You are viewing a plain text version of this content. The canonical link for it is here.
Posted to kerby@directory.apache.org by Kiran Ayyagari <ka...@apache.org> on 2015/07/03 05:33:23 UTC
state of KDC
Can anyone summarize what our KDC can and cannot do?
I want to know what features are currently supported and what not and
what are in progress.
thank you
--
Kiran Ayyagari
http://keydap.com
RE: state of KDC
Posted by "Li, Jiajia" <ji...@intel.com>.
Thanks Kiran for raising this question, I'm writing the summary and will have the report later.
Thanks
Jiajia
-----Original Message-----
From: Kiran Ayyagari [mailto:kayyagari@apache.org]
Sent: Friday, July 03, 2015 11:33 AM
To: kerby@directory.apache.org
Subject: state of KDC
Can anyone summarize what our KDC can and cannot do?
I want to know what features are currently supported and what not and what are in progress.
thank you
--
Kiran Ayyagari
http://keydap.com
Re: state of KDC
Posted by Kiran Ayyagari <ka...@apache.org>.
On Fri, Jul 3, 2015 at 3:42 PM, Li, Jiajia <ji...@intel.com> wrote:
> Kerby Status Summary
>
> Supported(done and almost done):
> 1. Kerberos library:
> KrbClient API
> KDC server API
> Kadmin API
> Credential cache and keytab utilities
> 2. Provides a standalone KDC server .
> 3. Supports various identity backends including:
> a) MemoryIdentityBackend
> b) JsonIdentityBackend
> c) LdapIdentityBackend
> d) ZookeeperIdentityBackend
> e) MavibotBackend.
> 4. Provides an embedded KDC server named SimpleKdcServer that
> applications can easily integrate into products, unit tests or integration
> tests.
> 5. Supports FAST/Preauthentication framework to allow popular and
> useful authentication mechanisms.
> 6. Supports Token Preauth mechanism to allow clients to request
> tickets using JWT tokens.
> 7. Client can request a TGT with:
> a) User plain password credential
> b) User keyTab
> c) User token credential
> 8. Client can request a service ticket with:
> a) user TGT credential for a server
> b) user AccessToken credential for a server
> 9. Network support including UDP and TCP transport with two
> implementations:
> a) Default implementation based on the JRE without depending on other
> libraries.
> b) Netty based implementation for better throughput, lower latency.
> 10. Tools:
> a) kadmin: Command-line interfaces to the Kerby administration system.
> b) kinit: Obtains and caches an initial ticket-granting ticket for
> principal.
> c) klist: Lists the Kerby principal and tickets held in a credentials
> cache, or the keys held in a keytab file.
> 11. Provides support for JAAS, GSSAPI and SASL frameworks that
> applications can leverage the authentication mechanisms provided by Kerby.
>
> In progress:
> 1. Supports PKINIT mechanism to allow clients to request tickets
> using x509 certificate credentials. (50% is finished)
> 2. Server scripts for Kerby KDC.
> 3. Building support: checking style and find bugs.
> 4. Integration and compatible tests.
> 5. Building the web site.
>
> Plan to do:
> 1. Supports OTP mechanism to allow clients to request tickets using
> One Time Password.
> 2. Consolidate the existing Change Password protocol implementation.
> 3. REST representation for Kadmin interface.
> 4. Implement remote mode kadmin tool based on Kadmin REST API
> 5. Web management console to simplify the configuration and management
> 6. Write the admin guide and user guide.
> 7. Implementing cross-realm support.
>
>
thank you
> Please look at here https://github.com/apache/directory-kerby for details.
>
>
> Thanks
> Jiajia
>
> -----Original Message-----
> From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> Sent: Friday, July 03, 2015 11:33 AM
> To: kerby@directory.apache.org
> Subject: state of KDC
>
> Can anyone summarize what our KDC can and cannot do?
>
> I want to know what features are currently supported and what not and what
> are in progress.
>
> thank you
>
> --
> Kiran Ayyagari
> http://keydap.com
>
>
--
Kiran Ayyagari
http://keydap.com
RE: state of KDC
Posted by "Zheng, Kai" <ka...@intel.com>.
>> how far are we from a release
Well, it depends. If we would not expect all to do items to be done in the first release, and just figure out what's the essential items to be done, then it's not far I guess. In my mind:
1. The left backend issues we're on-going;
2. Upcoming more end to end tests;
3. Javadocs for public APIs;
4. User doc and admin doc;
5. Web site;
6. Good manual tests for Kerby KDC and fixup;
7. More interop tests with AD and MIT Kerberos.
8. Maybe some found issues by checking styles and find bugs.
Any missing ones? Thanks.
Regards,
Kai
-----Original Message-----
From: Emmanuel Lécharny [mailto:elecharny@gmail.com]
Sent: Friday, July 03, 2015 3:55 PM
To: kerby@directory.apache.org
Subject: Re: state of KDC
Thanks a lot !
what is needed, too, is a "state of the union" report for Kerby :
- who is active
- who is a potential committer
- how far are we from a release
Kiran has to fill a report for the project at the beginning of next week (quaterly report sent to the Apache Board) and this information are very useful.
Le 03/07/15 09:42, Li, Jiajia a écrit :
> Kerby Status Summary
>
> Supported(done and almost done):
> 1. Kerberos library:
> KrbClient API
> KDC server API
> Kadmin API
> Credential cache and keytab utilities
> 2. Provides a standalone KDC server .
> 3. Supports various identity backends including:
> a) MemoryIdentityBackend
> b) JsonIdentityBackend
> c) LdapIdentityBackend
> d) ZookeeperIdentityBackend
> e) MavibotBackend.
> 4. Provides an embedded KDC server named SimpleKdcServer that applications can easily integrate into products, unit tests or integration tests.
> 5. Supports FAST/Preauthentication framework to allow popular and useful authentication mechanisms.
> 6. Supports Token Preauth mechanism to allow clients to request tickets using JWT tokens.
> 7. Client can request a TGT with:
> a) User plain password credential
> b) User keyTab
> c) User token credential
> 8. Client can request a service ticket with:
> a) user TGT credential for a server
> b) user AccessToken credential for a server
> 9. Network support including UDP and TCP transport with two implementations:
> a) Default implementation based on the JRE without depending on other libraries.
> b) Netty based implementation for better throughput, lower latency.
> 10. Tools:
> a) kadmin: Command-line interfaces to the Kerby administration system.
> b) kinit: Obtains and caches an initial ticket-granting ticket for principal.
> c) klist: Lists the Kerby principal and tickets held in a credentials cache, or the keys held in a keytab file.
> 11. Provides support for JAAS, GSSAPI and SASL frameworks that applications can leverage the authentication mechanisms provided by Kerby.
>
> In progress:
> 1. Supports PKINIT mechanism to allow clients to request tickets using x509 certificate credentials. (50% is finished)
> 2. Server scripts for Kerby KDC.
> 3. Building support: checking style and find bugs.
> 4. Integration and compatible tests.
> 5. Building the web site.
>
> Plan to do:
> 1. Supports OTP mechanism to allow clients to request tickets using One Time Password.
> 2. Consolidate the existing Change Password protocol implementation.
> 3. REST representation for Kadmin interface.
> 4. Implement remote mode kadmin tool based on Kadmin REST API
> 5. Web management console to simplify the configuration and management
> 6. Write the admin guide and user guide.
> 7. Implementing cross-realm support.
>
> Please look at here https://github.com/apache/directory-kerby for details.
>
>
> Thanks
> Jiajia
>
> -----Original Message-----
> From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> Sent: Friday, July 03, 2015 11:33 AM
> To: kerby@directory.apache.org
> Subject: state of KDC
>
> Can anyone summarize what our KDC can and cannot do?
>
> I want to know what features are currently supported and what not and what are in progress.
>
> thank you
>
> --
> Kiran Ayyagari
> http://keydap.com
>
Re: state of KDC
Posted by Emmanuel Lécharny <el...@gmail.com>.
Thanks a lot !
what is needed, too, is a "state of the union" report for Kerby :
- who is active
- who is a potential committer
- how far are we from a release
Kiran has to fill a report for the project at the beginning of next week
(quaterly report sent to the Apache Board) and this information are very
useful.
Le 03/07/15 09:42, Li, Jiajia a écrit :
> Kerby Status Summary
>
> Supported(done and almost done):
> 1. Kerberos library:
> KrbClient API
> KDC server API
> Kadmin API
> Credential cache and keytab utilities
> 2. Provides a standalone KDC server .
> 3. Supports various identity backends including:
> a) MemoryIdentityBackend
> b) JsonIdentityBackend
> c) LdapIdentityBackend
> d) ZookeeperIdentityBackend
> e) MavibotBackend.
> 4. Provides an embedded KDC server named SimpleKdcServer that applications can easily integrate into products, unit tests or integration tests.
> 5. Supports FAST/Preauthentication framework to allow popular and useful authentication mechanisms.
> 6. Supports Token Preauth mechanism to allow clients to request tickets using JWT tokens.
> 7. Client can request a TGT with:
> a) User plain password credential
> b) User keyTab
> c) User token credential
> 8. Client can request a service ticket with:
> a) user TGT credential for a server
> b) user AccessToken credential for a server
> 9. Network support including UDP and TCP transport with two implementations:
> a) Default implementation based on the JRE without depending on other libraries.
> b) Netty based implementation for better throughput, lower latency.
> 10. Tools:
> a) kadmin: Command-line interfaces to the Kerby administration system.
> b) kinit: Obtains and caches an initial ticket-granting ticket for principal.
> c) klist: Lists the Kerby principal and tickets held in a credentials cache, or the keys held in a keytab file.
> 11. Provides support for JAAS, GSSAPI and SASL frameworks that applications can leverage the authentication mechanisms provided by Kerby.
>
> In progress:
> 1. Supports PKINIT mechanism to allow clients to request tickets using x509 certificate credentials. (50% is finished)
> 2. Server scripts for Kerby KDC.
> 3. Building support: checking style and find bugs.
> 4. Integration and compatible tests.
> 5. Building the web site.
>
> Plan to do:
> 1. Supports OTP mechanism to allow clients to request tickets using One Time Password.
> 2. Consolidate the existing Change Password protocol implementation.
> 3. REST representation for Kadmin interface.
> 4. Implement remote mode kadmin tool based on Kadmin REST API
> 5. Web management console to simplify the configuration and management
> 6. Write the admin guide and user guide.
> 7. Implementing cross-realm support.
>
> Please look at here https://github.com/apache/directory-kerby for details.
>
>
> Thanks
> Jiajia
>
> -----Original Message-----
> From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> Sent: Friday, July 03, 2015 11:33 AM
> To: kerby@directory.apache.org
> Subject: state of KDC
>
> Can anyone summarize what our KDC can and cannot do?
>
> I want to know what features are currently supported and what not and what are in progress.
>
> thank you
>
> --
> Kiran Ayyagari
> http://keydap.com
>
RE: state of KDC
Posted by "Zheng, Kai" <ka...@intel.com>.
Thanks Emmanuel for the thoughts.
>> I tend to think that the balance between JIRA/MailingList is not easy to make.
The problem is we seldom discuss specific questions deeply in JIRAs, thus we leave nothing context specifics for new contributors in future.
>>But I do think that ythe Mailing List get more attention than JIRAs.
As said above, this is because we don’t favor JIRAs, we are used to the ML. I'm not sure it's all the good practice.
Below just an example FYI. All the deep discussions can be tracked down here, from architecture, design to implementation. When some new guy wants to learn about the effort, we just point him/her there.
https://issues.apache.org/jira/browse/HDFS-7285
Regards,
Kai
-----Original Message-----
From: Emmanuel Lécharny [mailto:elecharny@gmail.com]
Sent: Friday, July 03, 2015 4:57 PM
To: kerby@directory.apache.org
Subject: Re: state of KDC
Le 03/07/15 10:34, Kiran Ayyagari a écrit :
> On Fri, Jul 3, 2015 at 4:24 PM, Zheng, Kai <ka...@intel.com> wrote:
>
>> Thanks Jiajia for sorting this out! It's helpful to learn about the
>> new project. Maybe we should have such status update or lighter ones regularly?
>>
>>
> it is a good practice to let the team know before if you are planning
> to add any new features or any _significant_ changes to the code base.
I agree. Now, there are two aspects here :
- about the reports : as a new project, and in order to keep the community informed about what is going on, yes, it's a good idea to post a quick report (once a month ?)
- about the significant changes : I would strongly suggest they are discussed on the mailing list beforehand. JIRA is not the best place for that, because there are a lot fo them and it's hard to know which are related to minor issues and which are related to major refactoring or feature edition.
I tend to think that the balance between JIRA/MailingList is not easy to make. But I do think that ythe Mailing List get more attention than JIRAs. One good exemple is the getIdentities() discussion, or the Cache discussion we have had lately. Those are the kind of threads that is very valuable for all of us.
<about how The ASF works>
More than that, the ASF is all about consensus building : that mean discussion, and if a consensus is made, then we go on. If no consensus appears, then we have two options (well, 3 but the third one is not something you want to experiment ;-) :
o we vote, and depending on the result, we act. Kind of democratic, but it can lead to wrong decisions... Vote is more a way to assess a consensus.
o we dismiss the proposal, and start thinking about alternatives. There is no one single way to do things.
That are the two best ways to get things done withing hurting feelings.
Let's speak a bit about the third possibility :
o ego is hurt, people get angry, some call others names. At some point, the PMC has to take a position, and it may escalate to the Board, commit access is suspended or revoked, war ensue, atomic bombs are sent, the planet explode, the sun becomes a super nova, milky way collapse into a giant black hole, we vasnish into a singularity... It could even get worse ;-)
More seriously, we are grown up adult (well, most of the time ;-), so we
*dont't* want to switch in Solution 3 mode.
That's the way we work !
</about how The ASF works>
Ok, it was just a funny way to explain that discussin is always good !
Re: state of KDC
Posted by Emmanuel Lécharny <el...@gmail.com>.
Le 03/07/15 10:34, Kiran Ayyagari a écrit :
> On Fri, Jul 3, 2015 at 4:24 PM, Zheng, Kai <ka...@intel.com> wrote:
>
>> Thanks Jiajia for sorting this out! It's helpful to learn about the new
>> project. Maybe we should have such status update or lighter ones regularly?
>>
>>
> it is a good practice to let the team know before if you are planning to
> add any new features or any
> _significant_ changes to the code base.
I agree. Now, there are two aspects here :
- about the reports : as a new project, and in order to keep the
community informed about what is going on, yes, it's a good idea to post
a quick report (once a month ?)
- about the significant changes : I would strongly suggest they are
discussed on the mailing list beforehand. JIRA is not the best place for
that, because there are a lot fo them and it's hard to know which are
related to minor issues and which are related to major refactoring or
feature edition.
I tend to think that the balance between JIRA/MailingList is not easy to
make. But I do think that ythe Mailing List get more attention than
JIRAs. One good exemple is the getIdentities() discussion, or the Cache
discussion we have had lately. Those are the kind of threads that is
very valuable for all of us.
<about how The ASF works>
More than that, the ASF is all about consensus building : that mean
discussion, and if a consensus is made, then we go on. If no consensus
appears, then we have two options (well, 3 but the third one is not
something you want to experiment ;-) :
o we vote, and depending on the result, we act. Kind of democratic, but
it can lead to wrong decisions... Vote is more a way to assess a consensus.
o we dismiss the proposal, and start thinking about alternatives. There
is no one single way to do things.
That are the two best ways to get things done withing hurting feelings.
Let's speak a bit about the third possibility :
o ego is hurt, people get angry, some call others names. At some point,
the PMC has to take a position, and it may escalate to the Board, commit
access is suspended or revoked, war ensue, atomic bombs are sent, the
planet explode, the sun becomes a super nova, milky way collapse into a
giant black hole, we vasnish into a singularity... It could even get
worse ;-)
More seriously, we are grown up adult (well, most of the time ;-), so we
*dont't* want to switch in Solution 3 mode.
That's the way we work !
</about how The ASF works>
Ok, it was just a funny way to explain that discussin is always good !
RE: state of KDC
Posted by "Zheng, Kai" <ka...@intel.com>.
Thanks Kiran for the response.
>> you are all using JIRA well,
I'm afraid we're not, being far from good.
>>but it is only referred when one is working on a issue.
I thought big/important features should deserve a master JIRA, which should document well the requirement/goal, rough approach and design. So if anybody has concerns, just comment. It should be the same good as raised in the ML.
>> From now onwards sending a summary note before making any significant changes,
I'm OK with this and will do. Hope the developers all love to write, not only codes, but also docs and emails.
>>cause I believe the code base is already huge.
I would rather think it's a good base, at least we have codes to improve. It's a new Kerberos impl, and has so many things to catch up with. We're far from enough, still long way to go.
Regards,
Kai
-----Original Message-----
From: Kiran Ayyagari [mailto:kayyagari@apache.org]
Sent: Friday, July 03, 2015 5:09 PM
To: kerby@directory.apache.org
Subject: Re: state of KDC
On Fri, Jul 3, 2015 at 4:43 PM, Zheng, Kai <ka...@intel.com> wrote:
> Yeah, I agree.
>
> One thing to note is we're making use of JIRA not very well in my view.
> For most features we added, we have JIRA entries. The bad thing is
> they got very few inputs. I thought we should rely more on JIRA system
> to discuss so they could be tracked well for following contributors,
> as most ASF projects do.
>
you are all using JIRA well, but it is only referred when one is working on a issue.
From now onwards sending a summary note before making any significant changes, cause I believe the code base is already huge.
> Regards,
> Kai
>
> -----Original Message-----
> From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> Sent: Friday, July 03, 2015 4:34 PM
> To: kerby@directory.apache.org
> Subject: Re: state of KDC
>
> On Fri, Jul 3, 2015 at 4:24 PM, Zheng, Kai <ka...@intel.com> wrote:
>
> > Thanks Jiajia for sorting this out! It's helpful to learn about the
> > new project. Maybe we should have such status update or lighter ones
> regularly?
> >
> >
> it is a good practice to let the team know before if you are planning
> to add any new features or any _significant_ changes to the code base.
>
>
> Regards,
> > Kai
> >
> > -----Original Message-----
> > From: Li, Jiajia [mailto:jiajia.li@intel.com]
> > Sent: Friday, July 03, 2015 4:02 PM
> > To: kerby@directory.apache.org
> > Subject: RE: state of KDC
> >
> > Refine the format for easying reading.
> >
> > Kerby Status Summary
> >
> > Supported(done and almost done):
> > 1. Kerberos library:
> > a) KrbClient API
> > b) KDC server API
> > c) Kadmin API
> > d) Credential cache and keytab utilities
> >
> > 2. Provides a standalone KDC server .
> >
> > 3. Supports various identity backends including:
> > a) MemoryIdentityBackend
> > b) JsonIdentityBackend
> > c) LdapIdentityBackend
> > d) ZookeeperIdentityBackend
> > e) MavibotBackend.
> >
> > 4. Provides an embedded KDC server named SimpleKdcServer that
> > applications can easily integrate into products, unit tests or
> integration tests.
> >
> > 5. Supports FAST/Preauthentication framework to allow popular and
> > useful authentication mechanisms.
> >
> > 6. Supports Token Preauth mechanism to allow clients to request
> > tickets using JWT tokens.
> >
> > 7. Client can request a TGT with:
> > a) User plain password credential
> > b) User keyTab
> > c) User token credential
> >
> > 8. Client can request a service ticket with:
> > a) user TGT credential for a server
> > b) user AccessToken credential for a server
> >
> > 9. Network support including UDP and TCP transport with two
> > implementations:
> > a) Default implementation based on the JRE without depending on
> > other libraries.
> > b) Netty based implementation for better throughput, lower latency.
> >
> > 10. Tools:
> > a) kadmin: Command-line interfaces to the Kerby administration
> system.
> > b) kinit: Obtains and caches an initial ticket-granting ticket
> > for principal.
> > c) klist: Lists the Kerby principal and tickets held in a
> > credentials cache, or the keys held in a keytab file.
> >
> > 11. Provides support for JAAS, GSSAPI and SASL frameworks that
> > applications can leverage the authentication mechanisms provided by
> Kerby.
> >
> > In progress:
> > 1. Supports PKINIT mechanism to allow clients to request tickets
> > using
> > x509 certificate credentials. (50% is finished)
> >
> > 2. Server scripts for Kerby KDC.
> >
> > 3. Building support: checking style and find bugs.
> >
> > 4. Integration and compatible tests.
> >
> > 5. Building the web site.
> >
> > Plan to do:
> > 1. Supports OTP mechanism to allow clients to request tickets using
> > One Time Password.
> >
> > 2. Consolidate the existing Change Password protocol implementation.
> >
> > 3. REST representation for Kadmin interface.
> >
> > 4. Implement remote mode kadmin tool based on Kadmin REST API
> >
> > 5. Web management console to simplify the configuration and
> > management
> >
> > 6. Write the admin guide and user guide.
> >
> > 7. Implementing cross-realm support.
> >
> > Please look at here https://github.com/apache/directory-kerby for
> details.
> >
> > Thanks
> > Jiajia
> >
> > -----Original Message-----
> > From: Li, Jiajia [mailto:jiajia.li@intel.com]
> > Sent: Friday, July 03, 2015 3:43 PM
> > To: kerby@directory.apache.org
> > Subject: RE: state of KDC
> >
> > Kerby Status Summary
> >
> > Supported(done and almost done):
> > 1. Kerberos library:
> > KrbClient API
> > KDC server API
> > Kadmin API
> > Credential cache and keytab utilities
> > 2. Provides a standalone KDC server .
> > 3. Supports various identity backends including:
> > a) MemoryIdentityBackend
> > b) JsonIdentityBackend
> > c) LdapIdentityBackend
> > d) ZookeeperIdentityBackend
> > e) MavibotBackend.
> > 4. Provides an embedded KDC server named SimpleKdcServer that
> > applications can easily integrate into products, unit tests or
> > integration tests.
> > 5. Supports FAST/Preauthentication framework to allow popular and
> > useful authentication mechanisms.
> > 6. Supports Token Preauth mechanism to allow clients to request
> > tickets using JWT tokens.
> > 7. Client can request a TGT with:
> > a) User plain password credential
> > b) User keyTab
> > c) User token credential
> > 8. Client can request a service ticket with:
> > a) user TGT credential for a server
> > b) user AccessToken credential for a server
> > 9. Network support including UDP and TCP transport with two
> > implementations:
> > a) Default implementation based on the JRE without depending on
> other
> > libraries.
> > b) Netty based implementation for better throughput, lower latency.
> > 10. Tools:
> > a) kadmin: Command-line interfaces to the Kerby administration
> system.
> > b) kinit: Obtains and caches an initial ticket-granting ticket for
> > principal.
> > c) klist: Lists the Kerby principal and tickets held in a
> credentials
> > cache, or the keys held in a keytab file.
> > 11. Provides support for JAAS, GSSAPI and SASL frameworks that
> > applications can leverage the authentication mechanisms provided by
> Kerby.
> >
> > In progress:
> > 1. Supports PKINIT mechanism to allow clients to request tickets
> > using x509 certificate credentials. (50% is finished)
> > 2. Server scripts for Kerby KDC.
> > 3. Building support: checking style and find bugs.
> > 4. Integration and compatible tests.
> > 5. Building the web site.
> >
> > Plan to do:
> > 1. Supports OTP mechanism to allow clients to request tickets using
> > One Time Password.
> > 2. Consolidate the existing Change Password protocol implementation.
> > 3. REST representation for Kadmin interface.
> > 4. Implement remote mode kadmin tool based on Kadmin REST API
> > 5. Web management console to simplify the configuration and
> management
> > 6. Write the admin guide and user guide.
> > 7. Implementing cross-realm support.
> >
> > Please look at here https://github.com/apache/directory-kerby for
> details.
> >
> >
> > Thanks
> > Jiajia
> >
> > -----Original Message-----
> > From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> > Sent: Friday, July 03, 2015 11:33 AM
> > To: kerby@directory.apache.org
> > Subject: state of KDC
> >
> > Can anyone summarize what our KDC can and cannot do?
> >
> > I want to know what features are currently supported and what not
> > and what are in progress.
> >
> > thank you
> >
> > --
> > Kiran Ayyagari
> > http://keydap.com
> >
> >
>
>
> --
> Kiran Ayyagari
> http://keydap.com
>
--
Kiran Ayyagari
http://keydap.com
Re: state of KDC
Posted by Kiran Ayyagari <ka...@apache.org>.
On Fri, Jul 3, 2015 at 4:43 PM, Zheng, Kai <ka...@intel.com> wrote:
> Yeah, I agree.
>
> One thing to note is we're making use of JIRA not very well in my view.
> For most features we added, we have JIRA entries. The bad thing is they got
> very few inputs. I thought we should rely more on JIRA system to discuss so
> they could be tracked well for following contributors, as most ASF projects
> do.
>
you are all using JIRA well, but it is only referred when one is working on
a issue.
>From now onwards sending a summary note before making any significant
changes, cause I believe
the code base is already huge.
> Regards,
> Kai
>
> -----Original Message-----
> From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> Sent: Friday, July 03, 2015 4:34 PM
> To: kerby@directory.apache.org
> Subject: Re: state of KDC
>
> On Fri, Jul 3, 2015 at 4:24 PM, Zheng, Kai <ka...@intel.com> wrote:
>
> > Thanks Jiajia for sorting this out! It's helpful to learn about the
> > new project. Maybe we should have such status update or lighter ones
> regularly?
> >
> >
> it is a good practice to let the team know before if you are planning to
> add any new features or any _significant_ changes to the code base.
>
>
> Regards,
> > Kai
> >
> > -----Original Message-----
> > From: Li, Jiajia [mailto:jiajia.li@intel.com]
> > Sent: Friday, July 03, 2015 4:02 PM
> > To: kerby@directory.apache.org
> > Subject: RE: state of KDC
> >
> > Refine the format for easying reading.
> >
> > Kerby Status Summary
> >
> > Supported(done and almost done):
> > 1. Kerberos library:
> > a) KrbClient API
> > b) KDC server API
> > c) Kadmin API
> > d) Credential cache and keytab utilities
> >
> > 2. Provides a standalone KDC server .
> >
> > 3. Supports various identity backends including:
> > a) MemoryIdentityBackend
> > b) JsonIdentityBackend
> > c) LdapIdentityBackend
> > d) ZookeeperIdentityBackend
> > e) MavibotBackend.
> >
> > 4. Provides an embedded KDC server named SimpleKdcServer that
> > applications can easily integrate into products, unit tests or
> integration tests.
> >
> > 5. Supports FAST/Preauthentication framework to allow popular and
> > useful authentication mechanisms.
> >
> > 6. Supports Token Preauth mechanism to allow clients to request
> > tickets using JWT tokens.
> >
> > 7. Client can request a TGT with:
> > a) User plain password credential
> > b) User keyTab
> > c) User token credential
> >
> > 8. Client can request a service ticket with:
> > a) user TGT credential for a server
> > b) user AccessToken credential for a server
> >
> > 9. Network support including UDP and TCP transport with two
> > implementations:
> > a) Default implementation based on the JRE without depending on
> > other libraries.
> > b) Netty based implementation for better throughput, lower latency.
> >
> > 10. Tools:
> > a) kadmin: Command-line interfaces to the Kerby administration
> system.
> > b) kinit: Obtains and caches an initial ticket-granting ticket for
> > principal.
> > c) klist: Lists the Kerby principal and tickets held in a
> > credentials cache, or the keys held in a keytab file.
> >
> > 11. Provides support for JAAS, GSSAPI and SASL frameworks that
> > applications can leverage the authentication mechanisms provided by
> Kerby.
> >
> > In progress:
> > 1. Supports PKINIT mechanism to allow clients to request tickets using
> > x509 certificate credentials. (50% is finished)
> >
> > 2. Server scripts for Kerby KDC.
> >
> > 3. Building support: checking style and find bugs.
> >
> > 4. Integration and compatible tests.
> >
> > 5. Building the web site.
> >
> > Plan to do:
> > 1. Supports OTP mechanism to allow clients to request tickets using
> > One Time Password.
> >
> > 2. Consolidate the existing Change Password protocol implementation.
> >
> > 3. REST representation for Kadmin interface.
> >
> > 4. Implement remote mode kadmin tool based on Kadmin REST API
> >
> > 5. Web management console to simplify the configuration and management
> >
> > 6. Write the admin guide and user guide.
> >
> > 7. Implementing cross-realm support.
> >
> > Please look at here https://github.com/apache/directory-kerby for
> details.
> >
> > Thanks
> > Jiajia
> >
> > -----Original Message-----
> > From: Li, Jiajia [mailto:jiajia.li@intel.com]
> > Sent: Friday, July 03, 2015 3:43 PM
> > To: kerby@directory.apache.org
> > Subject: RE: state of KDC
> >
> > Kerby Status Summary
> >
> > Supported(done and almost done):
> > 1. Kerberos library:
> > KrbClient API
> > KDC server API
> > Kadmin API
> > Credential cache and keytab utilities
> > 2. Provides a standalone KDC server .
> > 3. Supports various identity backends including:
> > a) MemoryIdentityBackend
> > b) JsonIdentityBackend
> > c) LdapIdentityBackend
> > d) ZookeeperIdentityBackend
> > e) MavibotBackend.
> > 4. Provides an embedded KDC server named SimpleKdcServer that
> > applications can easily integrate into products, unit tests or
> > integration tests.
> > 5. Supports FAST/Preauthentication framework to allow popular and
> > useful authentication mechanisms.
> > 6. Supports Token Preauth mechanism to allow clients to request
> > tickets using JWT tokens.
> > 7. Client can request a TGT with:
> > a) User plain password credential
> > b) User keyTab
> > c) User token credential
> > 8. Client can request a service ticket with:
> > a) user TGT credential for a server
> > b) user AccessToken credential for a server
> > 9. Network support including UDP and TCP transport with two
> > implementations:
> > a) Default implementation based on the JRE without depending on
> other
> > libraries.
> > b) Netty based implementation for better throughput, lower latency.
> > 10. Tools:
> > a) kadmin: Command-line interfaces to the Kerby administration
> system.
> > b) kinit: Obtains and caches an initial ticket-granting ticket for
> > principal.
> > c) klist: Lists the Kerby principal and tickets held in a
> credentials
> > cache, or the keys held in a keytab file.
> > 11. Provides support for JAAS, GSSAPI and SASL frameworks that
> > applications can leverage the authentication mechanisms provided by
> Kerby.
> >
> > In progress:
> > 1. Supports PKINIT mechanism to allow clients to request tickets
> > using x509 certificate credentials. (50% is finished)
> > 2. Server scripts for Kerby KDC.
> > 3. Building support: checking style and find bugs.
> > 4. Integration and compatible tests.
> > 5. Building the web site.
> >
> > Plan to do:
> > 1. Supports OTP mechanism to allow clients to request tickets using
> > One Time Password.
> > 2. Consolidate the existing Change Password protocol implementation.
> > 3. REST representation for Kadmin interface.
> > 4. Implement remote mode kadmin tool based on Kadmin REST API
> > 5. Web management console to simplify the configuration and
> management
> > 6. Write the admin guide and user guide.
> > 7. Implementing cross-realm support.
> >
> > Please look at here https://github.com/apache/directory-kerby for
> details.
> >
> >
> > Thanks
> > Jiajia
> >
> > -----Original Message-----
> > From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> > Sent: Friday, July 03, 2015 11:33 AM
> > To: kerby@directory.apache.org
> > Subject: state of KDC
> >
> > Can anyone summarize what our KDC can and cannot do?
> >
> > I want to know what features are currently supported and what not and
> > what are in progress.
> >
> > thank you
> >
> > --
> > Kiran Ayyagari
> > http://keydap.com
> >
> >
>
>
> --
> Kiran Ayyagari
> http://keydap.com
>
--
Kiran Ayyagari
http://keydap.com
RE: state of KDC
Posted by "Zheng, Kai" <ka...@intel.com>.
This is the master JIRA that almost lists all the sub-tasks.
https://issues.apache.org/jira/browse/DIRKRB-102
-----Original Message-----
From: Zheng, Kai [mailto:kai.zheng@intel.com]
Sent: Friday, July 03, 2015 4:43 PM
To: kerby@directory.apache.org
Subject: RE: state of KDC
Yeah, I agree.
One thing to note is we're making use of JIRA not very well in my view. For most features we added, we have JIRA entries. The bad thing is they got very few inputs. I thought we should rely more on JIRA system to discuss so they could be tracked well for following contributors, as most ASF projects do.
Regards,
Kai
-----Original Message-----
From: Kiran Ayyagari [mailto:kayyagari@apache.org]
Sent: Friday, July 03, 2015 4:34 PM
To: kerby@directory.apache.org
Subject: Re: state of KDC
On Fri, Jul 3, 2015 at 4:24 PM, Zheng, Kai <ka...@intel.com> wrote:
> Thanks Jiajia for sorting this out! It's helpful to learn about the
> new project. Maybe we should have such status update or lighter ones regularly?
>
>
it is a good practice to let the team know before if you are planning to add any new features or any _significant_ changes to the code base.
Regards,
> Kai
>
> -----Original Message-----
> From: Li, Jiajia [mailto:jiajia.li@intel.com]
> Sent: Friday, July 03, 2015 4:02 PM
> To: kerby@directory.apache.org
> Subject: RE: state of KDC
>
> Refine the format for easying reading.
>
> Kerby Status Summary
>
> Supported(done and almost done):
> 1. Kerberos library:
> a) KrbClient API
> b) KDC server API
> c) Kadmin API
> d) Credential cache and keytab utilities
>
> 2. Provides a standalone KDC server .
>
> 3. Supports various identity backends including:
> a) MemoryIdentityBackend
> b) JsonIdentityBackend
> c) LdapIdentityBackend
> d) ZookeeperIdentityBackend
> e) MavibotBackend.
>
> 4. Provides an embedded KDC server named SimpleKdcServer that
> applications can easily integrate into products, unit tests or integration tests.
>
> 5. Supports FAST/Preauthentication framework to allow popular and
> useful authentication mechanisms.
>
> 6. Supports Token Preauth mechanism to allow clients to request
> tickets using JWT tokens.
>
> 7. Client can request a TGT with:
> a) User plain password credential
> b) User keyTab
> c) User token credential
>
> 8. Client can request a service ticket with:
> a) user TGT credential for a server
> b) user AccessToken credential for a server
>
> 9. Network support including UDP and TCP transport with two
> implementations:
> a) Default implementation based on the JRE without depending on
> other libraries.
> b) Netty based implementation for better throughput, lower latency.
>
> 10. Tools:
> a) kadmin: Command-line interfaces to the Kerby administration system.
> b) kinit: Obtains and caches an initial ticket-granting ticket for
> principal.
> c) klist: Lists the Kerby principal and tickets held in a
> credentials cache, or the keys held in a keytab file.
>
> 11. Provides support for JAAS, GSSAPI and SASL frameworks that
> applications can leverage the authentication mechanisms provided by Kerby.
>
> In progress:
> 1. Supports PKINIT mechanism to allow clients to request tickets using
> x509 certificate credentials. (50% is finished)
>
> 2. Server scripts for Kerby KDC.
>
> 3. Building support: checking style and find bugs.
>
> 4. Integration and compatible tests.
>
> 5. Building the web site.
>
> Plan to do:
> 1. Supports OTP mechanism to allow clients to request tickets using
> One Time Password.
>
> 2. Consolidate the existing Change Password protocol implementation.
>
> 3. REST representation for Kadmin interface.
>
> 4. Implement remote mode kadmin tool based on Kadmin REST API
>
> 5. Web management console to simplify the configuration and management
>
> 6. Write the admin guide and user guide.
>
> 7. Implementing cross-realm support.
>
> Please look at here https://github.com/apache/directory-kerby for details.
>
> Thanks
> Jiajia
>
> -----Original Message-----
> From: Li, Jiajia [mailto:jiajia.li@intel.com]
> Sent: Friday, July 03, 2015 3:43 PM
> To: kerby@directory.apache.org
> Subject: RE: state of KDC
>
> Kerby Status Summary
>
> Supported(done and almost done):
> 1. Kerberos library:
> KrbClient API
> KDC server API
> Kadmin API
> Credential cache and keytab utilities
> 2. Provides a standalone KDC server .
> 3. Supports various identity backends including:
> a) MemoryIdentityBackend
> b) JsonIdentityBackend
> c) LdapIdentityBackend
> d) ZookeeperIdentityBackend
> e) MavibotBackend.
> 4. Provides an embedded KDC server named SimpleKdcServer that
> applications can easily integrate into products, unit tests or
> integration tests.
> 5. Supports FAST/Preauthentication framework to allow popular and
> useful authentication mechanisms.
> 6. Supports Token Preauth mechanism to allow clients to request
> tickets using JWT tokens.
> 7. Client can request a TGT with:
> a) User plain password credential
> b) User keyTab
> c) User token credential
> 8. Client can request a service ticket with:
> a) user TGT credential for a server
> b) user AccessToken credential for a server
> 9. Network support including UDP and TCP transport with two
> implementations:
> a) Default implementation based on the JRE without depending on other
> libraries.
> b) Netty based implementation for better throughput, lower latency.
> 10. Tools:
> a) kadmin: Command-line interfaces to the Kerby administration system.
> b) kinit: Obtains and caches an initial ticket-granting ticket for
> principal.
> c) klist: Lists the Kerby principal and tickets held in a credentials
> cache, or the keys held in a keytab file.
> 11. Provides support for JAAS, GSSAPI and SASL frameworks that
> applications can leverage the authentication mechanisms provided by Kerby.
>
> In progress:
> 1. Supports PKINIT mechanism to allow clients to request tickets
> using x509 certificate credentials. (50% is finished)
> 2. Server scripts for Kerby KDC.
> 3. Building support: checking style and find bugs.
> 4. Integration and compatible tests.
> 5. Building the web site.
>
> Plan to do:
> 1. Supports OTP mechanism to allow clients to request tickets using
> One Time Password.
> 2. Consolidate the existing Change Password protocol implementation.
> 3. REST representation for Kadmin interface.
> 4. Implement remote mode kadmin tool based on Kadmin REST API
> 5. Web management console to simplify the configuration and management
> 6. Write the admin guide and user guide.
> 7. Implementing cross-realm support.
>
> Please look at here https://github.com/apache/directory-kerby for details.
>
>
> Thanks
> Jiajia
>
> -----Original Message-----
> From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> Sent: Friday, July 03, 2015 11:33 AM
> To: kerby@directory.apache.org
> Subject: state of KDC
>
> Can anyone summarize what our KDC can and cannot do?
>
> I want to know what features are currently supported and what not and
> what are in progress.
>
> thank you
>
> --
> Kiran Ayyagari
> http://keydap.com
>
>
--
Kiran Ayyagari
http://keydap.com
RE: state of KDC
Posted by "Zheng, Kai" <ka...@intel.com>.
Yeah, I agree.
One thing to note is we're making use of JIRA not very well in my view. For most features we added, we have JIRA entries. The bad thing is they got very few inputs. I thought we should rely more on JIRA system to discuss so they could be tracked well for following contributors, as most ASF projects do.
Regards,
Kai
-----Original Message-----
From: Kiran Ayyagari [mailto:kayyagari@apache.org]
Sent: Friday, July 03, 2015 4:34 PM
To: kerby@directory.apache.org
Subject: Re: state of KDC
On Fri, Jul 3, 2015 at 4:24 PM, Zheng, Kai <ka...@intel.com> wrote:
> Thanks Jiajia for sorting this out! It's helpful to learn about the
> new project. Maybe we should have such status update or lighter ones regularly?
>
>
it is a good practice to let the team know before if you are planning to add any new features or any _significant_ changes to the code base.
Regards,
> Kai
>
> -----Original Message-----
> From: Li, Jiajia [mailto:jiajia.li@intel.com]
> Sent: Friday, July 03, 2015 4:02 PM
> To: kerby@directory.apache.org
> Subject: RE: state of KDC
>
> Refine the format for easying reading.
>
> Kerby Status Summary
>
> Supported(done and almost done):
> 1. Kerberos library:
> a) KrbClient API
> b) KDC server API
> c) Kadmin API
> d) Credential cache and keytab utilities
>
> 2. Provides a standalone KDC server .
>
> 3. Supports various identity backends including:
> a) MemoryIdentityBackend
> b) JsonIdentityBackend
> c) LdapIdentityBackend
> d) ZookeeperIdentityBackend
> e) MavibotBackend.
>
> 4. Provides an embedded KDC server named SimpleKdcServer that
> applications can easily integrate into products, unit tests or integration tests.
>
> 5. Supports FAST/Preauthentication framework to allow popular and
> useful authentication mechanisms.
>
> 6. Supports Token Preauth mechanism to allow clients to request
> tickets using JWT tokens.
>
> 7. Client can request a TGT with:
> a) User plain password credential
> b) User keyTab
> c) User token credential
>
> 8. Client can request a service ticket with:
> a) user TGT credential for a server
> b) user AccessToken credential for a server
>
> 9. Network support including UDP and TCP transport with two
> implementations:
> a) Default implementation based on the JRE without depending on
> other libraries.
> b) Netty based implementation for better throughput, lower latency.
>
> 10. Tools:
> a) kadmin: Command-line interfaces to the Kerby administration system.
> b) kinit: Obtains and caches an initial ticket-granting ticket for
> principal.
> c) klist: Lists the Kerby principal and tickets held in a
> credentials cache, or the keys held in a keytab file.
>
> 11. Provides support for JAAS, GSSAPI and SASL frameworks that
> applications can leverage the authentication mechanisms provided by Kerby.
>
> In progress:
> 1. Supports PKINIT mechanism to allow clients to request tickets using
> x509 certificate credentials. (50% is finished)
>
> 2. Server scripts for Kerby KDC.
>
> 3. Building support: checking style and find bugs.
>
> 4. Integration and compatible tests.
>
> 5. Building the web site.
>
> Plan to do:
> 1. Supports OTP mechanism to allow clients to request tickets using
> One Time Password.
>
> 2. Consolidate the existing Change Password protocol implementation.
>
> 3. REST representation for Kadmin interface.
>
> 4. Implement remote mode kadmin tool based on Kadmin REST API
>
> 5. Web management console to simplify the configuration and management
>
> 6. Write the admin guide and user guide.
>
> 7. Implementing cross-realm support.
>
> Please look at here https://github.com/apache/directory-kerby for details.
>
> Thanks
> Jiajia
>
> -----Original Message-----
> From: Li, Jiajia [mailto:jiajia.li@intel.com]
> Sent: Friday, July 03, 2015 3:43 PM
> To: kerby@directory.apache.org
> Subject: RE: state of KDC
>
> Kerby Status Summary
>
> Supported(done and almost done):
> 1. Kerberos library:
> KrbClient API
> KDC server API
> Kadmin API
> Credential cache and keytab utilities
> 2. Provides a standalone KDC server .
> 3. Supports various identity backends including:
> a) MemoryIdentityBackend
> b) JsonIdentityBackend
> c) LdapIdentityBackend
> d) ZookeeperIdentityBackend
> e) MavibotBackend.
> 4. Provides an embedded KDC server named SimpleKdcServer that
> applications can easily integrate into products, unit tests or
> integration tests.
> 5. Supports FAST/Preauthentication framework to allow popular and
> useful authentication mechanisms.
> 6. Supports Token Preauth mechanism to allow clients to request
> tickets using JWT tokens.
> 7. Client can request a TGT with:
> a) User plain password credential
> b) User keyTab
> c) User token credential
> 8. Client can request a service ticket with:
> a) user TGT credential for a server
> b) user AccessToken credential for a server
> 9. Network support including UDP and TCP transport with two
> implementations:
> a) Default implementation based on the JRE without depending on other
> libraries.
> b) Netty based implementation for better throughput, lower latency.
> 10. Tools:
> a) kadmin: Command-line interfaces to the Kerby administration system.
> b) kinit: Obtains and caches an initial ticket-granting ticket for
> principal.
> c) klist: Lists the Kerby principal and tickets held in a credentials
> cache, or the keys held in a keytab file.
> 11. Provides support for JAAS, GSSAPI and SASL frameworks that
> applications can leverage the authentication mechanisms provided by Kerby.
>
> In progress:
> 1. Supports PKINIT mechanism to allow clients to request tickets
> using x509 certificate credentials. (50% is finished)
> 2. Server scripts for Kerby KDC.
> 3. Building support: checking style and find bugs.
> 4. Integration and compatible tests.
> 5. Building the web site.
>
> Plan to do:
> 1. Supports OTP mechanism to allow clients to request tickets using
> One Time Password.
> 2. Consolidate the existing Change Password protocol implementation.
> 3. REST representation for Kadmin interface.
> 4. Implement remote mode kadmin tool based on Kadmin REST API
> 5. Web management console to simplify the configuration and management
> 6. Write the admin guide and user guide.
> 7. Implementing cross-realm support.
>
> Please look at here https://github.com/apache/directory-kerby for details.
>
>
> Thanks
> Jiajia
>
> -----Original Message-----
> From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> Sent: Friday, July 03, 2015 11:33 AM
> To: kerby@directory.apache.org
> Subject: state of KDC
>
> Can anyone summarize what our KDC can and cannot do?
>
> I want to know what features are currently supported and what not and
> what are in progress.
>
> thank you
>
> --
> Kiran Ayyagari
> http://keydap.com
>
>
--
Kiran Ayyagari
http://keydap.com
Re: state of KDC
Posted by Kiran Ayyagari <ka...@apache.org>.
On Fri, Jul 3, 2015 at 4:24 PM, Zheng, Kai <ka...@intel.com> wrote:
> Thanks Jiajia for sorting this out! It's helpful to learn about the new
> project. Maybe we should have such status update or lighter ones regularly?
>
>
it is a good practice to let the team know before if you are planning to
add any new features or any
_significant_ changes to the code base.
Regards,
> Kai
>
> -----Original Message-----
> From: Li, Jiajia [mailto:jiajia.li@intel.com]
> Sent: Friday, July 03, 2015 4:02 PM
> To: kerby@directory.apache.org
> Subject: RE: state of KDC
>
> Refine the format for easying reading.
>
> Kerby Status Summary
>
> Supported(done and almost done):
> 1. Kerberos library:
> a) KrbClient API
> b) KDC server API
> c) Kadmin API
> d) Credential cache and keytab utilities
>
> 2. Provides a standalone KDC server .
>
> 3. Supports various identity backends including:
> a) MemoryIdentityBackend
> b) JsonIdentityBackend
> c) LdapIdentityBackend
> d) ZookeeperIdentityBackend
> e) MavibotBackend.
>
> 4. Provides an embedded KDC server named SimpleKdcServer that applications
> can easily integrate into products, unit tests or integration tests.
>
> 5. Supports FAST/Preauthentication framework to allow popular and useful
> authentication mechanisms.
>
> 6. Supports Token Preauth mechanism to allow clients to request tickets
> using JWT tokens.
>
> 7. Client can request a TGT with:
> a) User plain password credential
> b) User keyTab
> c) User token credential
>
> 8. Client can request a service ticket with:
> a) user TGT credential for a server
> b) user AccessToken credential for a server
>
> 9. Network support including UDP and TCP transport with two
> implementations:
> a) Default implementation based on the JRE without depending on other
> libraries.
> b) Netty based implementation for better throughput, lower latency.
>
> 10. Tools:
> a) kadmin: Command-line interfaces to the Kerby administration system.
> b) kinit: Obtains and caches an initial ticket-granting ticket for
> principal.
> c) klist: Lists the Kerby principal and tickets held in a credentials
> cache, or the keys held in a keytab file.
>
> 11. Provides support for JAAS, GSSAPI and SASL frameworks that
> applications can leverage the authentication mechanisms provided by Kerby.
>
> In progress:
> 1. Supports PKINIT mechanism to allow clients to request tickets using
> x509 certificate credentials. (50% is finished)
>
> 2. Server scripts for Kerby KDC.
>
> 3. Building support: checking style and find bugs.
>
> 4. Integration and compatible tests.
>
> 5. Building the web site.
>
> Plan to do:
> 1. Supports OTP mechanism to allow clients to request tickets using One
> Time Password.
>
> 2. Consolidate the existing Change Password protocol implementation.
>
> 3. REST representation for Kadmin interface.
>
> 4. Implement remote mode kadmin tool based on Kadmin REST API
>
> 5. Web management console to simplify the configuration and management
>
> 6. Write the admin guide and user guide.
>
> 7. Implementing cross-realm support.
>
> Please look at here https://github.com/apache/directory-kerby for details.
>
> Thanks
> Jiajia
>
> -----Original Message-----
> From: Li, Jiajia [mailto:jiajia.li@intel.com]
> Sent: Friday, July 03, 2015 3:43 PM
> To: kerby@directory.apache.org
> Subject: RE: state of KDC
>
> Kerby Status Summary
>
> Supported(done and almost done):
> 1. Kerberos library:
> KrbClient API
> KDC server API
> Kadmin API
> Credential cache and keytab utilities
> 2. Provides a standalone KDC server .
> 3. Supports various identity backends including:
> a) MemoryIdentityBackend
> b) JsonIdentityBackend
> c) LdapIdentityBackend
> d) ZookeeperIdentityBackend
> e) MavibotBackend.
> 4. Provides an embedded KDC server named SimpleKdcServer that
> applications can easily integrate into products, unit tests or integration
> tests.
> 5. Supports FAST/Preauthentication framework to allow popular and
> useful authentication mechanisms.
> 6. Supports Token Preauth mechanism to allow clients to request
> tickets using JWT tokens.
> 7. Client can request a TGT with:
> a) User plain password credential
> b) User keyTab
> c) User token credential
> 8. Client can request a service ticket with:
> a) user TGT credential for a server
> b) user AccessToken credential for a server
> 9. Network support including UDP and TCP transport with two
> implementations:
> a) Default implementation based on the JRE without depending on other
> libraries.
> b) Netty based implementation for better throughput, lower latency.
> 10. Tools:
> a) kadmin: Command-line interfaces to the Kerby administration system.
> b) kinit: Obtains and caches an initial ticket-granting ticket for
> principal.
> c) klist: Lists the Kerby principal and tickets held in a credentials
> cache, or the keys held in a keytab file.
> 11. Provides support for JAAS, GSSAPI and SASL frameworks that
> applications can leverage the authentication mechanisms provided by Kerby.
>
> In progress:
> 1. Supports PKINIT mechanism to allow clients to request tickets
> using x509 certificate credentials. (50% is finished)
> 2. Server scripts for Kerby KDC.
> 3. Building support: checking style and find bugs.
> 4. Integration and compatible tests.
> 5. Building the web site.
>
> Plan to do:
> 1. Supports OTP mechanism to allow clients to request tickets using
> One Time Password.
> 2. Consolidate the existing Change Password protocol implementation.
> 3. REST representation for Kadmin interface.
> 4. Implement remote mode kadmin tool based on Kadmin REST API
> 5. Web management console to simplify the configuration and management
> 6. Write the admin guide and user guide.
> 7. Implementing cross-realm support.
>
> Please look at here https://github.com/apache/directory-kerby for details.
>
>
> Thanks
> Jiajia
>
> -----Original Message-----
> From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> Sent: Friday, July 03, 2015 11:33 AM
> To: kerby@directory.apache.org
> Subject: state of KDC
>
> Can anyone summarize what our KDC can and cannot do?
>
> I want to know what features are currently supported and what not and what
> are in progress.
>
> thank you
>
> --
> Kiran Ayyagari
> http://keydap.com
>
>
--
Kiran Ayyagari
http://keydap.com
RE: state of KDC
Posted by "Zheng, Kai" <ka...@intel.com>.
Thanks Jiajia for sorting this out! It's helpful to learn about the new project. Maybe we should have such status update or lighter ones regularly?
Regards,
Kai
-----Original Message-----
From: Li, Jiajia [mailto:jiajia.li@intel.com]
Sent: Friday, July 03, 2015 4:02 PM
To: kerby@directory.apache.org
Subject: RE: state of KDC
Refine the format for easying reading.
Kerby Status Summary
Supported(done and almost done):
1. Kerberos library:
a) KrbClient API
b) KDC server API
c) Kadmin API
d) Credential cache and keytab utilities
2. Provides a standalone KDC server .
3. Supports various identity backends including:
a) MemoryIdentityBackend
b) JsonIdentityBackend
c) LdapIdentityBackend
d) ZookeeperIdentityBackend
e) MavibotBackend.
4. Provides an embedded KDC server named SimpleKdcServer that applications can easily integrate into products, unit tests or integration tests.
5. Supports FAST/Preauthentication framework to allow popular and useful authentication mechanisms.
6. Supports Token Preauth mechanism to allow clients to request tickets using JWT tokens.
7. Client can request a TGT with:
a) User plain password credential
b) User keyTab
c) User token credential
8. Client can request a service ticket with:
a) user TGT credential for a server
b) user AccessToken credential for a server
9. Network support including UDP and TCP transport with two implementations:
a) Default implementation based on the JRE without depending on other libraries.
b) Netty based implementation for better throughput, lower latency.
10. Tools:
a) kadmin: Command-line interfaces to the Kerby administration system.
b) kinit: Obtains and caches an initial ticket-granting ticket for principal.
c) klist: Lists the Kerby principal and tickets held in a credentials cache, or the keys held in a keytab file.
11. Provides support for JAAS, GSSAPI and SASL frameworks that applications can leverage the authentication mechanisms provided by Kerby.
In progress:
1. Supports PKINIT mechanism to allow clients to request tickets using x509 certificate credentials. (50% is finished)
2. Server scripts for Kerby KDC.
3. Building support: checking style and find bugs.
4. Integration and compatible tests.
5. Building the web site.
Plan to do:
1. Supports OTP mechanism to allow clients to request tickets using One Time Password.
2. Consolidate the existing Change Password protocol implementation.
3. REST representation for Kadmin interface.
4. Implement remote mode kadmin tool based on Kadmin REST API
5. Web management console to simplify the configuration and management
6. Write the admin guide and user guide.
7. Implementing cross-realm support.
Please look at here https://github.com/apache/directory-kerby for details.
Thanks
Jiajia
-----Original Message-----
From: Li, Jiajia [mailto:jiajia.li@intel.com]
Sent: Friday, July 03, 2015 3:43 PM
To: kerby@directory.apache.org
Subject: RE: state of KDC
Kerby Status Summary
Supported(done and almost done):
1. Kerberos library:
KrbClient API
KDC server API
Kadmin API
Credential cache and keytab utilities
2. Provides a standalone KDC server .
3. Supports various identity backends including:
a) MemoryIdentityBackend
b) JsonIdentityBackend
c) LdapIdentityBackend
d) ZookeeperIdentityBackend
e) MavibotBackend.
4. Provides an embedded KDC server named SimpleKdcServer that applications can easily integrate into products, unit tests or integration tests.
5. Supports FAST/Preauthentication framework to allow popular and useful authentication mechanisms.
6. Supports Token Preauth mechanism to allow clients to request tickets using JWT tokens.
7. Client can request a TGT with:
a) User plain password credential
b) User keyTab
c) User token credential
8. Client can request a service ticket with:
a) user TGT credential for a server
b) user AccessToken credential for a server
9. Network support including UDP and TCP transport with two implementations:
a) Default implementation based on the JRE without depending on other libraries.
b) Netty based implementation for better throughput, lower latency.
10. Tools:
a) kadmin: Command-line interfaces to the Kerby administration system.
b) kinit: Obtains and caches an initial ticket-granting ticket for principal.
c) klist: Lists the Kerby principal and tickets held in a credentials cache, or the keys held in a keytab file.
11. Provides support for JAAS, GSSAPI and SASL frameworks that applications can leverage the authentication mechanisms provided by Kerby.
In progress:
1. Supports PKINIT mechanism to allow clients to request tickets using x509 certificate credentials. (50% is finished)
2. Server scripts for Kerby KDC.
3. Building support: checking style and find bugs.
4. Integration and compatible tests.
5. Building the web site.
Plan to do:
1. Supports OTP mechanism to allow clients to request tickets using One Time Password.
2. Consolidate the existing Change Password protocol implementation.
3. REST representation for Kadmin interface.
4. Implement remote mode kadmin tool based on Kadmin REST API
5. Web management console to simplify the configuration and management
6. Write the admin guide and user guide.
7. Implementing cross-realm support.
Please look at here https://github.com/apache/directory-kerby for details.
Thanks
Jiajia
-----Original Message-----
From: Kiran Ayyagari [mailto:kayyagari@apache.org]
Sent: Friday, July 03, 2015 11:33 AM
To: kerby@directory.apache.org
Subject: state of KDC
Can anyone summarize what our KDC can and cannot do?
I want to know what features are currently supported and what not and what are in progress.
thank you
--
Kiran Ayyagari
http://keydap.com
RE: state of KDC
Posted by "Zheng, Kai" <ka...@intel.com>.
Thank you Kiran!
-----Original Message-----
From: Kiran Ayyagari [mailto:kayyagari@apache.org]
Sent: Wednesday, August 05, 2015 10:15 AM
To: kerby@directory.apache.org
Subject: Re: state of KDC
On Wed, Aug 5, 2015 at 8:58 AM, Zheng, Kai <ka...@intel.com> wrote:
> Kiran,
>
> Could I know when we would cut the Mavibot release? Thanks.
>
I can cut it during this weekend and it should be available in Maven repo next week.
>
> Regards,
> Kai
>
> -----Original Message-----
> From: Zheng, Kai [mailto:kai.zheng@intel.com]
> Sent: Tuesday, August 04, 2015 11:37 AM
> To: kerby@directory.apache.org
> Subject: RE: state of KDC
>
> Thanks Emmanuel and Kiran for the discussion.
> Yes it would be great if we can cut a Mavibot release (even milestone)
> and get the Mavibot backend ready for the Kerby release.
>
> Regards,
> Kai
>
> -----Original Message-----
> From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> Sent: Tuesday, August 04, 2015 10:27 AM
> To: kerby@directory.apache.org
> Subject: Re: state of KDC
>
> On Mon, Aug 3, 2015 at 11:31 PM, Emmanuel Lécharny
> <el...@gmail.com>
> wrote:
>
> > Le 03/08/15 16:58, Zheng, Kai a écrit :
> > > I just thought of another two items to do for the release. They
> > > came to
> > my mind during related discussions.
> > > 1. Double check all the left issues/JIRAs. If not must to have, we
> > > can
> > retarget them for 1.0.0-rc2, 1.0.0, and 2.0.0 accordingly.
> > > 2. Mavibot backend, it still relying on SNAPSHOT version of Mavibot.
> > > If
> > sounds good, how about retargeting it for 1.0.0, and move it out of
> > the release?
> > >
> > > Kiran, would you comment on this? Thanks.
> > We can cut a release of Mavibot, but it will be a Milstone, not a RC.
> > In
> >
> we can cut a release
>
> > any case, if needed, we can either discard the Mavobot backend, or
> > if we have a RC for Mavinot, use it.
> >
> > IMHO mavibot backend is a must, cause this is the only embeddable
> > simple
> persisting <K,V> store
> present in Kerby, the other stores are either in-memory or run in a
> separate process.
>
> --
> Kiran Ayyagari
> http://keydap.com
>
--
Kiran Ayyagari
http://keydap.com
Re: state of KDC
Posted by Kiran Ayyagari <ka...@apache.org>.
On Wed, Aug 5, 2015 at 8:58 AM, Zheng, Kai <ka...@intel.com> wrote:
> Kiran,
>
> Could I know when we would cut the Mavibot release? Thanks.
>
I can cut it during this weekend and it should be available in Maven repo
next week.
>
> Regards,
> Kai
>
> -----Original Message-----
> From: Zheng, Kai [mailto:kai.zheng@intel.com]
> Sent: Tuesday, August 04, 2015 11:37 AM
> To: kerby@directory.apache.org
> Subject: RE: state of KDC
>
> Thanks Emmanuel and Kiran for the discussion.
> Yes it would be great if we can cut a Mavibot release (even milestone) and
> get the Mavibot backend ready for the Kerby release.
>
> Regards,
> Kai
>
> -----Original Message-----
> From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> Sent: Tuesday, August 04, 2015 10:27 AM
> To: kerby@directory.apache.org
> Subject: Re: state of KDC
>
> On Mon, Aug 3, 2015 at 11:31 PM, Emmanuel Lécharny <el...@gmail.com>
> wrote:
>
> > Le 03/08/15 16:58, Zheng, Kai a écrit :
> > > I just thought of another two items to do for the release. They came
> > > to
> > my mind during related discussions.
> > > 1. Double check all the left issues/JIRAs. If not must to have, we
> > > can
> > retarget them for 1.0.0-rc2, 1.0.0, and 2.0.0 accordingly.
> > > 2. Mavibot backend, it still relying on SNAPSHOT version of Mavibot.
> > > If
> > sounds good, how about retargeting it for 1.0.0, and move it out of
> > the release?
> > >
> > > Kiran, would you comment on this? Thanks.
> > We can cut a release of Mavibot, but it will be a Milstone, not a RC.
> > In
> >
> we can cut a release
>
> > any case, if needed, we can either discard the Mavobot backend, or if
> > we have a RC for Mavinot, use it.
> >
> > IMHO mavibot backend is a must, cause this is the only embeddable
> > simple
> persisting <K,V> store
> present in Kerby, the other stores are either in-memory or run in a
> separate process.
>
> --
> Kiran Ayyagari
> http://keydap.com
>
--
Kiran Ayyagari
http://keydap.com
RE: state of KDC
Posted by "Zheng, Kai" <ka...@intel.com>.
Kiran,
Could I know when we would cut the Mavibot release? Thanks.
Regards,
Kai
-----Original Message-----
From: Zheng, Kai [mailto:kai.zheng@intel.com]
Sent: Tuesday, August 04, 2015 11:37 AM
To: kerby@directory.apache.org
Subject: RE: state of KDC
Thanks Emmanuel and Kiran for the discussion.
Yes it would be great if we can cut a Mavibot release (even milestone) and get the Mavibot backend ready for the Kerby release.
Regards,
Kai
-----Original Message-----
From: Kiran Ayyagari [mailto:kayyagari@apache.org]
Sent: Tuesday, August 04, 2015 10:27 AM
To: kerby@directory.apache.org
Subject: Re: state of KDC
On Mon, Aug 3, 2015 at 11:31 PM, Emmanuel Lécharny <el...@gmail.com>
wrote:
> Le 03/08/15 16:58, Zheng, Kai a écrit :
> > I just thought of another two items to do for the release. They came
> > to
> my mind during related discussions.
> > 1. Double check all the left issues/JIRAs. If not must to have, we
> > can
> retarget them for 1.0.0-rc2, 1.0.0, and 2.0.0 accordingly.
> > 2. Mavibot backend, it still relying on SNAPSHOT version of Mavibot.
> > If
> sounds good, how about retargeting it for 1.0.0, and move it out of
> the release?
> >
> > Kiran, would you comment on this? Thanks.
> We can cut a release of Mavibot, but it will be a Milstone, not a RC.
> In
>
we can cut a release
> any case, if needed, we can either discard the Mavobot backend, or if
> we have a RC for Mavinot, use it.
>
> IMHO mavibot backend is a must, cause this is the only embeddable
> simple
persisting <K,V> store
present in Kerby, the other stores are either in-memory or run in a separate process.
--
Kiran Ayyagari
http://keydap.com
RE: state of KDC
Posted by "Zheng, Kai" <ka...@intel.com>.
Thanks Emmanuel and Kiran for the discussion.
Yes it would be great if we can cut a Mavibot release (even milestone) and get the Mavibot backend ready for the Kerby release.
Regards,
Kai
-----Original Message-----
From: Kiran Ayyagari [mailto:kayyagari@apache.org]
Sent: Tuesday, August 04, 2015 10:27 AM
To: kerby@directory.apache.org
Subject: Re: state of KDC
On Mon, Aug 3, 2015 at 11:31 PM, Emmanuel Lécharny <el...@gmail.com>
wrote:
> Le 03/08/15 16:58, Zheng, Kai a écrit :
> > I just thought of another two items to do for the release. They came
> > to
> my mind during related discussions.
> > 1. Double check all the left issues/JIRAs. If not must to have, we
> > can
> retarget them for 1.0.0-rc2, 1.0.0, and 2.0.0 accordingly.
> > 2. Mavibot backend, it still relying on SNAPSHOT version of Mavibot.
> > If
> sounds good, how about retargeting it for 1.0.0, and move it out of
> the release?
> >
> > Kiran, would you comment on this? Thanks.
> We can cut a release of Mavibot, but it will be a Milstone, not a RC.
> In
>
we can cut a release
> any case, if needed, we can either discard the Mavobot backend, or if
> we have a RC for Mavinot, use it.
>
> IMHO mavibot backend is a must, cause this is the only embeddable
> simple
persisting <K,V> store
present in Kerby, the other stores are either in-memory or run in a separate process.
--
Kiran Ayyagari
http://keydap.com
Re: state of KDC
Posted by Kiran Ayyagari <ka...@apache.org>.
On Mon, Aug 3, 2015 at 11:31 PM, Emmanuel Lécharny <el...@gmail.com>
wrote:
> Le 03/08/15 16:58, Zheng, Kai a écrit :
> > I just thought of another two items to do for the release. They came to
> my mind during related discussions.
> > 1. Double check all the left issues/JIRAs. If not must to have, we can
> retarget them for 1.0.0-rc2, 1.0.0, and 2.0.0 accordingly.
> > 2. Mavibot backend, it still relying on SNAPSHOT version of Mavibot. If
> sounds good, how about retargeting it for 1.0.0, and move it out of the
> release?
> >
> > Kiran, would you comment on this? Thanks.
> We can cut a release of Mavibot, but it will be a Milstone, not a RC. In
>
we can cut a release
> any case, if needed, we can either discard the Mavobot backend, or if we
> have a RC for Mavinot, use it.
>
> IMHO mavibot backend is a must, cause this is the only embeddable simple
persisting <K,V> store
present in Kerby, the other stores are either in-memory or run in a
separate process.
--
Kiran Ayyagari
http://keydap.com
Re: state of KDC
Posted by Emmanuel Lécharny <el...@gmail.com>.
Le 03/08/15 16:58, Zheng, Kai a écrit :
> I just thought of another two items to do for the release. They came to my mind during related discussions.
> 1. Double check all the left issues/JIRAs. If not must to have, we can retarget them for 1.0.0-rc2, 1.0.0, and 2.0.0 accordingly.
> 2. Mavibot backend, it still relying on SNAPSHOT version of Mavibot. If sounds good, how about retargeting it for 1.0.0, and move it out of the release?
>
> Kiran, would you comment on this? Thanks.
We can cut a release of Mavibot, but it will be a Milstone, not a RC. In
any case, if needed, we can either discard the Mavobot backend, or if we
have a RC for Mavinot, use it.
RE: RE: state of KDC
Posted by "Zheng, Kai" <ka...@intel.com>.
I just thought of another two items to do for the release. They came to my mind during related discussions.
1. Double check all the left issues/JIRAs. If not must to have, we can retarget them for 1.0.0-rc2, 1.0.0, and 2.0.0 accordingly.
2. Mavibot backend, it still relying on SNAPSHOT version of Mavibot. If sounds good, how about retargeting it for 1.0.0, and move it out of the release?
Kiran, would you comment on this? Thanks.
Regards,
Kai
-----Original Message-----
From: Lin Chen [mailto:linchen7@foxmail.com]
Sent: Friday, July 31, 2015 3:23 PM
To: kerby
Subject: Re: RE: state of KDC
Great summary, thanks Jiajia!
In the month, we mostly done some refining works to make kerby more complete. And +1 for releasing when the remaining things listed as TODOs done.
Thanks,
Lin
------------------ Original ------------------
From: "zhengkai";<ka...@intel.com>;
Date: Thu, Jul 30, 2015 02:59 PM
To: "kerby@directory.apache.org"<ke...@directory.apache.org>;
Subject: RE: state of KDC
Thanks Jiajia for the nice status!
+1 to cut the 1.0.0-rc1 release when get the TODO items done.
Regards,
Kai
-----Original Message-----
From: Li, Jiajia [mailto:jiajia.li@intel.com]
Sent: Thursday, July 30, 2015 12:52 PM
To: kerby@directory.apache.org
Subject: RE: state of KDC
Kerby Status Summary
>From July 3 to July 30, 60+ JIRA features were resolved, including following features:
1. Add checkstyle plugin and fix all the checking style issues
2. Add findbugs plugin and fix findbugs issues
3. Add application server and client using GSSAPI/KRB to authenticate mutually
4. Add some SASL tests using real application client and server
5. Add the eclipse formatting rules
6. Extract cache facility from abstract class into a separate backend
7. Refine the kdc-dist, tool-dist and kerby-kdc package
8. Removing page and sort search in the backend
9. Add some scripts for windows
10. Add some logs and binding Log4j with SLF4j
11. Promote kerby-config and kerby-util as top level modules
12. Add the kdcinit tool, allows an administrator to perform procedures on the KDC backend
13. Add the authentication for kadmin tool before any operations
14. Add the end to end test for the token mechanism
15. Update the website and github readmes
TODO(before the first release)
1. Update building the website(include download content) 2. Update the admin guide and user guide.
3. Complete the java doc of important APIs
Would you let me know if you think some important features need to be done before the release.
And could we think about how and when to cut a first release(1.0.0-RC1)?
Thanks
Jiajia
-----Original Message-----
From: Li, Jiajia [mailto:jiajia.li@intel.com]
Sent: Friday, July 03, 2015 4:02 PM
To: kerby@directory.apache.org
Subject: RE: state of KDC
Refine the format for easying reading.
Kerby Status Summary
Supported(done and almost done):
1. Kerberos library:
a) KrbClient API
b) KDC server API
c) Kadmin API
d) Credential cache and keytab utilities
2. Provides a standalone KDC server .
3. Supports various identity backends including:
a) MemoryIdentityBackend
b) JsonIdentityBackend
c) LdapIdentityBackend
d) ZookeeperIdentityBackend
e) MavibotBackend.
4. Provides an embedded KDC server named SimpleKdcServer that applications can easily integrate into products, unit tests or integration tests.
5. Supports FAST/Preauthentication framework to allow popular and useful authentication mechanisms.
6. Supports Token Preauth mechanism to allow clients to request tickets using JWT tokens.
7. Client can request a TGT with:
a) User plain password credential
b) User keyTab
c) User token credential
8. Client can request a service ticket with:
a) user TGT credential for a server
b) user AccessToken credential for a server
9. Network support including UDP and TCP transport with two implementations:
a) Default implementation based on the JRE without depending on other libraries.
b) Netty based implementation for better throughput, lower latency.
10. Tools:
a) kadmin: Command-line interfaces to the Kerby administration system.
b) kinit: Obtains and caches an initial ticket-granting ticket for principal.
c) klist: Lists the Kerby principal and tickets held in a credentials cache, or the keys held in a keytab file.
11. Provides support for JAAS, GSSAPI and SASL frameworks that applications can leverage the authentication mechanisms provided by Kerby.
In progress:
1. Supports PKINIT mechanism to allow clients to request tickets using x509 certificate credentials. (50% is finished)
2. Server scripts for Kerby KDC.
3. Building support: checking style and find bugs.
4. Integration and compatible tests.
5. Building the web site.
Plan to do:
1. Supports OTP mechanism to allow clients to request tickets using One Time Password.
2. Consolidate the existing Change Password protocol implementation.
3. REST representation for Kadmin interface.
4. Implement remote mode kadmin tool based on Kadmin REST API
5. Web management console to simplify the configuration and management
6. Write the admin guide and user guide.
7. Implementing cross-realm support.
Please look at here https://github.com/apache/directory-kerby for details.
Thanks
Jiajia
-----Original Message-----
From: Li, Jiajia [mailto:jiajia.li@intel.com]
Sent: Friday, July 03, 2015 3:43 PM
To: kerby@directory.apache.org
Subject: RE: state of KDC
Kerby Status Summary
Supported(done and almost done):
1. Kerberos library:
KrbClient API
KDC server API
Kadmin API
Credential cache and keytab utilities
2. Provides a standalone KDC server .
3. Supports various identity backends including:
a) MemoryIdentityBackend
b) JsonIdentityBackend
c) LdapIdentityBackend
d) ZookeeperIdentityBackend
e) MavibotBackend.
4. Provides an embedded KDC server named SimpleKdcServer that applications can easily integrate into products, unit tests or integration tests.
5. Supports FAST/Preauthentication framework to allow popular and useful authentication mechanisms.
6. Supports Token Preauth mechanism to allow clients to request tickets using JWT tokens.
7. Client can request a TGT with:
a) User plain password credential
b) User keyTab
c) User token credential
8. Client can request a service ticket with:
a) user TGT credential for a server
b) user AccessToken credential for a server
9. Network support including UDP and TCP transport with two implementations:
a) Default implementation based on the JRE without depending on other libraries.
b) Netty based implementation for better throughput, lower latency.
10. Tools:
a) kadmin: Command-line interfaces to the Kerby administration system.
b) kinit: Obtains and caches an initial ticket-granting ticket for principal.
c) klist: Lists the Kerby principal and tickets held in a credentials cache, or the keys held in a keytab file.
11. Provides support for JAAS, GSSAPI and SASL frameworks that applications can leverage the authentication mechanisms provided by Kerby.
In progress:
1. Supports PKINIT mechanism to allow clients to request tickets using x509 certificate credentials. (50% is finished)
2. Server scripts for Kerby KDC.
3. Building support: checking style and find bugs.
4. Integration and compatible tests.
5. Building the web site.
Plan to do:
1. Supports OTP mechanism to allow clients to request tickets using One Time Password.
2. Consolidate the existing Change Password protocol implementation.
3. REST representation for Kadmin interface.
4. Implement remote mode kadmin tool based on Kadmin REST API
5. Web management console to simplify the configuration and management
6. Write the admin guide and user guide.
7. Implementing cross-realm support.
Please look at here https://github.com/apache/directory-kerby for details.
Thanks
Jiajia
-----Original Message-----
From: Kiran Ayyagari [mailto:kayyagari@apache.org]
Sent: Friday, July 03, 2015 11:33 AM
To: kerby@directory.apache.org
Subject: state of KDC
Can anyone summarize what our KDC can and cannot do?
I want to know what features are currently supported and what not and what are in progress.
thank you
--
Kiran Ayyagari
http://keydap.com
Re: RE: state of KDC
Posted by Lin Chen <li...@foxmail.com>.
Great summary, thanks Jiajia!
In the month, we mostly done some refining works to make kerby more complete. And +1 for releasing when the remaining things listed as TODOs done.
Thanks,
Lin
------------------ Original ------------------
From: "zhengkai";<ka...@intel.com>;
Date: Thu, Jul 30, 2015 02:59 PM
To: "kerby@directory.apache.org"<ke...@directory.apache.org>;
Subject: RE: state of KDC
Thanks Jiajia for the nice status!
+1 to cut the 1.0.0-rc1 release when get the TODO items done.
Regards,
Kai
-----Original Message-----
From: Li, Jiajia [mailto:jiajia.li@intel.com]
Sent: Thursday, July 30, 2015 12:52 PM
To: kerby@directory.apache.org
Subject: RE: state of KDC
Kerby Status Summary
From July 3 to July 30, 60+ JIRA features were resolved, including following features:
1. Add checkstyle plugin and fix all the checking style issues
2. Add findbugs plugin and fix findbugs issues
3. Add application server and client using GSSAPI/KRB to authenticate mutually
4. Add some SASL tests using real application client and server
5. Add the eclipse formatting rules
6. Extract cache facility from abstract class into a separate backend
7. Refine the kdc-dist, tool-dist and kerby-kdc package
8. Removing page and sort search in the backend
9. Add some scripts for windows
10. Add some logs and binding Log4j with SLF4j
11. Promote kerby-config and kerby-util as top level modules
12. Add the kdcinit tool, allows an administrator to perform procedures on the KDC backend
13. Add the authentication for kadmin tool before any operations
14. Add the end to end test for the token mechanism
15. Update the website and github readmes
TODO(before the first release)
1. Update building the website(include download content) 2. Update the admin guide and user guide.
3. Complete the java doc of important APIs
Would you let me know if you think some important features need to be done before the release.
And could we think about how and when to cut a first release(1.0.0-RC1)?
Thanks
Jiajia
-----Original Message-----
From: Li, Jiajia [mailto:jiajia.li@intel.com]
Sent: Friday, July 03, 2015 4:02 PM
To: kerby@directory.apache.org
Subject: RE: state of KDC
Refine the format for easying reading.
Kerby Status Summary
Supported(done and almost done):
1. Kerberos library:
a) KrbClient API
b) KDC server API
c) Kadmin API
d) Credential cache and keytab utilities
2. Provides a standalone KDC server .
3. Supports various identity backends including:
a) MemoryIdentityBackend
b) JsonIdentityBackend
c) LdapIdentityBackend
d) ZookeeperIdentityBackend
e) MavibotBackend.
4. Provides an embedded KDC server named SimpleKdcServer that applications can easily integrate into products, unit tests or integration tests.
5. Supports FAST/Preauthentication framework to allow popular and useful authentication mechanisms.
6. Supports Token Preauth mechanism to allow clients to request tickets using JWT tokens.
7. Client can request a TGT with:
a) User plain password credential
b) User keyTab
c) User token credential
8. Client can request a service ticket with:
a) user TGT credential for a server
b) user AccessToken credential for a server
9. Network support including UDP and TCP transport with two implementations:
a) Default implementation based on the JRE without depending on other libraries.
b) Netty based implementation for better throughput, lower latency.
10. Tools:
a) kadmin: Command-line interfaces to the Kerby administration system.
b) kinit: Obtains and caches an initial ticket-granting ticket for principal.
c) klist: Lists the Kerby principal and tickets held in a credentials cache, or the keys held in a keytab file.
11. Provides support for JAAS, GSSAPI and SASL frameworks that applications can leverage the authentication mechanisms provided by Kerby.
In progress:
1. Supports PKINIT mechanism to allow clients to request tickets using x509 certificate credentials. (50% is finished)
2. Server scripts for Kerby KDC.
3. Building support: checking style and find bugs.
4. Integration and compatible tests.
5. Building the web site.
Plan to do:
1. Supports OTP mechanism to allow clients to request tickets using One Time Password.
2. Consolidate the existing Change Password protocol implementation.
3. REST representation for Kadmin interface.
4. Implement remote mode kadmin tool based on Kadmin REST API
5. Web management console to simplify the configuration and management
6. Write the admin guide and user guide.
7. Implementing cross-realm support.
Please look at here https://github.com/apache/directory-kerby for details.
Thanks
Jiajia
-----Original Message-----
From: Li, Jiajia [mailto:jiajia.li@intel.com]
Sent: Friday, July 03, 2015 3:43 PM
To: kerby@directory.apache.org
Subject: RE: state of KDC
Kerby Status Summary
Supported(done and almost done):
1. Kerberos library:
KrbClient API
KDC server API
Kadmin API
Credential cache and keytab utilities
2. Provides a standalone KDC server .
3. Supports various identity backends including:
a) MemoryIdentityBackend
b) JsonIdentityBackend
c) LdapIdentityBackend
d) ZookeeperIdentityBackend
e) MavibotBackend.
4. Provides an embedded KDC server named SimpleKdcServer that applications can easily integrate into products, unit tests or integration tests.
5. Supports FAST/Preauthentication framework to allow popular and useful authentication mechanisms.
6. Supports Token Preauth mechanism to allow clients to request tickets using JWT tokens.
7. Client can request a TGT with:
a) User plain password credential
b) User keyTab
c) User token credential
8. Client can request a service ticket with:
a) user TGT credential for a server
b) user AccessToken credential for a server
9. Network support including UDP and TCP transport with two implementations:
a) Default implementation based on the JRE without depending on other libraries.
b) Netty based implementation for better throughput, lower latency.
10. Tools:
a) kadmin: Command-line interfaces to the Kerby administration system.
b) kinit: Obtains and caches an initial ticket-granting ticket for principal.
c) klist: Lists the Kerby principal and tickets held in a credentials cache, or the keys held in a keytab file.
11. Provides support for JAAS, GSSAPI and SASL frameworks that applications can leverage the authentication mechanisms provided by Kerby.
In progress:
1. Supports PKINIT mechanism to allow clients to request tickets using x509 certificate credentials. (50% is finished)
2. Server scripts for Kerby KDC.
3. Building support: checking style and find bugs.
4. Integration and compatible tests.
5. Building the web site.
Plan to do:
1. Supports OTP mechanism to allow clients to request tickets using One Time Password.
2. Consolidate the existing Change Password protocol implementation.
3. REST representation for Kadmin interface.
4. Implement remote mode kadmin tool based on Kadmin REST API
5. Web management console to simplify the configuration and management
6. Write the admin guide and user guide.
7. Implementing cross-realm support.
Please look at here https://github.com/apache/directory-kerby for details.
Thanks
Jiajia
-----Original Message-----
From: Kiran Ayyagari [mailto:kayyagari@apache.org]
Sent: Friday, July 03, 2015 11:33 AM
To: kerby@directory.apache.org
Subject: state of KDC
Can anyone summarize what our KDC can and cannot do?
I want to know what features are currently supported and what not and what are in progress.
thank you
--
Kiran Ayyagari
http://keydap.com
RE: state of KDC
Posted by "Zheng, Kai" <ka...@intel.com>.
Thanks Jiajia for the nice status!
+1 to cut the 1.0.0-rc1 release when get the TODO items done.
Regards,
Kai
-----Original Message-----
From: Li, Jiajia [mailto:jiajia.li@intel.com]
Sent: Thursday, July 30, 2015 12:52 PM
To: kerby@directory.apache.org
Subject: RE: state of KDC
Kerby Status Summary
From July 3 to July 30, 60+ JIRA features were resolved, including following features:
1. Add checkstyle plugin and fix all the checking style issues
2. Add findbugs plugin and fix findbugs issues
3. Add application server and client using GSSAPI/KRB to authenticate mutually
4. Add some SASL tests using real application client and server
5. Add the eclipse formatting rules
6. Extract cache facility from abstract class into a separate backend
7. Refine the kdc-dist, tool-dist and kerby-kdc package
8. Removing page and sort search in the backend
9. Add some scripts for windows
10. Add some logs and binding Log4j with SLF4j
11. Promote kerby-config and kerby-util as top level modules
12. Add the kdcinit tool, allows an administrator to perform procedures on the KDC backend
13. Add the authentication for kadmin tool before any operations
14. Add the end to end test for the token mechanism
15. Update the website and github readmes
TODO(before the first release)
1. Update building the website(include download content) 2. Update the admin guide and user guide.
3. Complete the java doc of important APIs
Would you let me know if you think some important features need to be done before the release.
And could we think about how and when to cut a first release(1.0.0-RC1)?
Thanks
Jiajia
-----Original Message-----
From: Li, Jiajia [mailto:jiajia.li@intel.com]
Sent: Friday, July 03, 2015 4:02 PM
To: kerby@directory.apache.org
Subject: RE: state of KDC
Refine the format for easying reading.
Kerby Status Summary
Supported(done and almost done):
1. Kerberos library:
a) KrbClient API
b) KDC server API
c) Kadmin API
d) Credential cache and keytab utilities
2. Provides a standalone KDC server .
3. Supports various identity backends including:
a) MemoryIdentityBackend
b) JsonIdentityBackend
c) LdapIdentityBackend
d) ZookeeperIdentityBackend
e) MavibotBackend.
4. Provides an embedded KDC server named SimpleKdcServer that applications can easily integrate into products, unit tests or integration tests.
5. Supports FAST/Preauthentication framework to allow popular and useful authentication mechanisms.
6. Supports Token Preauth mechanism to allow clients to request tickets using JWT tokens.
7. Client can request a TGT with:
a) User plain password credential
b) User keyTab
c) User token credential
8. Client can request a service ticket with:
a) user TGT credential for a server
b) user AccessToken credential for a server
9. Network support including UDP and TCP transport with two implementations:
a) Default implementation based on the JRE without depending on other libraries.
b) Netty based implementation for better throughput, lower latency.
10. Tools:
a) kadmin: Command-line interfaces to the Kerby administration system.
b) kinit: Obtains and caches an initial ticket-granting ticket for principal.
c) klist: Lists the Kerby principal and tickets held in a credentials cache, or the keys held in a keytab file.
11. Provides support for JAAS, GSSAPI and SASL frameworks that applications can leverage the authentication mechanisms provided by Kerby.
In progress:
1. Supports PKINIT mechanism to allow clients to request tickets using x509 certificate credentials. (50% is finished)
2. Server scripts for Kerby KDC.
3. Building support: checking style and find bugs.
4. Integration and compatible tests.
5. Building the web site.
Plan to do:
1. Supports OTP mechanism to allow clients to request tickets using One Time Password.
2. Consolidate the existing Change Password protocol implementation.
3. REST representation for Kadmin interface.
4. Implement remote mode kadmin tool based on Kadmin REST API
5. Web management console to simplify the configuration and management
6. Write the admin guide and user guide.
7. Implementing cross-realm support.
Please look at here https://github.com/apache/directory-kerby for details.
Thanks
Jiajia
-----Original Message-----
From: Li, Jiajia [mailto:jiajia.li@intel.com]
Sent: Friday, July 03, 2015 3:43 PM
To: kerby@directory.apache.org
Subject: RE: state of KDC
Kerby Status Summary
Supported(done and almost done):
1. Kerberos library:
KrbClient API
KDC server API
Kadmin API
Credential cache and keytab utilities
2. Provides a standalone KDC server .
3. Supports various identity backends including:
a) MemoryIdentityBackend
b) JsonIdentityBackend
c) LdapIdentityBackend
d) ZookeeperIdentityBackend
e) MavibotBackend.
4. Provides an embedded KDC server named SimpleKdcServer that applications can easily integrate into products, unit tests or integration tests.
5. Supports FAST/Preauthentication framework to allow popular and useful authentication mechanisms.
6. Supports Token Preauth mechanism to allow clients to request tickets using JWT tokens.
7. Client can request a TGT with:
a) User plain password credential
b) User keyTab
c) User token credential
8. Client can request a service ticket with:
a) user TGT credential for a server
b) user AccessToken credential for a server
9. Network support including UDP and TCP transport with two implementations:
a) Default implementation based on the JRE without depending on other libraries.
b) Netty based implementation for better throughput, lower latency.
10. Tools:
a) kadmin: Command-line interfaces to the Kerby administration system.
b) kinit: Obtains and caches an initial ticket-granting ticket for principal.
c) klist: Lists the Kerby principal and tickets held in a credentials cache, or the keys held in a keytab file.
11. Provides support for JAAS, GSSAPI and SASL frameworks that applications can leverage the authentication mechanisms provided by Kerby.
In progress:
1. Supports PKINIT mechanism to allow clients to request tickets using x509 certificate credentials. (50% is finished)
2. Server scripts for Kerby KDC.
3. Building support: checking style and find bugs.
4. Integration and compatible tests.
5. Building the web site.
Plan to do:
1. Supports OTP mechanism to allow clients to request tickets using One Time Password.
2. Consolidate the existing Change Password protocol implementation.
3. REST representation for Kadmin interface.
4. Implement remote mode kadmin tool based on Kadmin REST API
5. Web management console to simplify the configuration and management
6. Write the admin guide and user guide.
7. Implementing cross-realm support.
Please look at here https://github.com/apache/directory-kerby for details.
Thanks
Jiajia
-----Original Message-----
From: Kiran Ayyagari [mailto:kayyagari@apache.org]
Sent: Friday, July 03, 2015 11:33 AM
To: kerby@directory.apache.org
Subject: state of KDC
Can anyone summarize what our KDC can and cannot do?
I want to know what features are currently supported and what not and what are in progress.
thank you
--
Kiran Ayyagari
http://keydap.com
RE: state of KDC
Posted by "Zheng, Kai" <ka...@intel.com>.
Thanks Emmanuel for the guide!! Yes we will study it and prepare for the related materials. I thought the weekend is good soon, even OK from my side next week, if you could help and please take the time.
Regards,
Kai
-----Original Message-----
From: Emmanuel Lécharny [mailto:elecharny@gmail.com]
Sent: Thursday, August 20, 2015 5:31 PM
To: kerby@directory.apache.org
Subject: Re: state of KDC
Le 20/08/15 04:56, Zheng, Kai a écrit :
> Thanks for the update.
>
> I don’t have the experience of having a release for a project in ASF, and guess at the least we should consider two things in my point of view:
> 1. Push the maven module artifacts to public places?
> 2. Prepare an announcement email?
Hi Kai,
you can read about the process on
http://directory.apache.org/api/developer-guide.html (Releasing the LDAP
API) .
It's a bit convoluted, but all in all, it does the job. Everything will be injected into maven.
I can cut the first release and provide some feedback if needed (but it will be this week-end, I'm quite busy until then).
Re: state of KDC
Posted by Emmanuel Lécharny <el...@gmail.com>.
Le 20/08/15 04:56, Zheng, Kai a écrit :
> Thanks for the update.
>
> I don’t have the experience of having a release for a project in ASF, and guess at the least we should consider two things in my point of view:
> 1. Push the maven module artifacts to public places?
> 2. Prepare an announcement email?
Hi Kai,
you can read about the process on
http://directory.apache.org/api/developer-guide.html (Releasing the LDAP
API) .
It's a bit convoluted, but all in all, it does the job. Everything will
be injected into maven.
I can cut the first release and provide some feedback if needed (but it
will be this week-end, I'm quite busy until then).
RE: state of KDC
Posted by "Zheng, Kai" <ka...@intel.com>.
Thanks for the update.
I don’t have the experience of having a release for a project in ASF, and guess at the least we should consider two things in my point of view:
1. Push the maven module artifacts to public places?
2. Prepare an announcement email?
As we may not have any downloadable binary packages, I'm wondering this is good enough. Thanks anyone that may have the time and lend the hand!
Regards,
Kai
-----Original Message-----
From: Colm O hEigeartaigh [mailto:coheigea@apache.org]
Sent: Wednesday, August 19, 2015 7:33 PM
To: kerby@directory.apache.org
Subject: Re: state of KDC
+1 for proceeding with the release.
Colm.
On Wed, Aug 19, 2015 at 9:54 AM, Li, Jiajia <ji...@intel.com> wrote:
> Refine the format.
>
> Kerby Status Summary
>
> From July 30 to August 19, 26 JIRA issues were resolved, including
> following:
> 1. Update building the websites
> 2. Update the admin guide and user guide.
> 3. Complete the java doc of important APIs.
> 4. Check the codebase and add license headers for missing places.
> 5. Add a BUILDING readme to document the supported build options.
> 6. Add JsonBackendBenchmark.
> 7. Fix kadmin break down when input command is illegal.
> 8. Fix throw KrbException problem when authentication fails.
> 9. Glob filter for command list_principal and ktadd of Kadmin.
> 10. Debug option and usage fixup for the tools.
> 11. Create krb5.conf for kadmin authentication with jaas.
> 12. Fix Maven pom project version issues.
> 13. Serializable classes serialVersionUID field missing.
> 14. Raw Types should be parameterized.
> 15. Resource leaks in IOUtil and ToolUtil.
> 16. Fix some check style issues.
> 17. Refined kdc init tool and backend.
> 18. Fix some tests.
> 19. Change the version of mavibot dependency to 1.0.0-M8.
>
> Pkinit branch:
> 1. Merge from mater and fix some checkstyle issues.
> 2. Discuss in the community about how to implement the pkinit feature
> and find out the next things we can do.
>
> The remaining things listed as TODOs in July 30’s status are done.
> So could we think about cut the first release(1.0.0-RC1)?
> Is there anything we have to do for the release but gets missed? If
> no, how to proceed? Thanks for thinking about this!
>
> Thanks
> Jiajia
>
>
> -----Original Message-----
> From: Li, Jiajia [mailto:jiajia.li@intel.com]
> Sent: Wednesday, August 19, 2015 4:50 PM
> To: kerby@directory.apache.org
> Subject: RE: state of KDC
>
> Kerby Status Summary
>
> From July 30 to August 19, 26 JIRA issues were resolved, including
> following:
> 1. Update building the websites
> 2. Update the admin guide and user guide.
> 3. Complete the java doc of important APIs 4. Check the codebase and
> add license headers for missing places.
> 5. Add a BUILDING readme to document the supported build options 6.
> Add JsonBackendBenchmark 7. Fix kadmin break down when input command
> is illegal 8. Fix throw KrbException problem when authentication fails 9.
> Glob filter for command list_principal and ktadd of Kadmin 10. Debug
> option and usage fixup for the tools 11. Create krb5.conf for kadmin
> authentication with jaas.
> 12. Fix Maven pom project version issues 13. Serializable classes
> serialVersionUID field missing 14. Raw Types should be parameterized.
> 15. Resource leaks in IOUtil and ToolUtil.
> 16. Fix some check style issues.
> 17. Refined kdc init tool and backend 18. Fix some tests 19. Change
> the version of mavibot dependency to 1.0.0-M8.
>
> Pkinit branch:
> 1. Merge from mater and fix some checkstyle issues.
> 2. Discuss in the community about how to implement the pkinit feature
> and find out the next things we can do.
>
> The remaining things listed as TODOs in July 30’s status are done.
> So could we think about cut the first release(1.0.0-RC1)?
> Is there anything we have to do for the release but gets missed? If
> no, how to proceed? Thanks for thinking about this!
>
> Thanks
> Jiajia
>
>
> -----Original Message-----
> From: Li, Jiajia [mailto:jiajia.li@intel.com]
> Sent: Thursday, July 30, 2015 12:52 PM
> To: kerby@directory.apache.org
> Subject: RE: state of KDC
>
> Kerby Status Summary
>
> From July 3 to July 30, 60+ JIRA features were resolved, including
> following features:
> 1. Add checkstyle plugin and fix all the checking style issues
> 2. Add findbugs plugin and fix findbugs issues
> 3. Add application server and client using GSSAPI/KRB to authenticate
> mutually
> 4. Add some SASL tests using real application client and server
> 5. Add the eclipse formatting rules
> 6. Extract cache facility from abstract class into a separate backend
> 7. Refine the kdc-dist, tool-dist and kerby-kdc package
> 8. Removing page and sort search in the backend
> 9. Add some scripts for windows
> 10. Add some logs and binding Log4j with SLF4j
> 11. Promote kerby-config and kerby-util as top level modules
> 12. Add the kdcinit tool, allows an administrator to perform
> procedures on the KDC backend
> 13. Add the authentication for kadmin tool before any operations
> 14. Add the end to end test for the token mechanism
> 15. Update the website and github readmes
>
> TODO(before the first release)
> 1. Update building the website(include download content) 2. Update
> the admin guide and user guide.
> 3. Complete the java doc of important APIs
>
> Would you let me know if you think some important features need to be
> done before the release.
> And could we think about how and when to cut a first release(1.0.0-RC1)?
>
> Thanks
> Jiajia
>
> -----Original Message-----
> From: Li, Jiajia [mailto:jiajia.li@intel.com]
> Sent: Friday, July 03, 2015 4:02 PM
> To: kerby@directory.apache.org
> Subject: RE: state of KDC
>
> Refine the format for easying reading.
>
> Kerby Status Summary
>
> Supported(done and almost done):
> 1. Kerberos library:
> a) KrbClient API
> b) KDC server API
> c) Kadmin API
> d) Credential cache and keytab utilities
>
> 2. Provides a standalone KDC server .
>
> 3. Supports various identity backends including:
> a) MemoryIdentityBackend
> b) JsonIdentityBackend
> c) LdapIdentityBackend
> d) ZookeeperIdentityBackend
> e) MavibotBackend.
>
> 4. Provides an embedded KDC server named SimpleKdcServer that
> applications can easily integrate into products, unit tests or integration tests.
>
> 5. Supports FAST/Preauthentication framework to allow popular and
> useful authentication mechanisms.
>
> 6. Supports Token Preauth mechanism to allow clients to request
> tickets using JWT tokens.
>
> 7. Client can request a TGT with:
> a) User plain password credential
> b) User keyTab
> c) User token credential
>
> 8. Client can request a service ticket with:
> a) user TGT credential for a server
> b) user AccessToken credential for a server
>
> 9. Network support including UDP and TCP transport with two
> implementations:
> a) Default implementation based on the JRE without depending on
> other libraries.
> b) Netty based implementation for better throughput, lower latency.
>
> 10. Tools:
> a) kadmin: Command-line interfaces to the Kerby administration system.
> b) kinit: Obtains and caches an initial ticket-granting ticket for
> principal.
> c) klist: Lists the Kerby principal and tickets held in a
> credentials cache, or the keys held in a keytab file.
>
> 11. Provides support for JAAS, GSSAPI and SASL frameworks that
> applications can leverage the authentication mechanisms provided by Kerby.
>
> In progress:
> 1. Supports PKINIT mechanism to allow clients to request tickets using
> x509 certificate credentials. (50% is finished)
>
> 2. Server scripts for Kerby KDC.
>
> 3. Building support: checking style and find bugs.
>
> 4. Integration and compatible tests.
>
> 5. Building the web site.
>
> Plan to do:
> 1. Supports OTP mechanism to allow clients to request tickets using
> One Time Password.
>
> 2. Consolidate the existing Change Password protocol implementation.
>
> 3. REST representation for Kadmin interface.
>
> 4. Implement remote mode kadmin tool based on Kadmin REST API
>
> 5. Web management console to simplify the configuration and management
>
> 6. Write the admin guide and user guide.
>
> 7. Implementing cross-realm support.
>
> Please look at here https://github.com/apache/directory-kerby for details.
>
> Thanks
> Jiajia
>
> -----Original Message-----
> From: Li, Jiajia [mailto:jiajia.li@intel.com]
> Sent: Friday, July 03, 2015 3:43 PM
> To: kerby@directory.apache.org
> Subject: RE: state of KDC
>
> Kerby Status Summary
>
> Supported(done and almost done):
> 1. Kerberos library:
> KrbClient API
> KDC server API
> Kadmin API
> Credential cache and keytab utilities
> 2. Provides a standalone KDC server .
> 3. Supports various identity backends including:
> a) MemoryIdentityBackend
> b) JsonIdentityBackend
> c) LdapIdentityBackend
> d) ZookeeperIdentityBackend
> e) MavibotBackend.
> 4. Provides an embedded KDC server named SimpleKdcServer that
> applications can easily integrate into products, unit tests or
> integration tests.
> 5. Supports FAST/Preauthentication framework to allow popular and
> useful authentication mechanisms.
> 6. Supports Token Preauth mechanism to allow clients to request
> tickets using JWT tokens.
> 7. Client can request a TGT with:
> a) User plain password credential
> b) User keyTab
> c) User token credential
> 8. Client can request a service ticket with:
> a) user TGT credential for a server
> b) user AccessToken credential for a server
> 9. Network support including UDP and TCP transport with two
> implementations:
> a) Default implementation based on the JRE without depending on other
> libraries.
> b) Netty based implementation for better throughput, lower latency.
> 10. Tools:
> a) kadmin: Command-line interfaces to the Kerby administration system.
> b) kinit: Obtains and caches an initial ticket-granting ticket for
> principal.
> c) klist: Lists the Kerby principal and tickets held in a credentials
> cache, or the keys held in a keytab file.
> 11. Provides support for JAAS, GSSAPI and SASL frameworks that
> applications can leverage the authentication mechanisms provided by Kerby.
>
> In progress:
> 1. Supports PKINIT mechanism to allow clients to request tickets
> using x509 certificate credentials. (50% is finished)
> 2. Server scripts for Kerby KDC.
> 3. Building support: checking style and find bugs.
> 4. Integration and compatible tests.
> 5. Building the web site.
>
> Plan to do:
> 1. Supports OTP mechanism to allow clients to request tickets using
> One Time Password.
> 2. Consolidate the existing Change Password protocol implementation.
> 3. REST representation for Kadmin interface.
> 4. Implement remote mode kadmin tool based on Kadmin REST API
> 5. Web management console to simplify the configuration and management
> 6. Write the admin guide and user guide.
> 7. Implementing cross-realm support.
>
> Please look at here https://github.com/apache/directory-kerby for details.
>
>
> Thanks
> Jiajia
>
> -----Original Message-----
> From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> Sent: Friday, July 03, 2015 11:33 AM
> To: kerby@directory.apache.org
> Subject: state of KDC
>
> Can anyone summarize what our KDC can and cannot do?
>
> I want to know what features are currently supported and what not and
> what are in progress.
>
> thank you
>
> --
> Kiran Ayyagari
> http://keydap.com
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: state of KDC
Posted by Colm O hEigeartaigh <co...@apache.org>.
+1 for proceeding with the release.
Colm.
On Wed, Aug 19, 2015 at 9:54 AM, Li, Jiajia <ji...@intel.com> wrote:
> Refine the format.
>
> Kerby Status Summary
>
> From July 30 to August 19, 26 JIRA issues were resolved, including
> following:
> 1. Update building the websites
> 2. Update the admin guide and user guide.
> 3. Complete the java doc of important APIs.
> 4. Check the codebase and add license headers for missing places.
> 5. Add a BUILDING readme to document the supported build options.
> 6. Add JsonBackendBenchmark.
> 7. Fix kadmin break down when input command is illegal.
> 8. Fix throw KrbException problem when authentication fails.
> 9. Glob filter for command list_principal and ktadd of Kadmin.
> 10. Debug option and usage fixup for the tools.
> 11. Create krb5.conf for kadmin authentication with jaas.
> 12. Fix Maven pom project version issues.
> 13. Serializable classes serialVersionUID field missing.
> 14. Raw Types should be parameterized.
> 15. Resource leaks in IOUtil and ToolUtil.
> 16. Fix some check style issues.
> 17. Refined kdc init tool and backend.
> 18. Fix some tests.
> 19. Change the version of mavibot dependency to 1.0.0-M8.
>
> Pkinit branch:
> 1. Merge from mater and fix some checkstyle issues.
> 2. Discuss in the community about how to implement the pkinit feature and
> find out the next things we can do.
>
> The remaining things listed as TODOs in July 30’s status are done.
> So could we think about cut the first release(1.0.0-RC1)?
> Is there anything we have to do for the release but gets missed? If no,
> how to proceed? Thanks for thinking about this!
>
> Thanks
> Jiajia
>
>
> -----Original Message-----
> From: Li, Jiajia [mailto:jiajia.li@intel.com]
> Sent: Wednesday, August 19, 2015 4:50 PM
> To: kerby@directory.apache.org
> Subject: RE: state of KDC
>
> Kerby Status Summary
>
> From July 30 to August 19, 26 JIRA issues were resolved, including
> following:
> 1. Update building the websites
> 2. Update the admin guide and user guide.
> 3. Complete the java doc of important APIs 4. Check the codebase and add
> license headers for missing places.
> 5. Add a BUILDING readme to document the supported build options 6. Add
> JsonBackendBenchmark 7. Fix kadmin break down when input command is
> illegal 8. Fix throw KrbException problem when authentication fails 9.
> Glob filter for command list_principal and ktadd of Kadmin 10. Debug
> option and usage fixup for the tools 11. Create krb5.conf for kadmin
> authentication with jaas.
> 12. Fix Maven pom project version issues 13. Serializable classes
> serialVersionUID field missing 14. Raw Types should be parameterized.
> 15. Resource leaks in IOUtil and ToolUtil.
> 16. Fix some check style issues.
> 17. Refined kdc init tool and backend
> 18. Fix some tests
> 19. Change the version of mavibot dependency to 1.0.0-M8.
>
> Pkinit branch:
> 1. Merge from mater and fix some checkstyle issues.
> 2. Discuss in the community about how to implement the pkinit feature and
> find out the next things we can do.
>
> The remaining things listed as TODOs in July 30’s status are done.
> So could we think about cut the first release(1.0.0-RC1)?
> Is there anything we have to do for the release but gets missed? If no,
> how to proceed? Thanks for thinking about this!
>
> Thanks
> Jiajia
>
>
> -----Original Message-----
> From: Li, Jiajia [mailto:jiajia.li@intel.com]
> Sent: Thursday, July 30, 2015 12:52 PM
> To: kerby@directory.apache.org
> Subject: RE: state of KDC
>
> Kerby Status Summary
>
> From July 3 to July 30, 60+ JIRA features were resolved, including
> following features:
> 1. Add checkstyle plugin and fix all the checking style issues
> 2. Add findbugs plugin and fix findbugs issues
> 3. Add application server and client using GSSAPI/KRB to authenticate
> mutually
> 4. Add some SASL tests using real application client and server
> 5. Add the eclipse formatting rules
> 6. Extract cache facility from abstract class into a separate backend
> 7. Refine the kdc-dist, tool-dist and kerby-kdc package
> 8. Removing page and sort search in the backend
> 9. Add some scripts for windows
> 10. Add some logs and binding Log4j with SLF4j
> 11. Promote kerby-config and kerby-util as top level modules
> 12. Add the kdcinit tool, allows an administrator to perform
> procedures on the KDC backend
> 13. Add the authentication for kadmin tool before any operations
> 14. Add the end to end test for the token mechanism
> 15. Update the website and github readmes
>
> TODO(before the first release)
> 1. Update building the website(include download content) 2. Update the
> admin guide and user guide.
> 3. Complete the java doc of important APIs
>
> Would you let me know if you think some important features need to be done
> before the release.
> And could we think about how and when to cut a first release(1.0.0-RC1)?
>
> Thanks
> Jiajia
>
> -----Original Message-----
> From: Li, Jiajia [mailto:jiajia.li@intel.com]
> Sent: Friday, July 03, 2015 4:02 PM
> To: kerby@directory.apache.org
> Subject: RE: state of KDC
>
> Refine the format for easying reading.
>
> Kerby Status Summary
>
> Supported(done and almost done):
> 1. Kerberos library:
> a) KrbClient API
> b) KDC server API
> c) Kadmin API
> d) Credential cache and keytab utilities
>
> 2. Provides a standalone KDC server .
>
> 3. Supports various identity backends including:
> a) MemoryIdentityBackend
> b) JsonIdentityBackend
> c) LdapIdentityBackend
> d) ZookeeperIdentityBackend
> e) MavibotBackend.
>
> 4. Provides an embedded KDC server named SimpleKdcServer that applications
> can easily integrate into products, unit tests or integration tests.
>
> 5. Supports FAST/Preauthentication framework to allow popular and useful
> authentication mechanisms.
>
> 6. Supports Token Preauth mechanism to allow clients to request tickets
> using JWT tokens.
>
> 7. Client can request a TGT with:
> a) User plain password credential
> b) User keyTab
> c) User token credential
>
> 8. Client can request a service ticket with:
> a) user TGT credential for a server
> b) user AccessToken credential for a server
>
> 9. Network support including UDP and TCP transport with two
> implementations:
> a) Default implementation based on the JRE without depending on other
> libraries.
> b) Netty based implementation for better throughput, lower latency.
>
> 10. Tools:
> a) kadmin: Command-line interfaces to the Kerby administration system.
> b) kinit: Obtains and caches an initial ticket-granting ticket for
> principal.
> c) klist: Lists the Kerby principal and tickets held in a credentials
> cache, or the keys held in a keytab file.
>
> 11. Provides support for JAAS, GSSAPI and SASL frameworks that
> applications can leverage the authentication mechanisms provided by Kerby.
>
> In progress:
> 1. Supports PKINIT mechanism to allow clients to request tickets using
> x509 certificate credentials. (50% is finished)
>
> 2. Server scripts for Kerby KDC.
>
> 3. Building support: checking style and find bugs.
>
> 4. Integration and compatible tests.
>
> 5. Building the web site.
>
> Plan to do:
> 1. Supports OTP mechanism to allow clients to request tickets using One
> Time Password.
>
> 2. Consolidate the existing Change Password protocol implementation.
>
> 3. REST representation for Kadmin interface.
>
> 4. Implement remote mode kadmin tool based on Kadmin REST API
>
> 5. Web management console to simplify the configuration and management
>
> 6. Write the admin guide and user guide.
>
> 7. Implementing cross-realm support.
>
> Please look at here https://github.com/apache/directory-kerby for details.
>
> Thanks
> Jiajia
>
> -----Original Message-----
> From: Li, Jiajia [mailto:jiajia.li@intel.com]
> Sent: Friday, July 03, 2015 3:43 PM
> To: kerby@directory.apache.org
> Subject: RE: state of KDC
>
> Kerby Status Summary
>
> Supported(done and almost done):
> 1. Kerberos library:
> KrbClient API
> KDC server API
> Kadmin API
> Credential cache and keytab utilities
> 2. Provides a standalone KDC server .
> 3. Supports various identity backends including:
> a) MemoryIdentityBackend
> b) JsonIdentityBackend
> c) LdapIdentityBackend
> d) ZookeeperIdentityBackend
> e) MavibotBackend.
> 4. Provides an embedded KDC server named SimpleKdcServer that
> applications can easily integrate into products, unit tests or integration
> tests.
> 5. Supports FAST/Preauthentication framework to allow popular and
> useful authentication mechanisms.
> 6. Supports Token Preauth mechanism to allow clients to request
> tickets using JWT tokens.
> 7. Client can request a TGT with:
> a) User plain password credential
> b) User keyTab
> c) User token credential
> 8. Client can request a service ticket with:
> a) user TGT credential for a server
> b) user AccessToken credential for a server
> 9. Network support including UDP and TCP transport with two
> implementations:
> a) Default implementation based on the JRE without depending on other
> libraries.
> b) Netty based implementation for better throughput, lower latency.
> 10. Tools:
> a) kadmin: Command-line interfaces to the Kerby administration system.
> b) kinit: Obtains and caches an initial ticket-granting ticket for
> principal.
> c) klist: Lists the Kerby principal and tickets held in a credentials
> cache, or the keys held in a keytab file.
> 11. Provides support for JAAS, GSSAPI and SASL frameworks that
> applications can leverage the authentication mechanisms provided by Kerby.
>
> In progress:
> 1. Supports PKINIT mechanism to allow clients to request tickets
> using x509 certificate credentials. (50% is finished)
> 2. Server scripts for Kerby KDC.
> 3. Building support: checking style and find bugs.
> 4. Integration and compatible tests.
> 5. Building the web site.
>
> Plan to do:
> 1. Supports OTP mechanism to allow clients to request tickets using
> One Time Password.
> 2. Consolidate the existing Change Password protocol implementation.
> 3. REST representation for Kadmin interface.
> 4. Implement remote mode kadmin tool based on Kadmin REST API
> 5. Web management console to simplify the configuration and management
> 6. Write the admin guide and user guide.
> 7. Implementing cross-realm support.
>
> Please look at here https://github.com/apache/directory-kerby for details.
>
>
> Thanks
> Jiajia
>
> -----Original Message-----
> From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> Sent: Friday, July 03, 2015 11:33 AM
> To: kerby@directory.apache.org
> Subject: state of KDC
>
> Can anyone summarize what our KDC can and cannot do?
>
> I want to know what features are currently supported and what not and what
> are in progress.
>
> thank you
>
> --
> Kiran Ayyagari
> http://keydap.com
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
RE: state of KDC
Posted by "Li, Jiajia" <ji...@intel.com>.
Refine the format.
Kerby Status Summary
From July 30 to August 19, 26 JIRA issues were resolved, including following:
1. Update building the websites
2. Update the admin guide and user guide.
3. Complete the java doc of important APIs.
4. Check the codebase and add license headers for missing places.
5. Add a BUILDING readme to document the supported build options.
6. Add JsonBackendBenchmark.
7. Fix kadmin break down when input command is illegal.
8. Fix throw KrbException problem when authentication fails.
9. Glob filter for command list_principal and ktadd of Kadmin.
10. Debug option and usage fixup for the tools.
11. Create krb5.conf for kadmin authentication with jaas.
12. Fix Maven pom project version issues.
13. Serializable classes serialVersionUID field missing.
14. Raw Types should be parameterized.
15. Resource leaks in IOUtil and ToolUtil.
16. Fix some check style issues.
17. Refined kdc init tool and backend.
18. Fix some tests.
19. Change the version of mavibot dependency to 1.0.0-M8.
Pkinit branch:
1. Merge from mater and fix some checkstyle issues.
2. Discuss in the community about how to implement the pkinit feature and find out the next things we can do.
The remaining things listed as TODOs in July 30’s status are done.
So could we think about cut the first release(1.0.0-RC1)?
Is there anything we have to do for the release but gets missed? If no, how to proceed? Thanks for thinking about this!
Thanks
Jiajia
-----Original Message-----
From: Li, Jiajia [mailto:jiajia.li@intel.com]
Sent: Wednesday, August 19, 2015 4:50 PM
To: kerby@directory.apache.org
Subject: RE: state of KDC
Kerby Status Summary
From July 30 to August 19, 26 JIRA issues were resolved, including following:
1. Update building the websites
2. Update the admin guide and user guide.
3. Complete the java doc of important APIs 4. Check the codebase and add license headers for missing places.
5. Add a BUILDING readme to document the supported build options 6. Add JsonBackendBenchmark 7. Fix kadmin break down when input command is illegal 8. Fix throw KrbException problem when authentication fails 9. Glob filter for command list_principal and ktadd of Kadmin 10. Debug option and usage fixup for the tools 11. Create krb5.conf for kadmin authentication with jaas.
12. Fix Maven pom project version issues 13. Serializable classes serialVersionUID field missing 14. Raw Types should be parameterized.
15. Resource leaks in IOUtil and ToolUtil.
16. Fix some check style issues.
17. Refined kdc init tool and backend
18. Fix some tests
19. Change the version of mavibot dependency to 1.0.0-M8.
Pkinit branch:
1. Merge from mater and fix some checkstyle issues.
2. Discuss in the community about how to implement the pkinit feature and find out the next things we can do.
The remaining things listed as TODOs in July 30’s status are done.
So could we think about cut the first release(1.0.0-RC1)?
Is there anything we have to do for the release but gets missed? If no, how to proceed? Thanks for thinking about this!
Thanks
Jiajia
-----Original Message-----
From: Li, Jiajia [mailto:jiajia.li@intel.com]
Sent: Thursday, July 30, 2015 12:52 PM
To: kerby@directory.apache.org
Subject: RE: state of KDC
Kerby Status Summary
From July 3 to July 30, 60+ JIRA features were resolved, including following features:
1. Add checkstyle plugin and fix all the checking style issues
2. Add findbugs plugin and fix findbugs issues
3. Add application server and client using GSSAPI/KRB to authenticate mutually
4. Add some SASL tests using real application client and server
5. Add the eclipse formatting rules
6. Extract cache facility from abstract class into a separate backend
7. Refine the kdc-dist, tool-dist and kerby-kdc package
8. Removing page and sort search in the backend
9. Add some scripts for windows
10. Add some logs and binding Log4j with SLF4j
11. Promote kerby-config and kerby-util as top level modules
12. Add the kdcinit tool, allows an administrator to perform procedures on the KDC backend
13. Add the authentication for kadmin tool before any operations
14. Add the end to end test for the token mechanism
15. Update the website and github readmes
TODO(before the first release)
1. Update building the website(include download content) 2. Update the admin guide and user guide.
3. Complete the java doc of important APIs
Would you let me know if you think some important features need to be done before the release.
And could we think about how and when to cut a first release(1.0.0-RC1)?
Thanks
Jiajia
-----Original Message-----
From: Li, Jiajia [mailto:jiajia.li@intel.com]
Sent: Friday, July 03, 2015 4:02 PM
To: kerby@directory.apache.org
Subject: RE: state of KDC
Refine the format for easying reading.
Kerby Status Summary
Supported(done and almost done):
1. Kerberos library:
a) KrbClient API
b) KDC server API
c) Kadmin API
d) Credential cache and keytab utilities
2. Provides a standalone KDC server .
3. Supports various identity backends including:
a) MemoryIdentityBackend
b) JsonIdentityBackend
c) LdapIdentityBackend
d) ZookeeperIdentityBackend
e) MavibotBackend.
4. Provides an embedded KDC server named SimpleKdcServer that applications can easily integrate into products, unit tests or integration tests.
5. Supports FAST/Preauthentication framework to allow popular and useful authentication mechanisms.
6. Supports Token Preauth mechanism to allow clients to request tickets using JWT tokens.
7. Client can request a TGT with:
a) User plain password credential
b) User keyTab
c) User token credential
8. Client can request a service ticket with:
a) user TGT credential for a server
b) user AccessToken credential for a server
9. Network support including UDP and TCP transport with two implementations:
a) Default implementation based on the JRE without depending on other libraries.
b) Netty based implementation for better throughput, lower latency.
10. Tools:
a) kadmin: Command-line interfaces to the Kerby administration system.
b) kinit: Obtains and caches an initial ticket-granting ticket for principal.
c) klist: Lists the Kerby principal and tickets held in a credentials cache, or the keys held in a keytab file.
11. Provides support for JAAS, GSSAPI and SASL frameworks that applications can leverage the authentication mechanisms provided by Kerby.
In progress:
1. Supports PKINIT mechanism to allow clients to request tickets using x509 certificate credentials. (50% is finished)
2. Server scripts for Kerby KDC.
3. Building support: checking style and find bugs.
4. Integration and compatible tests.
5. Building the web site.
Plan to do:
1. Supports OTP mechanism to allow clients to request tickets using One Time Password.
2. Consolidate the existing Change Password protocol implementation.
3. REST representation for Kadmin interface.
4. Implement remote mode kadmin tool based on Kadmin REST API
5. Web management console to simplify the configuration and management
6. Write the admin guide and user guide.
7. Implementing cross-realm support.
Please look at here https://github.com/apache/directory-kerby for details.
Thanks
Jiajia
-----Original Message-----
From: Li, Jiajia [mailto:jiajia.li@intel.com]
Sent: Friday, July 03, 2015 3:43 PM
To: kerby@directory.apache.org
Subject: RE: state of KDC
Kerby Status Summary
Supported(done and almost done):
1. Kerberos library:
KrbClient API
KDC server API
Kadmin API
Credential cache and keytab utilities
2. Provides a standalone KDC server .
3. Supports various identity backends including:
a) MemoryIdentityBackend
b) JsonIdentityBackend
c) LdapIdentityBackend
d) ZookeeperIdentityBackend
e) MavibotBackend.
4. Provides an embedded KDC server named SimpleKdcServer that applications can easily integrate into products, unit tests or integration tests.
5. Supports FAST/Preauthentication framework to allow popular and useful authentication mechanisms.
6. Supports Token Preauth mechanism to allow clients to request tickets using JWT tokens.
7. Client can request a TGT with:
a) User plain password credential
b) User keyTab
c) User token credential
8. Client can request a service ticket with:
a) user TGT credential for a server
b) user AccessToken credential for a server
9. Network support including UDP and TCP transport with two implementations:
a) Default implementation based on the JRE without depending on other libraries.
b) Netty based implementation for better throughput, lower latency.
10. Tools:
a) kadmin: Command-line interfaces to the Kerby administration system.
b) kinit: Obtains and caches an initial ticket-granting ticket for principal.
c) klist: Lists the Kerby principal and tickets held in a credentials cache, or the keys held in a keytab file.
11. Provides support for JAAS, GSSAPI and SASL frameworks that applications can leverage the authentication mechanisms provided by Kerby.
In progress:
1. Supports PKINIT mechanism to allow clients to request tickets using x509 certificate credentials. (50% is finished)
2. Server scripts for Kerby KDC.
3. Building support: checking style and find bugs.
4. Integration and compatible tests.
5. Building the web site.
Plan to do:
1. Supports OTP mechanism to allow clients to request tickets using One Time Password.
2. Consolidate the existing Change Password protocol implementation.
3. REST representation for Kadmin interface.
4. Implement remote mode kadmin tool based on Kadmin REST API
5. Web management console to simplify the configuration and management
6. Write the admin guide and user guide.
7. Implementing cross-realm support.
Please look at here https://github.com/apache/directory-kerby for details.
Thanks
Jiajia
-----Original Message-----
From: Kiran Ayyagari [mailto:kayyagari@apache.org]
Sent: Friday, July 03, 2015 11:33 AM
To: kerby@directory.apache.org
Subject: state of KDC
Can anyone summarize what our KDC can and cannot do?
I want to know what features are currently supported and what not and what are in progress.
thank you
--
Kiran Ayyagari
http://keydap.com
RE: state of KDC
Posted by "Li, Jiajia" <ji...@intel.com>.
Kerby Status Summary
From July 30 to August 19, 26 JIRA issues were resolved, including following:
1. Update building the websites
2. Update the admin guide and user guide.
3. Complete the java doc of important APIs
4. Check the codebase and add license headers for missing places.
5. Add a BUILDING readme to document the supported build options
6. Add JsonBackendBenchmark
7. Fix kadmin break down when input command is illegal
8. Fix throw KrbException problem when authentication fails
9. Glob filter for command list_principal and ktadd of Kadmin
10. Debug option and usage fixup for the tools
11. Create krb5.conf for kadmin authentication with jaas.
12. Fix Maven pom project version issues
13. Serializable classes serialVersionUID field missing
14. Raw Types should be parameterized.
15. Resource leaks in IOUtil and ToolUtil.
16. Fix some check style issues.
17. Refined kdc init tool and backend
18. Fix some tests
19. Change the version of mavibot dependency to 1.0.0-M8.
Pkinit branch:
1. Merge from mater and fix some checkstyle issues.
2. Discuss in the community about how to implement the pkinit feature and find out the next things we can do.
The remaining things listed as TODOs in July 30’s status are done.
So could we think about cut the first release(1.0.0-RC1)?
Is there anything we have to do for the release but gets missed? If no, how to proceed? Thanks for thinking about this!
Thanks
Jiajia
-----Original Message-----
From: Li, Jiajia [mailto:jiajia.li@intel.com]
Sent: Thursday, July 30, 2015 12:52 PM
To: kerby@directory.apache.org
Subject: RE: state of KDC
Kerby Status Summary
From July 3 to July 30, 60+ JIRA features were resolved, including following features:
1. Add checkstyle plugin and fix all the checking style issues
2. Add findbugs plugin and fix findbugs issues
3. Add application server and client using GSSAPI/KRB to authenticate mutually
4. Add some SASL tests using real application client and server
5. Add the eclipse formatting rules
6. Extract cache facility from abstract class into a separate backend
7. Refine the kdc-dist, tool-dist and kerby-kdc package
8. Removing page and sort search in the backend
9. Add some scripts for windows
10. Add some logs and binding Log4j with SLF4j
11. Promote kerby-config and kerby-util as top level modules
12. Add the kdcinit tool, allows an administrator to perform procedures on the KDC backend
13. Add the authentication for kadmin tool before any operations
14. Add the end to end test for the token mechanism
15. Update the website and github readmes
TODO(before the first release)
1. Update building the website(include download content) 2. Update the admin guide and user guide.
3. Complete the java doc of important APIs
Would you let me know if you think some important features need to be done before the release.
And could we think about how and when to cut a first release(1.0.0-RC1)?
Thanks
Jiajia
-----Original Message-----
From: Li, Jiajia [mailto:jiajia.li@intel.com]
Sent: Friday, July 03, 2015 4:02 PM
To: kerby@directory.apache.org
Subject: RE: state of KDC
Refine the format for easying reading.
Kerby Status Summary
Supported(done and almost done):
1. Kerberos library:
a) KrbClient API
b) KDC server API
c) Kadmin API
d) Credential cache and keytab utilities
2. Provides a standalone KDC server .
3. Supports various identity backends including:
a) MemoryIdentityBackend
b) JsonIdentityBackend
c) LdapIdentityBackend
d) ZookeeperIdentityBackend
e) MavibotBackend.
4. Provides an embedded KDC server named SimpleKdcServer that applications can easily integrate into products, unit tests or integration tests.
5. Supports FAST/Preauthentication framework to allow popular and useful authentication mechanisms.
6. Supports Token Preauth mechanism to allow clients to request tickets using JWT tokens.
7. Client can request a TGT with:
a) User plain password credential
b) User keyTab
c) User token credential
8. Client can request a service ticket with:
a) user TGT credential for a server
b) user AccessToken credential for a server
9. Network support including UDP and TCP transport with two implementations:
a) Default implementation based on the JRE without depending on other libraries.
b) Netty based implementation for better throughput, lower latency.
10. Tools:
a) kadmin: Command-line interfaces to the Kerby administration system.
b) kinit: Obtains and caches an initial ticket-granting ticket for principal.
c) klist: Lists the Kerby principal and tickets held in a credentials cache, or the keys held in a keytab file.
11. Provides support for JAAS, GSSAPI and SASL frameworks that applications can leverage the authentication mechanisms provided by Kerby.
In progress:
1. Supports PKINIT mechanism to allow clients to request tickets using x509 certificate credentials. (50% is finished)
2. Server scripts for Kerby KDC.
3. Building support: checking style and find bugs.
4. Integration and compatible tests.
5. Building the web site.
Plan to do:
1. Supports OTP mechanism to allow clients to request tickets using One Time Password.
2. Consolidate the existing Change Password protocol implementation.
3. REST representation for Kadmin interface.
4. Implement remote mode kadmin tool based on Kadmin REST API
5. Web management console to simplify the configuration and management
6. Write the admin guide and user guide.
7. Implementing cross-realm support.
Please look at here https://github.com/apache/directory-kerby for details.
Thanks
Jiajia
-----Original Message-----
From: Li, Jiajia [mailto:jiajia.li@intel.com]
Sent: Friday, July 03, 2015 3:43 PM
To: kerby@directory.apache.org
Subject: RE: state of KDC
Kerby Status Summary
Supported(done and almost done):
1. Kerberos library:
KrbClient API
KDC server API
Kadmin API
Credential cache and keytab utilities
2. Provides a standalone KDC server .
3. Supports various identity backends including:
a) MemoryIdentityBackend
b) JsonIdentityBackend
c) LdapIdentityBackend
d) ZookeeperIdentityBackend
e) MavibotBackend.
4. Provides an embedded KDC server named SimpleKdcServer that applications can easily integrate into products, unit tests or integration tests.
5. Supports FAST/Preauthentication framework to allow popular and useful authentication mechanisms.
6. Supports Token Preauth mechanism to allow clients to request tickets using JWT tokens.
7. Client can request a TGT with:
a) User plain password credential
b) User keyTab
c) User token credential
8. Client can request a service ticket with:
a) user TGT credential for a server
b) user AccessToken credential for a server
9. Network support including UDP and TCP transport with two implementations:
a) Default implementation based on the JRE without depending on other libraries.
b) Netty based implementation for better throughput, lower latency.
10. Tools:
a) kadmin: Command-line interfaces to the Kerby administration system.
b) kinit: Obtains and caches an initial ticket-granting ticket for principal.
c) klist: Lists the Kerby principal and tickets held in a credentials cache, or the keys held in a keytab file.
11. Provides support for JAAS, GSSAPI and SASL frameworks that applications can leverage the authentication mechanisms provided by Kerby.
In progress:
1. Supports PKINIT mechanism to allow clients to request tickets using x509 certificate credentials. (50% is finished)
2. Server scripts for Kerby KDC.
3. Building support: checking style and find bugs.
4. Integration and compatible tests.
5. Building the web site.
Plan to do:
1. Supports OTP mechanism to allow clients to request tickets using One Time Password.
2. Consolidate the existing Change Password protocol implementation.
3. REST representation for Kadmin interface.
4. Implement remote mode kadmin tool based on Kadmin REST API
5. Web management console to simplify the configuration and management
6. Write the admin guide and user guide.
7. Implementing cross-realm support.
Please look at here https://github.com/apache/directory-kerby for details.
Thanks
Jiajia
-----Original Message-----
From: Kiran Ayyagari [mailto:kayyagari@apache.org]
Sent: Friday, July 03, 2015 11:33 AM
To: kerby@directory.apache.org
Subject: state of KDC
Can anyone summarize what our KDC can and cannot do?
I want to know what features are currently supported and what not and what are in progress.
thank you
--
Kiran Ayyagari
http://keydap.com
RE: state of KDC
Posted by "Li, Jiajia" <ji...@intel.com>.
Kerby Status Summary
From July 3 to July 30, 60+ JIRA features were resolved, including following features:
1. Add checkstyle plugin and fix all the checking style issues
2. Add findbugs plugin and fix findbugs issues
3. Add application server and client using GSSAPI/KRB to authenticate mutually
4. Add some SASL tests using real application client and server
5. Add the eclipse formatting rules
6. Extract cache facility from abstract class into a separate backend
7. Refine the kdc-dist, tool-dist and kerby-kdc package
8. Removing page and sort search in the backend
9. Add some scripts for windows
10. Add some logs and binding Log4j with SLF4j
11. Promote kerby-config and kerby-util as top level modules
12. Add the kdcinit tool, allows an administrator to perform procedures on the KDC backend
13. Add the authentication for kadmin tool before any operations
14. Add the end to end test for the token mechanism
15. Update the website and github readmes
TODO(before the first release)
1. Update building the website(include download content)
2. Update the admin guide and user guide.
3. Complete the java doc of important APIs
Would you let me know if you think some important features need to be done before the release.
And could we think about how and when to cut a first release(1.0.0-RC1)?
Thanks
Jiajia
-----Original Message-----
From: Li, Jiajia [mailto:jiajia.li@intel.com]
Sent: Friday, July 03, 2015 4:02 PM
To: kerby@directory.apache.org
Subject: RE: state of KDC
Refine the format for easying reading.
Kerby Status Summary
Supported(done and almost done):
1. Kerberos library:
a) KrbClient API
b) KDC server API
c) Kadmin API
d) Credential cache and keytab utilities
2. Provides a standalone KDC server .
3. Supports various identity backends including:
a) MemoryIdentityBackend
b) JsonIdentityBackend
c) LdapIdentityBackend
d) ZookeeperIdentityBackend
e) MavibotBackend.
4. Provides an embedded KDC server named SimpleKdcServer that applications can easily integrate into products, unit tests or integration tests.
5. Supports FAST/Preauthentication framework to allow popular and useful authentication mechanisms.
6. Supports Token Preauth mechanism to allow clients to request tickets using JWT tokens.
7. Client can request a TGT with:
a) User plain password credential
b) User keyTab
c) User token credential
8. Client can request a service ticket with:
a) user TGT credential for a server
b) user AccessToken credential for a server
9. Network support including UDP and TCP transport with two implementations:
a) Default implementation based on the JRE without depending on other libraries.
b) Netty based implementation for better throughput, lower latency.
10. Tools:
a) kadmin: Command-line interfaces to the Kerby administration system.
b) kinit: Obtains and caches an initial ticket-granting ticket for principal.
c) klist: Lists the Kerby principal and tickets held in a credentials cache, or the keys held in a keytab file.
11. Provides support for JAAS, GSSAPI and SASL frameworks that applications can leverage the authentication mechanisms provided by Kerby.
In progress:
1. Supports PKINIT mechanism to allow clients to request tickets using x509 certificate credentials. (50% is finished)
2. Server scripts for Kerby KDC.
3. Building support: checking style and find bugs.
4. Integration and compatible tests.
5. Building the web site.
Plan to do:
1. Supports OTP mechanism to allow clients to request tickets using One Time Password.
2. Consolidate the existing Change Password protocol implementation.
3. REST representation for Kadmin interface.
4. Implement remote mode kadmin tool based on Kadmin REST API
5. Web management console to simplify the configuration and management
6. Write the admin guide and user guide.
7. Implementing cross-realm support.
Please look at here https://github.com/apache/directory-kerby for details.
Thanks
Jiajia
-----Original Message-----
From: Li, Jiajia [mailto:jiajia.li@intel.com]
Sent: Friday, July 03, 2015 3:43 PM
To: kerby@directory.apache.org
Subject: RE: state of KDC
Kerby Status Summary
Supported(done and almost done):
1. Kerberos library:
KrbClient API
KDC server API
Kadmin API
Credential cache and keytab utilities
2. Provides a standalone KDC server .
3. Supports various identity backends including:
a) MemoryIdentityBackend
b) JsonIdentityBackend
c) LdapIdentityBackend
d) ZookeeperIdentityBackend
e) MavibotBackend.
4. Provides an embedded KDC server named SimpleKdcServer that applications can easily integrate into products, unit tests or integration tests.
5. Supports FAST/Preauthentication framework to allow popular and useful authentication mechanisms.
6. Supports Token Preauth mechanism to allow clients to request tickets using JWT tokens.
7. Client can request a TGT with:
a) User plain password credential
b) User keyTab
c) User token credential
8. Client can request a service ticket with:
a) user TGT credential for a server
b) user AccessToken credential for a server
9. Network support including UDP and TCP transport with two implementations:
a) Default implementation based on the JRE without depending on other libraries.
b) Netty based implementation for better throughput, lower latency.
10. Tools:
a) kadmin: Command-line interfaces to the Kerby administration system.
b) kinit: Obtains and caches an initial ticket-granting ticket for principal.
c) klist: Lists the Kerby principal and tickets held in a credentials cache, or the keys held in a keytab file.
11. Provides support for JAAS, GSSAPI and SASL frameworks that applications can leverage the authentication mechanisms provided by Kerby.
In progress:
1. Supports PKINIT mechanism to allow clients to request tickets using x509 certificate credentials. (50% is finished)
2. Server scripts for Kerby KDC.
3. Building support: checking style and find bugs.
4. Integration and compatible tests.
5. Building the web site.
Plan to do:
1. Supports OTP mechanism to allow clients to request tickets using One Time Password.
2. Consolidate the existing Change Password protocol implementation.
3. REST representation for Kadmin interface.
4. Implement remote mode kadmin tool based on Kadmin REST API
5. Web management console to simplify the configuration and management
6. Write the admin guide and user guide.
7. Implementing cross-realm support.
Please look at here https://github.com/apache/directory-kerby for details.
Thanks
Jiajia
-----Original Message-----
From: Kiran Ayyagari [mailto:kayyagari@apache.org]
Sent: Friday, July 03, 2015 11:33 AM
To: kerby@directory.apache.org
Subject: state of KDC
Can anyone summarize what our KDC can and cannot do?
I want to know what features are currently supported and what not and what are in progress.
thank you
--
Kiran Ayyagari
http://keydap.com
RE: state of KDC
Posted by "Li, Jiajia" <ji...@intel.com>.
Refine the format for easying reading.
Kerby Status Summary
Supported(done and almost done):
1. Kerberos library:
a) KrbClient API
b) KDC server API
c) Kadmin API
d) Credential cache and keytab utilities
2. Provides a standalone KDC server .
3. Supports various identity backends including:
a) MemoryIdentityBackend
b) JsonIdentityBackend
c) LdapIdentityBackend
d) ZookeeperIdentityBackend
e) MavibotBackend.
4. Provides an embedded KDC server named SimpleKdcServer that applications can easily integrate into products, unit tests or integration tests.
5. Supports FAST/Preauthentication framework to allow popular and useful authentication mechanisms.
6. Supports Token Preauth mechanism to allow clients to request tickets using JWT tokens.
7. Client can request a TGT with:
a) User plain password credential
b) User keyTab
c) User token credential
8. Client can request a service ticket with:
a) user TGT credential for a server
b) user AccessToken credential for a server
9. Network support including UDP and TCP transport with two implementations:
a) Default implementation based on the JRE without depending on other libraries.
b) Netty based implementation for better throughput, lower latency.
10. Tools:
a) kadmin: Command-line interfaces to the Kerby administration system.
b) kinit: Obtains and caches an initial ticket-granting ticket for principal.
c) klist: Lists the Kerby principal and tickets held in a credentials cache, or the keys held in a keytab file.
11. Provides support for JAAS, GSSAPI and SASL frameworks that applications can leverage the authentication mechanisms provided by Kerby.
In progress:
1. Supports PKINIT mechanism to allow clients to request tickets using x509 certificate credentials. (50% is finished)
2. Server scripts for Kerby KDC.
3. Building support: checking style and find bugs.
4. Integration and compatible tests.
5. Building the web site.
Plan to do:
1. Supports OTP mechanism to allow clients to request tickets using One Time Password.
2. Consolidate the existing Change Password protocol implementation.
3. REST representation for Kadmin interface.
4. Implement remote mode kadmin tool based on Kadmin REST API
5. Web management console to simplify the configuration and management
6. Write the admin guide and user guide.
7. Implementing cross-realm support.
Please look at here https://github.com/apache/directory-kerby for details.
Thanks
Jiajia
-----Original Message-----
From: Li, Jiajia [mailto:jiajia.li@intel.com]
Sent: Friday, July 03, 2015 3:43 PM
To: kerby@directory.apache.org
Subject: RE: state of KDC
Kerby Status Summary
Supported(done and almost done):
1. Kerberos library:
KrbClient API
KDC server API
Kadmin API
Credential cache and keytab utilities
2. Provides a standalone KDC server .
3. Supports various identity backends including:
a) MemoryIdentityBackend
b) JsonIdentityBackend
c) LdapIdentityBackend
d) ZookeeperIdentityBackend
e) MavibotBackend.
4. Provides an embedded KDC server named SimpleKdcServer that applications can easily integrate into products, unit tests or integration tests.
5. Supports FAST/Preauthentication framework to allow popular and useful authentication mechanisms.
6. Supports Token Preauth mechanism to allow clients to request tickets using JWT tokens.
7. Client can request a TGT with:
a) User plain password credential
b) User keyTab
c) User token credential
8. Client can request a service ticket with:
a) user TGT credential for a server
b) user AccessToken credential for a server
9. Network support including UDP and TCP transport with two implementations:
a) Default implementation based on the JRE without depending on other libraries.
b) Netty based implementation for better throughput, lower latency.
10. Tools:
a) kadmin: Command-line interfaces to the Kerby administration system.
b) kinit: Obtains and caches an initial ticket-granting ticket for principal.
c) klist: Lists the Kerby principal and tickets held in a credentials cache, or the keys held in a keytab file.
11. Provides support for JAAS, GSSAPI and SASL frameworks that applications can leverage the authentication mechanisms provided by Kerby.
In progress:
1. Supports PKINIT mechanism to allow clients to request tickets using x509 certificate credentials. (50% is finished)
2. Server scripts for Kerby KDC.
3. Building support: checking style and find bugs.
4. Integration and compatible tests.
5. Building the web site.
Plan to do:
1. Supports OTP mechanism to allow clients to request tickets using One Time Password.
2. Consolidate the existing Change Password protocol implementation.
3. REST representation for Kadmin interface.
4. Implement remote mode kadmin tool based on Kadmin REST API
5. Web management console to simplify the configuration and management
6. Write the admin guide and user guide.
7. Implementing cross-realm support.
Please look at here https://github.com/apache/directory-kerby for details.
Thanks
Jiajia
-----Original Message-----
From: Kiran Ayyagari [mailto:kayyagari@apache.org]
Sent: Friday, July 03, 2015 11:33 AM
To: kerby@directory.apache.org
Subject: state of KDC
Can anyone summarize what our KDC can and cannot do?
I want to know what features are currently supported and what not and what are in progress.
thank you
--
Kiran Ayyagari
http://keydap.com
RE: state of KDC
Posted by "Li, Jiajia" <ji...@intel.com>.
Kerby Status Summary
Supported(done and almost done):
1. Kerberos library:
KrbClient API
KDC server API
Kadmin API
Credential cache and keytab utilities
2. Provides a standalone KDC server .
3. Supports various identity backends including:
a) MemoryIdentityBackend
b) JsonIdentityBackend
c) LdapIdentityBackend
d) ZookeeperIdentityBackend
e) MavibotBackend.
4. Provides an embedded KDC server named SimpleKdcServer that applications can easily integrate into products, unit tests or integration tests.
5. Supports FAST/Preauthentication framework to allow popular and useful authentication mechanisms.
6. Supports Token Preauth mechanism to allow clients to request tickets using JWT tokens.
7. Client can request a TGT with:
a) User plain password credential
b) User keyTab
c) User token credential
8. Client can request a service ticket with:
a) user TGT credential for a server
b) user AccessToken credential for a server
9. Network support including UDP and TCP transport with two implementations:
a) Default implementation based on the JRE without depending on other libraries.
b) Netty based implementation for better throughput, lower latency.
10. Tools:
a) kadmin: Command-line interfaces to the Kerby administration system.
b) kinit: Obtains and caches an initial ticket-granting ticket for principal.
c) klist: Lists the Kerby principal and tickets held in a credentials cache, or the keys held in a keytab file.
11. Provides support for JAAS, GSSAPI and SASL frameworks that applications can leverage the authentication mechanisms provided by Kerby.
In progress:
1. Supports PKINIT mechanism to allow clients to request tickets using x509 certificate credentials. (50% is finished)
2. Server scripts for Kerby KDC.
3. Building support: checking style and find bugs.
4. Integration and compatible tests.
5. Building the web site.
Plan to do:
1. Supports OTP mechanism to allow clients to request tickets using One Time Password.
2. Consolidate the existing Change Password protocol implementation.
3. REST representation for Kadmin interface.
4. Implement remote mode kadmin tool based on Kadmin REST API
5. Web management console to simplify the configuration and management
6. Write the admin guide and user guide.
7. Implementing cross-realm support.
Please look at here https://github.com/apache/directory-kerby for details.
Thanks
Jiajia
-----Original Message-----
From: Kiran Ayyagari [mailto:kayyagari@apache.org]
Sent: Friday, July 03, 2015 11:33 AM
To: kerby@directory.apache.org
Subject: state of KDC
Can anyone summarize what our KDC can and cannot do?
I want to know what features are currently supported and what not and what are in progress.
thank you
--
Kiran Ayyagari
http://keydap.com