You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Zheng, Kai" <ka...@intel.com> on 2013/08/19 11:22:09 UTC

[ApacheDS] File credentials cache for Kerberos

Hi all,

I'm new to ApacheDS, and know that it provides a KDC, which is very useful for Kerberos related automation tests. I'm looking for some feature or codes to cache TGT in file in compatible format with krb5 FCC . The cached TGT as credentials can be loaded from the file cache by other tools or libraries like Krb5LoginModule (a JAAS module bundled in JRE) and then used to do login or whatever. After some investigation, I realized it may need development effort. Before I dive into this, could you please confirm I'm not missing something? I'm wondering if ApacheDS would come up kinit like tools for itself, if so then credentials cache for TGT would be a good starting, and I'd like to contribute when get more inputs.

Thanks & regards,
Kai

RE: [ApacheDS] File credentials cache for Kerberos

Posted by "Zheng, Kai" <ka...@intel.com>.
Hi Kiran,

Thanks for your input. I will fire a JIRA for this and work on it.

Regards,
Kai

From: Kiran Ayyagari [mailto:ayyagarikiran@gmail.com]
Sent: Tuesday, August 20, 2013 2:37 AM
To: Apache Directory Developers List
Subject: Fwd: [ApacheDS] File credentials cache for Kerberos


---------- Forwarded message ----------
From: Kiran Ayyagari <ay...@gmail.com>>
Date: Tue, Aug 20, 2013 at 12:06 AM
Subject: Re: [ApacheDS] File credentials cache for Kerberos
To: "Zheng, Kai" <ka...@intel.com>>



On Mon, Aug 19, 2013 at 7:25 PM, Zheng, Kai <ka...@intel.com>> wrote:

Hi Kiran,



Thanks for your help. I understand that KdcConnection->getTgt() can be called to request a TGT ticket with specified principal and password. My question is how to store the result TGT ticket in File Credential Cache (FCC) like kinit does. I would clarify that it's not to store the password of a principal to a file as keytab does. Thanks.


ahh, I see, I just thought you want to store some data in a keytab.
currently there is no support for FCC creation, if you would like to
work on it here[1] is the format

[1] https://www.gnu.org/software/shishi/manual/html_node/The-Credential-Cache-Binary-File-Format.html

Regards,

Kai



From: ayyagarikiran@gmail.com<ma...@gmail.com> [mailto:ayyagarikiran@gmail.com<ma...@gmail.com>] On Behalf Of Kiran Ayyagari
Sent: Monday, August 19, 2013 6:10 PM
To: Apache Directory Developers List
Subject: Re: [ApacheDS] File credentials cache for Kerberos



ApacheDS comes with a kerberos client see[1] and you can make use of Keytab class[2]

to write TGTs to a file.

HTH

[1] http://svn.apache.org/repos/asf/directory/apacheds/trunk/kerberos-client
[2] http://svn.apache.org/repos/asf/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/keytab/



On Mon, Aug 19, 2013 at 2:52 PM, Zheng, Kai <ka...@intel.com>> wrote:

Hi all,



I'm new to ApacheDS, and know that it provides a KDC, which is very useful for Kerberos related automation tests. I'm looking for some feature or codes to cache TGT in file in compatible format with krb5 FCC . The cached TGT as credentials can be loaded from the file cache by other tools or libraries like Krb5LoginModule (a JAAS module bundled in JRE) and then used to do login or whatever. After some investigation, I realized it may need development effort. Before I dive into this, could you please confirm I'm not missing something? I'm wondering if ApacheDS would come up kinit like tools for itself, if so then credentials cache for TGT would be a good starting, and I'd like to contribute when get more inputs.



Thanks & regards,

Kai



--
Kiran Ayyagari
http://keydap.com



--
Kiran Ayyagari
http://keydap.com



--
Kiran Ayyagari
http://keydap.com

Fwd: [ApacheDS] File credentials cache for Kerberos

Posted by Kiran Ayyagari <ay...@gmail.com>.
---------- Forwarded message ----------
From: Kiran Ayyagari <ay...@gmail.com>
Date: Tue, Aug 20, 2013 at 12:06 AM
Subject: Re: [ApacheDS] File credentials cache for Kerberos
To: "Zheng, Kai" <ka...@intel.com>





On Mon, Aug 19, 2013 at 7:25 PM, Zheng, Kai <ka...@intel.com> wrote:

>  Hi Kiran,****
>
> ** **
>
> Thanks for your help. I understand that KdcConnection->getTgt() can be
> called to request a TGT ticket with specified principal and password. My
> question is how to store the result TGT ticket in File Credential Cache
> (FCC) like kinit does. I would clarify that it’s not to store the password
> of a principal to a file as keytab does. Thanks. ****
>
> **
>
ahh, I see, I just thought you want to store some data in a keytab.
currently there is no support for FCC creation, if you would like to
work on it here[1] is the format

[1]
https://www.gnu.org/software/shishi/manual/html_node/The-Credential-Cache-Binary-File-Format.html

> **
>
> Regards,****
>
> Kai****
>
> ** **
>
> *From:* ayyagarikiran@gmail.com [mailto:ayyagarikiran@gmail.com] *On
> Behalf Of *Kiran Ayyagari
> *Sent:* Monday, August 19, 2013 6:10 PM
> *To:* Apache Directory Developers List
> *Subject:* Re: [ApacheDS] File credentials cache for Kerberos****
>
> ** **
>
> ApacheDS comes with a kerberos client see[1] and you can make use of
> Keytab class[2]****
>
> to write TGTs to a file.****
>
> HTH****
>
>
> [1]
> http://svn.apache.org/repos/asf/directory/apacheds/trunk/kerberos-client
> [2]
> http://svn.apache.org/repos/asf/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/keytab/
> ****
>
> ** **
>
> On Mon, Aug 19, 2013 at 2:52 PM, Zheng, Kai <ka...@intel.com> wrote:**
> **
>
> Hi all,****
>
>  ****
>
> I’m new to ApacheDS, and know that it provides a KDC, which is very useful
> for Kerberos related automation tests. I’m looking for some feature or
> codes to cache TGT in file in compatible format with krb5 FCC . The cached
> TGT as credentials can be loaded from the file cache by other tools or
> libraries like Krb5LoginModule (a JAAS module bundled in JRE) and then used
> to do login or whatever. After some investigation, I realized it may need
> development effort. Before I dive into this, could you please confirm I’m
> not missing something? I’m wondering if ApacheDS would come up kinit like
> tools for itself, if so then credentials cache for TGT would be a good
> starting, and I’d like to contribute when get more inputs.****
>
>  ****
>
> Thanks & regards,****
>
> Kai ****
>
>
>
>
> --
> Kiran Ayyagari
> http://keydap.com ****
>



-- 
Kiran Ayyagari
http://keydap.com



-- 
Kiran Ayyagari
http://keydap.com

RE: [ApacheDS] File credentials cache for Kerberos

Posted by "Zheng, Kai" <ka...@intel.com>.
Hi Kiran,

Thanks for your help. I understand that KdcConnection->getTgt() can be called to request a TGT ticket with specified principal and password. My question is how to store the result TGT ticket in File Credential Cache (FCC) like kinit does. I would clarify that it's not to store the password of a principal to a file as keytab does. Thanks.

Regards,
Kai

From: ayyagarikiran@gmail.com [mailto:ayyagarikiran@gmail.com] On Behalf Of Kiran Ayyagari
Sent: Monday, August 19, 2013 6:10 PM
To: Apache Directory Developers List
Subject: Re: [ApacheDS] File credentials cache for Kerberos

ApacheDS comes with a kerberos client see[1] and you can make use of Keytab class[2]
to write TGTs to a file.
HTH

[1] http://svn.apache.org/repos/asf/directory/apacheds/trunk/kerberos-client
[2] http://svn.apache.org/repos/asf/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/keytab/

On Mon, Aug 19, 2013 at 2:52 PM, Zheng, Kai <ka...@intel.com>> wrote:
Hi all,

I'm new to ApacheDS, and know that it provides a KDC, which is very useful for Kerberos related automation tests. I'm looking for some feature or codes to cache TGT in file in compatible format with krb5 FCC . The cached TGT as credentials can be loaded from the file cache by other tools or libraries like Krb5LoginModule (a JAAS module bundled in JRE) and then used to do login or whatever. After some investigation, I realized it may need development effort. Before I dive into this, could you please confirm I'm not missing something? I'm wondering if ApacheDS would come up kinit like tools for itself, if so then credentials cache for TGT would be a good starting, and I'd like to contribute when get more inputs.

Thanks & regards,
Kai



--
Kiran Ayyagari
http://keydap.com

Re: [ApacheDS] File credentials cache for Kerberos

Posted by Kiran Ayyagari <ka...@apache.org>.
ApacheDS comes with a kerberos client see[1] and you can make use of Keytab
class[2]
to write TGTs to a file.

HTH

[1] http://svn.apache.org/repos/asf/directory/apacheds/trunk/kerberos-client
[2]
http://svn.apache.org/repos/asf/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/keytab/


On Mon, Aug 19, 2013 at 2:52 PM, Zheng, Kai <ka...@intel.com> wrote:

>  Hi all,****
>
> ** **
>
> I’m new to ApacheDS, and know that it provides a KDC, which is very useful
> for Kerberos related automation tests. I’m looking for some feature or
> codes to cache TGT in file in compatible format with krb5 FCC . The cached
> TGT as credentials can be loaded from the file cache by other tools or
> libraries like Krb5LoginModule (a JAAS module bundled in JRE) and then used
> to do login or whatever. After some investigation, I realized it may need
> development effort. Before I dive into this, could you please confirm I’m
> not missing something? I’m wondering if ApacheDS would come up kinit like
> tools for itself, if so then credentials cache for TGT would be a good
> starting, and I’d like to contribute when get more inputs.****
>
> ** **
>
> Thanks & regards,****
>
> Kai ****
>



-- 
Kiran Ayyagari
http://keydap.com