You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by Enrique Rodriguez <en...@gmail.com> on 2007/05/11 00:31:54 UTC
Preferred command-line client library
Hi, Directory developers,
I started working towards "supporting Kerberos key provisioning
(export)" (DIRSERVER-898). I got it working in unit tests. By adding
a service principal to the DIT by LDAP, with 'userPassword' set to
"randomKey," the KeyDerivationService creates 5 Kerberos keys for the
principal. These random keys then need to be read from the DIT and
written to a file, so they can be used with Kerberized services. For
example, if you want to use SSHD or OpenLDAP server using Kerberos
credentials you need to put these keys on the service host, similar to
how you configure an SSL cert for Apache HTTPD.
The unit tests write to a file that looks like this when read using
'klist' (I truncated the output for emailing):
$ klist -5ket /path/to/test.keytab
Keytab name: FILE:/path/to/test.keytab
KVNO Timestamp Principal
---- ----------------- --------------------------------------------------------
0 05/09/07 19:14:10 ldap/ldap.example.com@EXAMPLE.COM (AES-128 CTS mode ...
0 05/09/07 19:14:10 ldap/ldap.example.com@EXAMPLE.COM (ArcFour with
HMAC/md5)
0 05/09/07 19:14:10 ldap/ldap.example.com@EXAMPLE.COM (Triple DES
cbc mode ...
0 05/09/07 19:14:10 ldap/ldap.example.com@EXAMPLE.COM (AES-256 CTS mode ...
0 05/09/07 19:14:10 ldap/ldap.example.com@EXAMPLE.COM (DES cbc mode with ...
Anyway, I want to make this into a command-line client, so I was
wondering can you recommend a CLI library? I'm anticipating some
command line arguments. Or is it better to just roll my own quick CLI
helper?
Enrique
Re: Preferred command-line client library
Posted by Enrique Rodriguez <en...@gmail.com>.
On 5/15/07, Alex Karasulu <ak...@apache.org> wrote:
> Yeah commons-cli works pretty well. Could you start a confluence
> page on the work you're doing here with keyprov? This way we can
> refer users to it. I think we can use the dev space for this.
>
> Alex
Yes, I will start a page. DEV space has "coding standards" and "unit
test" doco. SBOX seems like a better fit, until the feature in
question matures to the point where it moves to specific verision
doco. The Realm Control Initiatives page [1] has a section on
keyprov. I'll start a page on any client work as something separate.
Enrique
[1] http://cwiki.apache.org/confluence/display/DIRxSBOX/Realm+Control+Initiatives
Re: Preferred command-line client library
Posted by Alex Karasulu <ak...@apache.org>.
Yeah commons-cli works pretty well. Could you start a confluence
page on the work you're doing here with keyprov? This way we can
refer users to it. I think we can use the dev space for this.
Alex
On 5/13/07, Enrique Rodriguez <en...@gmail.com> wrote:
>
> On 5/10/07, Enrique Rodriguez <en...@gmail.com> wrote:
> > ...
> > Anyway, I want to make this into a command-line client, so I was
> > wondering can you recommend a CLI library? I'm anticipating some
> > command line arguments. Or is it better to just roll my own quick CLI
> > helper?
>
> I found that modules of the Directory project are already using
> Commons-CLI and that it is recommended elsewhere, so I will begin
> command-line client work with Commons-CLI.
>
> Enrique
>
Re: Preferred command-line client library
Posted by Emmanuel Lecharny <el...@apache.org>.
Enrique Rodriguez a écrit :
> On 5/10/07, Enrique Rodriguez <en...@gmail.com> wrote:
>
>> ...
>> Anyway, I want to make this into a command-line client, so I was
>> wondering can you recommend a CLI library? I'm anticipating some
>> command line arguments. Or is it better to just roll my own quick CLI
>> helper?
>
>
> I found that modules of the Directory project are already using
> Commons-CLI and that it is recommended elsewhere, so I will begin
> command-line client work with Commons-CLI.
>
> Enrique
>
Enrique, FYI, the sandboxed clients already used commons-cli (I did the
move to commons-cli 2 years ago, and it was my first baby steps in the
project :)
Commons-cli is really a good piece of work. I found it easy to use.
You have my personnal +1 for it !
Emmanuel
Re: Preferred command-line client library
Posted by Enrique Rodriguez <en...@gmail.com>.
On 5/10/07, Enrique Rodriguez <en...@gmail.com> wrote:
> ...
> Anyway, I want to make this into a command-line client, so I was
> wondering can you recommend a CLI library? I'm anticipating some
> command line arguments. Or is it better to just roll my own quick CLI
> helper?
I found that modules of the Directory project are already using
Commons-CLI and that it is recommended elsewhere, so I will begin
command-line client work with Commons-CLI.
Enrique