You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Enrique Rodriguez (JIRA)" <ji...@apache.org> on 2007/04/09 08:19:32 UTC
[jira] Created: (DIRSERVER-897) Support automatic centralized key
generation for Kerberos principals
Support automatic centralized key generation for Kerberos principals
--------------------------------------------------------------------
Key: DIRSERVER-897
URL: https://issues.apache.org/jira/browse/DIRSERVER-897
Project: Directory ApacheDS
Issue Type: Improvement
Components: changepw, core, kerberos, ldap
Reporter: Enrique Rodriguez
Assigned To: Enrique Rodriguez
Fix For: 1.5.1
We need to make it easier to get keys into the directory. Today we can get keys in with console LDIF load or OSGi console command. We can also change keys with Change Password. However, each mechanism has its own code for changing key material. Also, changes made by LDAP protocol don't result in keys being generated. We should centralize key derivation and random key generation using an interceptor or triggers. This would allow standard LDAP and JNDI-based admin of user principals.
Centralizing the code to derive or generate keys will also make it much easier to expand the encryption types we support.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (DIRSERVER-897) Support automatic centralized key
generation for Kerberos principals
Posted by "Enrique Rodriguez (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRSERVER-897?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Enrique Rodriguez closed DIRSERVER-897.
---------------------------------------
Resolution: Fixed
With r552114 key derivation is working well. Keys will automatically be derived for principals by LDAP, LDIF, or Change Password. Usage of the KeyDerivationService interceptor is described, in context, in a number of lessons in the ApacheDS 1.5 Advanced User's Guide (AUG) and the Interop site:
http://directory.apache.org/apacheds/1.5/howto-do-sasl-gssapi-authentication-to-apacheds.html
http://cwiki.apache.org/DIRxINTEROP/
URL: http://svn.apache.org/viewvc?view=rev&revision=552114
> Support automatic centralized key generation for Kerberos principals
> --------------------------------------------------------------------
>
> Key: DIRSERVER-897
> URL: https://issues.apache.org/jira/browse/DIRSERVER-897
> Project: Directory ApacheDS
> Issue Type: Improvement
> Components: changepw, core, kerberos, ldap
> Reporter: Enrique Rodriguez
> Assignee: Enrique Rodriguez
> Fix For: 1.5.1
>
>
> We need to make it easier to get keys into the directory. Today we can get keys in with console LDIF load or OSGi console command. We can also change keys with Change Password. However, each mechanism has its own code for changing key material. Also, changes made by LDAP protocol don't result in keys being generated. We should centralize key derivation and random key generation using an interceptor or triggers. This would allow standard LDAP and JNDI-based admin of user principals.
> Centralizing the code to derive or generate keys will also make it much easier to expand the encryption types we support.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.