You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by "Stefan Seelmann (JIRA)" <ji...@apache.org> on 2017/05/07 09:36:04 UTC

[jira] [Commented] (DIRKRB-132) Update the Kerberos part in Directory Studio in favor of Kerby

    [ https://issues.apache.org/jira/browse/DIRKRB-132?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15999750#comment-15999750 ] 

Stefan Seelmann commented on DIRKRB-132:
----------------------------------------

In Studio there are tow usages of Kerberos:

1. Use of GSSAPI to authenticate to an LDAP server. There is an UI to ask the user for Kerberos specific parameters (use native TGT or obtain a new TGT, use of /etc/krb5.conf or manually define KDC parameters) which used to configure the connection provider. Currently there are still two providers, JNDI and Apache LDAP API. The JNDI one will be removed anyway at some point. The LDAP API provider uses the SaslGssApiRequest class of the LDAP API client, which in the end uses "javax.security.auth" and Krb5LoginModule from JDK. Most nasty problem that user have is that on Windows Java cannot use the native TGT, can Kerby help with that?

2. Configuration UI of the Kerberos server part in ApacheDS.

So all in all the Studio doesn't have much Kerberos specific parts, it just used the parts from LDAP API and ApacheDS.



> Update the Kerberos part in Directory Studio in favor of Kerby
> --------------------------------------------------------------
>
>                 Key: DIRKRB-132
>                 URL: https://issues.apache.org/jira/browse/DIRKRB-132
>             Project: Directory Kerberos
>          Issue Type: Sub-task
>            Reporter: Kai Zheng
>             Fix For: 2.0.0-RC1
>
>
> As discussed in the mailing list, we would decouple Kerberos logics from the Directory related projects and codes, to better maintain the dependencies and avoid the complexities. The Directory Studio should be also taken care of, but I'm not sure we would totally remove the embedded KDC server from the tool itself since that involves compatibility concern. Please give your feedback here, thanks.
> Updated and re-purposed, according to [~akiran]'s email:
> {quote}
> that feature will remain there, later will be swapped with Kerby's core when it is ready, but the
> Kerberos feature of ApacheDS stays.
> In the end we have two:
> 1. Embedded Kerby in ApacheDS
> 2. Standalone Kerby
> {quote}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)