You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by Emmanuel Lecharny <el...@gmail.com> on 2010/12/01 01:42:22 UTC
Kerberos CODEC rewrite headsup
Hi guys,
the last 2 days I spent some time on MINA, as we were done with the
Kerberos message codec we were working on with Kiran.
I started to inject the decoder into the Kerberos server, and the
problem started to show their nose :)
First, there is a bug in the AS-REQ decoder (obviously, as we have a
very limited set of tests for this guy, the first real world request
made the decoder blow...). It's just a transition problem when no
PA-DATA are present. I gonna fix that tomorrow.
Second, but it's not a problem, as it's a brand new codec, it uses a new
set of classes. We will have to modify the server to use those new
classes, but it might take time. Another option is to create converters,
as we did for LDAP. But I'm afraid that the time spent to write such a
converter for all the 46 classes might be overwhelming.
If we switch to the new codec, it will brake the KerberosServer for,
say, one week. Not sure we want that, so the best would probably to
create a branch and work into it until it works back.
I'll probably switch to AP's for the moment, as soon as the branch is
created and the decoder is integrated.
Lots of work to go, but frankly, that will drive us to some deep
understanding on the kerberos server, which is most needed.
Kiran was the second leg for this 3 weeks walk we had in the codec part,
I would like to think him a lot for the hard and not so funny he did.
Frankly, that's really helping to know that you aren't alone when coding
start to be painful because it's 46 times the same type of code.
Let's get those two things (Kerberos and APs) done in december, I'm sure
we can clean the room in 15 days !
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com