On 7/2/07, Emmanuel Lecharny <[EMAIL PROTECTED]> wrote:
On 7/2/07, Enrique Rodriguez <[EMAIL PROTECTED]> wrote:
> On 7/1/07, Emmanuel Lecharny <[EMAIL PROTECTED]> wrote:
> > Hi,
> >
> > I have some questions regarding the kerberos implementation :
> >
> > 1) We have a TicketModifier class. Is it really usefull ?
>
> The Ticket has no attribute setters, so the intention is that you use
> the modifier to create immutable Ticket's.
Do we need to create immutable Tickets ? We just produce Tickets in
the server, then send them to the client. What's the point to have
Immutable Tickets ? I may miss something ...
I think it is good programming practice, both for security
implications and for the resulting API, even if it is internal to
ApacheDS on the server-side. You can web search on "security
immutable" or here is a direct reference from Sun:
http://java.sun.com/security/seccodeguide.html#gcg6
...
Ok, I gonna have a look at it. From the client side, we obviously must
work with Sun classes, but from server side, having our own classes
will help a lot (debug, logs, etc.). It can be done step by step, but
first we need to build integration tests to be sure that moving from
Sun to our own classes don't break everything.
This is what I find difficult atm : changing the code is risky,
because of the lack of tests.
...
I have integration tests I would like to add to server-unit. But it
requires adding a dep for kerberos-clients to server-unit, since the
tests use the new client. If this is acceptable, I will add the dep
and commit a new test class.
This dep will also set us up for a new SASL GSSAPI bind integration
test and some tests for Change Password, as well.
Enrique
