You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by "Enrique Rodriguez (JIRA)" <ji...@apache.org> on 2007/04/09 08:19:32 UTC

[jira] Created: (DIRSERVER-897) Support automatic centralized key generation for Kerberos principals

Support automatic centralized key generation for Kerberos principals
--------------------------------------------------------------------

                 Key: DIRSERVER-897
                 URL: https://issues.apache.org/jira/browse/DIRSERVER-897
             Project: Directory ApacheDS
          Issue Type: Improvement
          Components: changepw, core, kerberos, ldap
            Reporter: Enrique Rodriguez
         Assigned To: Enrique Rodriguez
             Fix For: 1.5.1


We need to make it easier to get keys into the directory. Today we can get keys in with console LDIF load or OSGi console command.  We can also change keys with Change Password.  However, each mechanism has its own code for changing key material.  Also, changes made by LDAP protocol don't result in keys being generated.  We should centralize key derivation and random key generation using an interceptor or triggers.  This would allow standard LDAP and JNDI-based admin of user principals.

Centralizing the code to derive or generate keys will also make it much easier to expand the encryption types we support.


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Closed: (DIRSERVER-897) Support automatic centralized key generation for Kerberos principals

Posted by "Enrique Rodriguez (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/DIRSERVER-897?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Enrique Rodriguez closed DIRSERVER-897.
---------------------------------------

    Resolution: Fixed

With r552114 key derivation is working well.  Keys will automatically be derived for principals by LDAP, LDIF, or Change Password.  Usage of the KeyDerivationService interceptor is described, in context, in a number of lessons in the ApacheDS 1.5 Advanced User's Guide (AUG) and the Interop site:

http://directory.apache.org/apacheds/1.5/howto-do-sasl-gssapi-authentication-to-apacheds.html
http://cwiki.apache.org/DIRxINTEROP/

URL:  http://svn.apache.org/viewvc?view=rev&revision=552114


> Support automatic centralized key generation for Kerberos principals
> --------------------------------------------------------------------
>
>                 Key: DIRSERVER-897
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-897
>             Project: Directory ApacheDS
>          Issue Type: Improvement
>          Components: changepw, core, kerberos, ldap
>            Reporter: Enrique Rodriguez
>            Assignee: Enrique Rodriguez
>             Fix For: 1.5.1
>
>
> We need to make it easier to get keys into the directory. Today we can get keys in with console LDIF load or OSGi console command.  We can also change keys with Change Password.  However, each mechanism has its own code for changing key material.  Also, changes made by LDAP protocol don't result in keys being generated.  We should centralize key derivation and random key generation using an interceptor or triggers.  This would allow standard LDAP and JNDI-based admin of user principals.
> Centralizing the code to derive or generate keys will also make it much easier to expand the encryption types we support.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.