow to define explicit and implicit fields more easily for collection types;
+ - Providing an API to use some useful ASN1 functions by consolidating existing utilities
+- 7. Dump support for Asn1.
+ - provide an ASN1 dumping tool for troubleshooting
+ - Including built-in ASN1 types and user defined types.
+- 8. Separate KrbClient, KrbTokenClient, and KrbPkinitClient APIs.
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/e90619e0/docs/1.0.0-RC2-APIs/kadmin.md
----------------------------------------------------------------------
diff --git a/docs/1.0.0-RC2-APIs/kadmin.md b/docs/1.0.0-RC2-APIs/kadmin.md
new file mode 100644
index 0000000..e8533b9
--- /dev/null
+++ b/docs/1.0.0-RC2-APIs/kadmin.md
@@ -0,0 +1,81 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+kerb-admin
+============
+## Local mode
+### Initiate a LocalKadminImpl
+* Initiate a LocalKadminImpl with prepared KdcConfig and BackendConfig.
+<pre>
+LocalKadmin kadmin = new LocalKadminImpl(kdcConfig, backendConfig);
+</pre>
+* Initiate a LocalKadmin with confDir.
+<pre>
+LocalKadmin kadmin = new LocalKadminImpl(confDir);
+</pre>
+* Initiate a LocalKadmin with kdcSetting and backend.
+<pre>
+LocalKadmin kadmin = new LocalKadminImpl(kdcSetting, backend);
+</pre>
+
+### Principal operating
+* Add principle with principal name.
+<pre>
+addPrincipal(principal);
+</pre>
+* Add principle with principal name and password.
+<pre>
+addPrincipal(principal, password);
+</pre>
+* Add principle with principal name and kOptions.
+<pre>
+addPrincipal(principal, kOptions);
+</pre>
+* Add principle with principal name, password and kOptions.
+<pre>
+addPrincipal(principal, password kOptions);
+</pre>
+* Delete principle with principal name.
+<pre>
+deletePrincipal(principal);
+</pre>
+* Modify principle with principal name and kOptions.
+<pre>
+modifyPrincipal(principal, kOptions);
+</pre>
+* Rename principle.
+<pre>
+renamePrincipal(oldPrincipalName, newPrincipalName);
+</pre>
+* Get principle with principal name.
+<pre>
+getPrincipal(principalName);
+</pre>
+* Get all the principles.
+<pre>
+getPrincipals();
+</pre>
+* Update password with principal name and new password.
+<pre>
+updatePassword(principal, newPassword);
+</pre>
+* Export all identity keys to the specified keytab file.
+<pre>
+exportKeyTab(keyTabFile);
+</pre>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/e90619e0/docs/1.0.0-RC2-APIs/kdcserver.md
----------------------------------------------------------------------
diff --git a/docs/1.0.0-RC2-APIs/kdcserver.md b/docs/1.0.0-RC2-APIs/kdcserver.md
new file mode 100644
index 0000000..76f2310
--- /dev/null
+++ b/docs/1.0.0-RC2-APIs/kdcserver.md
@@ -0,0 +1,71 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+kerb-server
+============
+
+### Initiate kdc server
+* Initiate a kdc server with prepared confDir.
+<pre>
+KdcServer server = new KdcServer(confDir);
+</pre>
+
+### Start and set kdc server
+* Start kdc server.
+<pre>
+start();
+</pre>
+* Set KDC realm for ticket request
+<pre>
+setKdcRealm(realm);
+</pre>
+* Set KDC host.
+<pre>
+setKdcHost(kdcHost);
+</pre>
+* Set KDC tcp port.
+<pre>
+setKdcTcpPort(kdcTcpPort);
+</pre>
+* Set KDC udp port. Only makes sense when allowUdp is set.
+<pre>
+setKdcUdpPort(kdcUdpPort);
+</pre>
+* Set to allow TCP or not.
+<pre>
+setAllowTcp(allowTcp);
+</pre>
+* Set to allow UDP or not.
+<pre>
+setAllowUdp(allowUdp);
+</pre>
+* Allow to debug so have more logs.
+<pre>
+enableDebug();
+</pre>
+* Allow to hook customized kdc implementation.
+<pre>
+setInnerKdcImpl(innerKdcImpl);
+</pre>
+
+### Stop kdc server
+* Start kdc server.
+<pre>
+stop();
+</pre>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/e90619e0/docs/1.0.0-RC2-APIs/kerby-asn1.md
----------------------------------------------------------------------
diff --git a/docs/1.0.0-RC2-APIs/kerby-asn1.md b/docs/1.0.0-RC2-APIs/kerby-asn1.md
new file mode 100644
index 0000000..fd6bd57
--- /dev/null
+++ b/docs/1.0.0-RC2-APIs/kerby-asn1.md
@@ -0,0 +1,389 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+kerby-asn1
+=========
+
+### A ASN1 parser with easy and simple API
+
+```
+// encoding
+Asn1Integer aValue = new Asn1Integer(8899);
+byte[] encoded = aValue.encode();
+
+// decoding
+byte[] contentToDecode = ...
+Asn1Integer decodedValue = new Asn1Integer();
+decodedValue.decode(contentToDecode);
+Integer value = decodedValue.getValue();
+```
+
+### Data-driven ASN1 encoding/decoding framework and parser
+
+With the following definition from Kerberos protocol
+```
+ AuthorizationData ::= SEQUENCE OF SEQUENCE {
+ ad-type [0] Int32,
+ ad-data [1] OCTET STRING
+ }
+ ```
+
+You can model AuthzDataEntry as follows
+```java
+public class AuthorizationDataEntry extends KrbSequenceType {
+ /**
+ * The possible fields
+ */
+ protected enum AuthorizationDataEntryField implements EnumType {
+ AD_TYPE,
+ AD_DATA;
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public int getValue() {
+ return ordinal();
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public String getName() {
+ return name();
+ }
+ }
+
+ /** The AuthorizationDataEntry's fields */
+ private static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new ExplicitField(AuthorizationDataEntryField.AD_TYPE, Asn1Integer.class),
+ new ExplicitField(AuthorizationDataEntryField.AD_DATA, Asn1OctetString.class)
+ };
+
+ /**
+ * Creates an AuthorizationDataEntry instance
+ */
+ public AuthorizationDataEntry() {
+ super(fieldInfos);
+ }
+
+ /**
+ * @return The AuthorizationType (AD_TYPE) field
+ */
+ public AuthorizationType getAuthzType() {
+ Integer value = getFieldAsInteger(AuthorizationDataEntryField.AD_TYPE);
+ return AuthorizationType.fromValue(value);
+ }
+
+ /**
+ * Sets the AuthorizationType (AD_TYPE) field
+ * @param authzType The AuthorizationType to set
+ */
+ public void setAuthzType(AuthorizationType authzType) {
+ setFieldAsInt(AuthorizationDataEntryField.AD_TYPE, authzType.getValue());
+ }
+
+ /**
+ * @return The AuthorizationType (AD_DATA) field
+ */
+ public byte[] getAuthzData() {
+ return getFieldAsOctets(AuthorizationDataEntryField.AD_DATA);
+ }
+
+ /**
+ * Sets the AuthorizationData (AD_DATA) field
+ * @param authzData The AuthorizationData to set
+ */
+ public void setAuthzData(byte[] authzData) {
+ setFieldAsOctets(AuthorizationDataEntryField.AD_DATA, authzData);
+ }
+}
+```
+
+And then define AuthorizationData simply
+```java
+public class AuthorizationData extends KrbSequenceOfType<AuthorizationDataEntry> {
+
+}
+```
+
+Then you can process with above definitions, encode and decode, without caring about the details.
+
+Think about how to implement the following more complex and pratical sample from [ITU-T Rec. X.680 ISO/IEC 8824-1](http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf):
+```
+A.1 ASN.1 description of the record structure
+The structure of the hypothetical personnel record is formally described below using ASN.1 specified in
+ITU-T Rec. X.680 | ISO/IEC 8824-1 for defining types.
+
+PersonnelRecord ::= [APPLICATION 0] IMPLICIT SET {
+ Name Name,
+ title [0] VisibleString,
+ number EmployeeNumber,
+ dateOfHire [1] Date,
+ nameOfSpouse [2] Name,
+ children [3] IMPLICIT
+ SEQUENCE OF ChildInformation DEFAULT {}
+}
+
+ChildInformation ::= SET {
+ name Name,
+ dateOfBirth [0] Date
+}
+
+Name ::= [APPLICATION 1] IMPLICIT SEQUENCE {
+ givenName VisibleString,
+ initial VisibleString,
+ familyName VisibleString
+}
+
+EmployeeNumber ::= [APPLICATION 2] IMPLICIT INTEGER
+Date ::= [APPLICATION 3] IMPLICIT VisibleString -- YYYYMMDD
+```
+Similarly as above, we can have (from the unit test codes):
+```java
+public class PersonnelRecord extends Asn1TaggingSet {
+ protected enum PersonnelRecordField implements EnumType {
+ NAME,
+ TITLE,
+ NUMBER,
+ DATE_OF_HIRE,
+ NAME_OF_SPOUSE,
+ CHILDREN;
+
+ @Override
+ public int getValue() {
+ return ordinal();
+ }
+
+ @Override
+ public String getName() {
+ return name();
+ }
+ }
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new ExplicitField(PersonnelRecordField.NAME, -1, Name.class),
+ new ExplicitField(PersonnelRecordField.TITLE, 0, Asn1VisibleString.class),
+ new ExplicitField(PersonnelRecordField.NUMBER, -1, EmployeeNumber.class),
+ new ExplicitField(PersonnelRecordField.DATE_OF_HIRE, 1, Date.class),
+ new ExplicitField(PersonnelRecordField.NAME_OF_SPOUSE, 2, Name.class),
+ new ImplicitField(PersonnelRecordField.CHILDREN, 3, Children.class)
+ };
+
+ public PersonnelRecord() {
+ super(0, fieldInfos, true, true);
+ }
+
+ public void setName(Name name) {
+ setFieldAs(PersonnelRecordField.NAME, name);
+ }
+
+ public Name getName() {
+ return getFieldAs(PersonnelRecordField.NAME, Name.class);
+ }
+
+ public void setTitle(String title) {
+ setFieldAs(PersonnelRecordField.TITLE, new Asn1VisibleString(title));
+ }
+
+ public String getTitle() {
+ return getFieldAsString(PersonnelRecordField.TITLE);
+ }
+
+ public void setEmployeeNumber(EmployeeNumber employeeNumber) {
+ setFieldAs(PersonnelRecordField.NUMBER, employeeNumber);
+ }
+
+ public EmployeeNumber getEmployeeNumber() {
+ return getFieldAs(PersonnelRecordField.NUMBER, EmployeeNumber.class);
+ }
+
+ public void setDateOfHire(Date dateOfHire) {
+ setFieldAs(PersonnelRecordField.DATE_OF_HIRE, dateOfHire);
+ }
+
+ public Date getDateOfHire() {
+ return getFieldAs(PersonnelRecordField.DATE_OF_HIRE, Date.class);
+ }
+
+ public void setNameOfSpouse(Name spouse) {
+ setFieldAs(PersonnelRecordField.NAME_OF_SPOUSE, spouse);
+ }
+
+ public Name getNameOfSpouse() {
+ return getFieldAs(PersonnelRecordField.NAME_OF_SPOUSE, Name.class);
+ }
+
+ public void setChildren(Children children) {
+ setFieldAs(PersonnelRecordField.CHILDREN, children);
+ }
+
+ public Children getChildren() {
+ return getFieldAs(PersonnelRecordField.CHILDREN, Children.class);
+ }
+
+ public static class Children extends Asn1SequenceOf<ChildInformation> {
+ public Children(ChildInformation ... children) {
+ super();
+ for (ChildInformation child : children) {
+ addElement(child);
+ }
+ }
+
+ public Children() {
+ super();
+ }
+ }
+
+ public static class ChildInformation extends Asn1SetType {
+ protected enum ChildInformationField implements EnumType {
+ CHILD_NAME,
+ DATE_OF_BIRTH;
+
+ @Override
+ public int getValue() {
+ return ordinal();
+ }
+
+ @Override
+ public String getName() {
+ return name();
+ }
+ }
+
+ static Asn1FieldInfo[] tags = new Asn1FieldInfo[] {
+ new ExplicitField(ChildInformationField.CHILD_NAME, -1, Name.class),
+ new ExplicitField(ChildInformationField.DATE_OF_BIRTH, 0, Date.class)
+ };
+
+ public ChildInformation() {
+ super(tags);
+ }
+
+ public void setName(Name name) {
+ setFieldAs(ChildInformationField.CHILD_NAME, name);
+ }
+
+ public Name getName() {
+ return getFieldAs(ChildInformationField.CHILD_NAME, Name.class);
+ }
+
+ public void setDateOfBirth(Date date) {
+ setFieldAs(ChildInformationField.DATE_OF_BIRTH, date);
+ }
+
+ public Date getDateOfBirth() {
+ return getFieldAs(ChildInformationField.DATE_OF_BIRTH, Date.class);
+ }
+ }
+
+ public static class Name extends Asn1TaggingSequence {
+
+ protected enum NameField implements EnumType {
+ GIVENNAME,
+ INITIAL,
+ FAMILYNAME;
+
+ @Override
+ public int getValue() {
+ return ordinal();
+ }
+
+ @Override
+ public String getName() {
+ return name();
+ }
+ }
+
+ static Asn1FieldInfo[] tags = new Asn1FieldInfo[] {
+ new ExplicitField(NameField.GIVENNAME, -1, Asn1VisibleString.class),
+ new ExplicitField(NameField.INITIAL, -1, Asn1VisibleString.class),
+ new ExplicitField(NameField.FAMILYNAME, -1, Asn1VisibleString.class)
+ };
+
+ public Name() {
+ super(1, tags, true, true);
+ }
+
+ public Name(String givenName, String initial, String familyName) {
+ this();
+ setGivenName(givenName);
+ setInitial(initial);
+ setFamilyName(familyName);
+ }
+
+ public void setGivenName(String givenName) {
+ setFieldAs(NameField.GIVENNAME, new Asn1VisibleString(givenName));
+ }
+
+ public String getGivenName() {
+ return getFieldAsString(NameField.GIVENNAME);
+ }
+
+ public void setInitial(String initial) {
+ setFieldAs(NameField.INITIAL, new Asn1VisibleString(initial));
+ }
+
+ public String getInitial() {
+ return getFieldAsString(NameField.INITIAL);
+ }
+
+ public void setFamilyName(String familyName) {
+ setFieldAs(NameField.FAMILYNAME, new Asn1VisibleString(familyName));
+ }
+
+ public String getFamilyName() {
+ return getFieldAsString(NameField.FAMILYNAME);
+ }
+ }
+
+ public static class EmployeeNumber extends Asn1Tagging<Asn1Integer> {
+ public EmployeeNumber(Integer value) {
+ super(2, new Asn1Integer(value), true, true);
+ }
+
+ public EmployeeNumber() {
+ super(2, new Asn1Integer(), true, true);
+ }
+ }
+
+ public static class Date extends Asn1Tagging<Asn1VisibleString> {
+ public Date(String value) {
+ super(3, new Asn1VisibleString(value), true, true);
+ }
+ public Date() {
+ this(null);
+ }
+ }
+}
+```
+### ASN1 dumping tool
+* ASN1 dumping tool to help analyze ASN1 encoding stream or packet. It can be used to exercise the framework with all kinds of testing binary inputs.
+* The shortcut API for ASN1 encoding, decoding and dumping in Asn1.java
+
+### Notes
+* 90% tests coverage for DER encoding
+* For BER & CER encoding, to be fully supported
+* No extra dependency
+
+### License
+Apache V2 License
+
+
+
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/e90619e0/docs/1.0.0-RC2-APIs/krbclient.md
----------------------------------------------------------------------
diff --git a/docs/1.0.0-RC2-APIs/krbclient.md b/docs/1.0.0-RC2-APIs/krbclient.md
new file mode 100644
index 0000000..ab5a48c
--- /dev/null
+++ b/docs/1.0.0-RC2-APIs/krbclient.md
@@ -0,0 +1,106 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+kerb-client
+============
+
+## 1. KrbClient
+### Initiate a KrbClient
+* Initiate a KrbClient with prepared KrbConfig.
+<pre>
+KrbClient krbClient = new KrbClient(krbConfig);
+</pre>
+* Initiate a KrbClient with conf dir.
+<pre>
+KrbClient krbClient = new KrbClient(confDir);
+</pre>
+
+### Request a TGT
+* Request a TGT with using well prepared requestOptions.
+<pre>
+requestTgt(requestOptions);
+</pre>
+* Request a TGT with user plain password credential
+<pre>
+requestTgt(principal, password);
+</pre>
+* Request a TGT with user plain keytab credential
+<pre>
+requestTgt(principal, keytabFile);
+</pre>
+
+### Request a service ticket
+* Request a service ticket with a TGT targeting for a server
+<pre>
+requestSgt(tgt, serverPrincipal);
+</pre>
+* Request a service ticket provided request options
+<pre>
+requestSgt(requestOptions);
+</pre>
+
+## 2. KrbTokenClient
+### Initiate a KrbTokenClient
+* Initiate a KrbTokenClient with prepared KrbConfig.
+<pre>
+KrbTokenClient krbTokenClient = new KrbTokenClient(krbConfig);
+</pre>
+* Initiate a KrbTokenClient with conf dir.
+<pre>
+KrbTokenClient krbTokenClient = new KrbTokenClient(confDir);
+</pre>
+* Initiate a KrbTokenClient with prepared KrbClient.
+<pre>
+KrbTokenClient krbTokenClient = new KrbTokenClient(krbClient);
+</pre>
+
+### Request a TGT
+* Request a TGT with user token credential
+<pre>
+requestTgtWithToken(token, armorCache);
+</pre>
+
+### Request a service ticket
+</pre>
+* Request a service ticket with user AccessToken credential for a server
+<pre>
+requestSgt(accessToken, serverPrincipal, armorCache);
+</pre>
+
+## 3. KrbPkinitClient
+### Initiate a KrbPkinitClient
+* Initiate a KrbPkinitClient with prepared KrbConfig.
+<pre>
+KrbPkinitClient krbPkinitClient = new KrbPkinitClient(krbConfig);
+</pre>
+* Initiate a KrbPkinitClient with conf dir.
+<pre>
+KrbPkinitClient krbPkinitClient = new KrbPkinitClient(confDir);
+</pre>
+* Initiate a KrbPkinitClient with prepared KrbClient.
+<pre>
+KrbPkinitClient krbPkinitClient = new KrbPkinitClient(krbClient);
+</pre>
+
+### Request a TGT
+* Request a TGT with using Anonymous PKINIT
+<pre>
+requestTgt();
+</pre>
+
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/e90619e0/docs/1.0.0-RC2-APIs/simplekdc.md
----------------------------------------------------------------------
diff --git a/docs/1.0.0-RC2-APIs/simplekdc.md b/docs/1.0.0-RC2-APIs/simplekdc.md
new file mode 100644
index 0000000..85e79ca
--- /dev/null
+++ b/docs/1.0.0-RC2-APIs/simplekdc.md
@@ -0,0 +1,85 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+kerb-simplekdc
+============
+
+### Kdc server
+</pre>
+* Start simple kdc server.
+<pre>
+start();
+</pre>
+* Set KDC realm for ticket request
+<pre>
+setKdcRealm(realm);
+</pre>
+* Set KDC host.
+<pre>
+setKdcHost(kdcHost);
+</pre>
+* Set KDC tcp port.
+<pre>
+setKdcTcpPort(kdcTcpPort);
+</pre>
+* Set KDC udp port. Only makes sense when allowUdp is set.
+<pre>
+setKdcUdpPort(kdcUdpPort);
+</pre>
+* Set to allow TCP or not.
+<pre>
+setAllowTcp(allowTcp);
+</pre>
+* Set to allow UDP or not.
+<pre>
+setAllowUdp(allowUdp);
+
+### Kadmin
+</pre>
+* Create principle with principal name.
+<pre>
+createPrincipal(principal);
+</pre>
+* Add principle with principal name and password.
+<pre>
+createPrincipal(principal, password);
+</pre>
+* Create principles with principal names.
+<pre>
+createPrincipals(principals);
+</pre>
+* Creates principals and export their keys to the specified keytab file.
+<pre>
+createAndExportPrincipals(keytabFile principals);
+</pre>
+* Delete principle with principal name.
+<pre>
+deletePrincipal(principal);
+</pre>
+</pre>
+* Delete principles with principal names.
+<pre>
+deletePrincipals(principals);
+</pre>
+</pre>
+* Export principles to keytab file.
+<pre>
+exportPrincipals(keytabFile);
+</pre>
+
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/e90619e0/kerby-common/kerby-asn1/README.md
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-asn1/README.md b/kerby-common/kerby-asn1/README.md
deleted file mode 100644
index 05f5502..0000000
--- a/kerby-common/kerby-asn1/README.md
+++ /dev/null
@@ -1,389 +0,0 @@
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-kerby-asn1
-=========
-
-### A ASN1 parser with easy and simple API
-
-```
-// encoding
-Asn1Integer aValue = new Asn1Integer(8899);
-byte[] encoded = aValue.encode();
-
-// decoding
-byte[] contentToDecode = ...
-Asn1Integer decodedValue = new Asn1Integer();
-decodedValue.decode(contentToDecode);
-Integer value = decodedValue.getValue();
-```
-
-### Data-driven ASN1 encoding/decoding framework and parser
-
-With the following definition from Kerberos protocol
-```
- AuthorizationData ::= SEQUENCE OF SEQUENCE {
- ad-type [0] Int32,
- ad-data [1] OCTET STRING
- }
- ```
-
-You can model AuthzDataEntry as follows
-```java
-public class AuthorizationDataEntry extends KrbSequenceType {
- /**
- * The possible fields
- */
- protected enum AuthorizationDataEntryField implements EnumType {
- AD_TYPE,
- AD_DATA;
-
- /**
- * {@inheritDoc}
- */
- @Override
- public int getValue() {
- return ordinal();
- }
-
- /**
- * {@inheritDoc}
- */
- @Override
- public String getName() {
- return name();
- }
- }
-
- /** The AuthorizationDataEntry's fields */
- private static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
- new ExplicitField(AuthorizationDataEntryField.AD_TYPE, Asn1Integer.class),
- new ExplicitField(AuthorizationDataEntryField.AD_DATA, Asn1OctetString.class)
- };
-
- /**
- * Creates an AuthorizationDataEntry instance
- */
- public AuthorizationDataEntry() {
- super(fieldInfos);
- }
-
- /**
- * @return The AuthorizationType (AD_TYPE) field
- */
- public AuthorizationType getAuthzType() {
- Integer value = getFieldAsInteger(AuthorizationDataEntryField.AD_TYPE);
- return AuthorizationType.fromValue(value);
- }
-
- /**
- * Sets the AuthorizationType (AD_TYPE) field
- * @param authzType The AuthorizationType to set
- */
- public void setAuthzType(AuthorizationType authzType) {
- setFieldAsInt(AuthorizationDataEntryField.AD_TYPE, authzType.getValue());
- }
-
- /**
- * @return The AuthorizationType (AD_DATA) field
- */
- public byte[] getAuthzData() {
- return getFieldAsOctets(AuthorizationDataEntryField.AD_DATA);
- }
-
- /**
- * Sets the AuthorizationData (AD_DATA) field
- * @param authzData The AuthorizationData to set
- */
- public void setAuthzData(byte[] authzData) {
- setFieldAsOctets(AuthorizationDataEntryField.AD_DATA, authzData);
- }
-}
-```
-
-And then define AuthorizationData simply
-```java
-public class AuthorizationData extends KrbSequenceOfType<AuthorizationDataEntry> {
-
-}
-```
-
-Then you can process with above definitions, encode and decode, without caring about the details.
-
-Think about how to implement the following more complex and pratical sample from [ITU-T Rec. X.680 ISO/IEC 8824-1](http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf):
-```
-A.1 ASN.1 description of the record structure
-The structure of the hypothetical personnel record is formally described below using ASN.1 specified in
-ITU-T Rec. X.680 | ISO/IEC 8824-1 for defining types.
-
-PersonnelRecord ::= [APPLICATION 0] IMPLICIT SET {
- Name Name,
- title [0] VisibleString,
- number EmployeeNumber,
- dateOfHire [1] Date,
- nameOfSpouse [2] Name,
- children [3] IMPLICIT
- SEQUENCE OF ChildInformation DEFAULT {}
-}
-
-ChildInformation ::= SET {
- name Name,
- dateOfBirth [0] Date
-}
-
-Name ::= [APPLICATION 1] IMPLICIT SEQUENCE {
- givenName VisibleString,
- initial VisibleString,
- familyName VisibleString
-}
-
-EmployeeNumber ::= [APPLICATION 2] IMPLICIT INTEGER
-Date ::= [APPLICATION 3] IMPLICIT VisibleString -- YYYYMMDD
-```
-Similarly as above, we can have (from the unit test codes):
-```java
-public class PersonnelRecord extends Asn1TaggingSet {
- protected enum PersonnelRecordField implements EnumType {
- NAME,
- TITLE,
- NUMBER,
- DATE_OF_HIRE,
- NAME_OF_SPOUSE,
- CHILDREN;
-
- @Override
- public int getValue() {
- return ordinal();
- }
-
- @Override
- public String getName() {
- return name();
- }
- }
-
- static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
- new ExplicitField(PersonnelRecordField.NAME, -1, Name.class),
- new ExplicitField(PersonnelRecordField.TITLE, 0, Asn1VisibleString.class),
- new ExplicitField(PersonnelRecordField.NUMBER, -1, EmployeeNumber.class),
- new ExplicitField(PersonnelRecordField.DATE_OF_HIRE, 1, Date.class),
- new ExplicitField(PersonnelRecordField.NAME_OF_SPOUSE, 2, Name.class),
- new ImplicitField(PersonnelRecordField.CHILDREN, 3, Children.class)
- };
-
- public PersonnelRecord() {
- super(0, fieldInfos, true, true);
- }
-
- public void setName(Name name) {
- setFieldAs(PersonnelRecordField.NAME, name);
- }
-
- public Name getName() {
- return getFieldAs(PersonnelRecordField.NAME, Name.class);
- }
-
- public void setTitle(String title) {
- setFieldAs(PersonnelRecordField.TITLE, new Asn1VisibleString(title));
- }
-
- public String getTitle() {
- return getFieldAsString(PersonnelRecordField.TITLE);
- }
-
- public void setEmployeeNumber(EmployeeNumber employeeNumber) {
- setFieldAs(PersonnelRecordField.NUMBER, employeeNumber);
- }
-
- public EmployeeNumber getEmployeeNumber() {
- return getFieldAs(PersonnelRecordField.NUMBER, EmployeeNumber.class);
- }
-
- public void setDateOfHire(Date dateOfHire) {
- setFieldAs(PersonnelRecordField.DATE_OF_HIRE, dateOfHire);
- }
-
- public Date getDateOfHire() {
- return getFieldAs(PersonnelRecordField.DATE_OF_HIRE, Date.class);
- }
-
- public void setNameOfSpouse(Name spouse) {
- setFieldAs(PersonnelRecordField.NAME_OF_SPOUSE, spouse);
- }
-
- public Name getNameOfSpouse() {
- return getFieldAs(PersonnelRecordField.NAME_OF_SPOUSE, Name.class);
- }
-
- public void setChildren(Children children) {
- setFieldAs(PersonnelRecordField.CHILDREN, children);
- }
-
- public Children getChildren() {
- return getFieldAs(PersonnelRecordField.CHILDREN, Children.class);
- }
-
- public static class Children extends Asn1SequenceOf<ChildInformation> {
- public Children(ChildInformation ... children) {
- super();
- for (ChildInformation child : children) {
- addElement(child);
- }
- }
-
- public Children() {
- super();
- }
- }
-
- public static class ChildInformation extends Asn1SetType {
- protected enum ChildInformationField implements EnumType {
- CHILD_NAME,
- DATE_OF_BIRTH;
-
- @Override
- public int getValue() {
- return ordinal();
- }
-
- @Override
- public String getName() {
- return name();
- }
- }
-
- static Asn1FieldInfo[] tags = new Asn1FieldInfo[] {
- new ExplicitField(ChildInformationField.CHILD_NAME, -1, Name.class),
- new ExplicitField(ChildInformationField.DATE_OF_BIRTH, 0, Date.class)
- };
-
- public ChildInformation() {
- super(tags);
- }
-
- public void setName(Name name) {
- setFieldAs(ChildInformationField.CHILD_NAME, name);
- }
-
- public Name getName() {
- return getFieldAs(ChildInformationField.CHILD_NAME, Name.class);
- }
-
- public void setDateOfBirth(Date date) {
- setFieldAs(ChildInformationField.DATE_OF_BIRTH, date);
- }
-
- public Date getDateOfBirth() {
- return getFieldAs(ChildInformationField.DATE_OF_BIRTH, Date.class);
- }
- }
-
- public static class Name extends Asn1TaggingSequence {
-
- protected enum NameField implements EnumType {
- GIVENNAME,
- INITIAL,
- FAMILYNAME;
-
- @Override
- public int getValue() {
- return ordinal();
- }
-
- @Override
- public String getName() {
- return name();
- }
- }
-
- static Asn1FieldInfo[] tags = new Asn1FieldInfo[] {
- new ExplicitField(NameField.GIVENNAME, -1, Asn1VisibleString.class),
- new ExplicitField(NameField.INITIAL, -1, Asn1VisibleString.class),
- new ExplicitField(NameField.FAMILYNAME, -1, Asn1VisibleString.class)
- };
-
- public Name() {
- super(1, tags, true, true);
- }
-
- public Name(String givenName, String initial, String familyName) {
- this();
- setGivenName(givenName);
- setInitial(initial);
- setFamilyName(familyName);
- }
-
- public void setGivenName(String givenName) {
- setFieldAs(NameField.GIVENNAME, new Asn1VisibleString(givenName));
- }
-
- public String getGivenName() {
- return getFieldAsString(NameField.GIVENNAME);
- }
-
- public void setInitial(String initial) {
- setFieldAs(NameField.INITIAL, new Asn1VisibleString(initial));
- }
-
- public String getInitial() {
- return getFieldAsString(NameField.INITIAL);
- }
-
- public void setFamilyName(String familyName) {
- setFieldAs(NameField.FAMILYNAME, new Asn1VisibleString(familyName));
- }
-
- public String getFamilyName() {
- return getFieldAsString(NameField.FAMILYNAME);
- }
- }
-
- public static class EmployeeNumber extends Asn1Tagging<Asn1Integer> {
- public EmployeeNumber(Integer value) {
- super(2, new Asn1Integer(value), true, true);
- }
-
- public EmployeeNumber() {
- super(2, new Asn1Integer(), true, true);
- }
- }
-
- public static class Date extends Asn1Tagging<Asn1VisibleString> {
- public Date(String value) {
- super(3, new Asn1VisibleString(value), true, true);
- }
- public Date() {
- this(null);
- }
- }
-}
-```
-### ASN1 dumping tool
-* ASN1 dumping tool to help analyze ASN1 encoding stream or packet. It can be used to exercise the framework with all kinds of testing binary inputs.
-* The shortcut API for ASN1 encoding, decoding and dumping in Asn1.java
-
-### Notes
-* 90% tests coverage for DER encoding
-* For BER & CER encoding, to be fully supported
-* No extra dependency
-
-### License
-Apache V2 License
-
-
-
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/e90619e0/kerby-kerb/kerb-admin/README.md
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/README.md b/kerby-kerb/kerb-admin/README.md
deleted file mode 100644
index e8533b9..0000000
--- a/kerby-kerb/kerb-admin/README.md
+++ /dev/null
@@ -1,81 +0,0 @@
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-
-kerb-admin
-============
-## Local mode
-### Initiate a LocalKadminImpl
-* Initiate a LocalKadminImpl with prepared KdcConfig and BackendConfig.
-<pre>
-LocalKadmin kadmin = new LocalKadminImpl(kdcConfig, backendConfig);
-</pre>
-* Initiate a LocalKadmin with confDir.
-<pre>
-LocalKadmin kadmin = new LocalKadminImpl(confDir);
-</pre>
-* Initiate a LocalKadmin with kdcSetting and backend.
-<pre>
-LocalKadmin kadmin = new LocalKadminImpl(kdcSetting, backend);
-</pre>
-
-### Principal operating
-* Add principle with principal name.
-<pre>
-addPrincipal(principal);
-</pre>
-* Add principle with principal name and password.
-<pre>
-addPrincipal(principal, password);
-</pre>
-* Add principle with principal name and kOptions.
-<pre>
-addPrincipal(principal, kOptions);
-</pre>
-* Add principle with principal name, password and kOptions.
-<pre>
-addPrincipal(principal, password kOptions);
-</pre>
-* Delete principle with principal name.
-<pre>
-deletePrincipal(principal);
-</pre>
-* Modify principle with principal name and kOptions.
-<pre>
-modifyPrincipal(principal, kOptions);
-</pre>
-* Rename principle.
-<pre>
-renamePrincipal(oldPrincipalName, newPrincipalName);
-</pre>
-* Get principle with principal name.
-<pre>
-getPrincipal(principalName);
-</pre>
-* Get all the principles.
-<pre>
-getPrincipals();
-</pre>
-* Update password with principal name and new password.
-<pre>
-updatePassword(principal, newPassword);
-</pre>
-* Export all identity keys to the specified keytab file.
-<pre>
-exportKeyTab(keyTabFile);
-</pre>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/e90619e0/kerby-kerb/kerb-client/README.md
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/README.md b/kerby-kerb/kerb-client/README.md
deleted file mode 100644
index ab5a48c..0000000
--- a/kerby-kerb/kerb-client/README.md
+++ /dev/null
@@ -1,106 +0,0 @@
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-
-kerb-client
-============
-
-## 1. KrbClient
-### Initiate a KrbClient
-* Initiate a KrbClient with prepared KrbConfig.
-<pre>
-KrbClient krbClient = new KrbClient(krbConfig);
-</pre>
-* Initiate a KrbClient with conf dir.
-<pre>
-KrbClient krbClient = new KrbClient(confDir);
-</pre>
-
-### Request a TGT
-* Request a TGT with using well prepared requestOptions.
-<pre>
-requestTgt(requestOptions);
-</pre>
-* Request a TGT with user plain password credential
-<pre>
-requestTgt(principal, password);
-</pre>
-* Request a TGT with user plain keytab credential
-<pre>
-requestTgt(principal, keytabFile);
-</pre>
-
-### Request a service ticket
-* Request a service ticket with a TGT targeting for a server
-<pre>
-requestSgt(tgt, serverPrincipal);
-</pre>
-* Request a service ticket provided request options
-<pre>
-requestSgt(requestOptions);
-</pre>
-
-## 2. KrbTokenClient
-### Initiate a KrbTokenClient
-* Initiate a KrbTokenClient with prepared KrbConfig.
-<pre>
-KrbTokenClient krbTokenClient = new KrbTokenClient(krbConfig);
-</pre>
-* Initiate a KrbTokenClient with conf dir.
-<pre>
-KrbTokenClient krbTokenClient = new KrbTokenClient(confDir);
-</pre>
-* Initiate a KrbTokenClient with prepared KrbClient.
-<pre>
-KrbTokenClient krbTokenClient = new KrbTokenClient(krbClient);
-</pre>
-
-### Request a TGT
-* Request a TGT with user token credential
-<pre>
-requestTgtWithToken(token, armorCache);
-</pre>
-
-### Request a service ticket
-</pre>
-* Request a service ticket with user AccessToken credential for a server
-<pre>
-requestSgt(accessToken, serverPrincipal, armorCache);
-</pre>
-
-## 3. KrbPkinitClient
-### Initiate a KrbPkinitClient
-* Initiate a KrbPkinitClient with prepared KrbConfig.
-<pre>
-KrbPkinitClient krbPkinitClient = new KrbPkinitClient(krbConfig);
-</pre>
-* Initiate a KrbPkinitClient with conf dir.
-<pre>
-KrbPkinitClient krbPkinitClient = new KrbPkinitClient(confDir);
-</pre>
-* Initiate a KrbPkinitClient with prepared KrbClient.
-<pre>
-KrbPkinitClient krbPkinitClient = new KrbPkinitClient(krbClient);
-</pre>
-
-### Request a TGT
-* Request a TGT with using Anonymous PKINIT
-<pre>
-requestTgt();
-</pre>
-
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/e90619e0/kerby-kerb/kerb-server/README.md
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/README.md b/kerby-kerb/kerb-server/README.md
deleted file mode 100644
index 76f2310..0000000
--- a/kerby-kerb/kerb-server/README.md
+++ /dev/null
@@ -1,71 +0,0 @@
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-
-kerb-server
-============
-
-### Initiate kdc server
-* Initiate a kdc server with prepared confDir.
-<pre>
-KdcServer server = new KdcServer(confDir);
-</pre>
-
-### Start and set kdc server
-* Start kdc server.
-<pre>
-start();
-</pre>
-* Set KDC realm for ticket request
-<pre>
-setKdcRealm(realm);
-</pre>
-* Set KDC host.
-<pre>
-setKdcHost(kdcHost);
-</pre>
-* Set KDC tcp port.
-<pre>
-setKdcTcpPort(kdcTcpPort);
-</pre>
-* Set KDC udp port. Only makes sense when allowUdp is set.
-<pre>
-setKdcUdpPort(kdcUdpPort);
-</pre>
-* Set to allow TCP or not.
-<pre>
-setAllowTcp(allowTcp);
-</pre>
-* Set to allow UDP or not.
-<pre>
-setAllowUdp(allowUdp);
-</pre>
-* Allow to debug so have more logs.
-<pre>
-enableDebug();
-</pre>
-* Allow to hook customized kdc implementation.
-<pre>
-setInnerKdcImpl(innerKdcImpl);
-</pre>
-
-### Stop kdc server
-* Start kdc server.
-<pre>
-stop();
-</pre>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/e90619e0/kerby-kerb/kerb-simplekdc/README.md
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-simplekdc/README.md b/kerby-kerb/kerb-simplekdc/README.md
deleted file mode 100644
index 85e79ca..0000000
--- a/kerby-kerb/kerb-simplekdc/README.md
+++ /dev/null
@@ -1,85 +0,0 @@
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-
-kerb-simplekdc
-============
-
-### Kdc server
-</pre>
-* Start simple kdc server.
-<pre>
-start();
-</pre>
-* Set KDC realm for ticket request
-<pre>
-setKdcRealm(realm);
-</pre>
-* Set KDC host.
-<pre>
-setKdcHost(kdcHost);
-</pre>
-* Set KDC tcp port.
-<pre>
-setKdcTcpPort(kdcTcpPort);
-</pre>
-* Set KDC udp port. Only makes sense when allowUdp is set.
-<pre>
-setKdcUdpPort(kdcUdpPort);
-</pre>
-* Set to allow TCP or not.
-<pre>
-setAllowTcp(allowTcp);
-</pre>
-* Set to allow UDP or not.
-<pre>
-setAllowUdp(allowUdp);
-
-### Kadmin
-</pre>
-* Create principle with principal name.
-<pre>
-createPrincipal(principal);
-</pre>
-* Add principle with principal name and password.
-<pre>
-createPrincipal(principal, password);
-</pre>
-* Create principles with principal names.
-<pre>
-createPrincipals(principals);
-</pre>
-* Creates principals and export their keys to the specified keytab file.
-<pre>
-createAndExportPrincipals(keytabFile principals);
-</pre>
-* Delete principle with principal name.
-<pre>
-deletePrincipal(principal);
-</pre>
-</pre>
-* Delete principles with principal names.
-<pre>
-deletePrincipals(principals);
-</pre>
-</pre>
-* Export principles to keytab file.
-<pre>
-exportPrincipals(keytabFile);
-</pre>
-