[jira] [Commented] (DIRKRB-450) Allow to pass KdcOption related options from KinitTool down to KrbClient

Wed, 18 Nov 2015 08:21:40 -0800 

    [ 
https://issues.apache.org/jira/browse/DIRKRB-450?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15011300#comment-15011300
 ] 

Steve Moyer commented on DIRKRB-450:
------------------------------------

[Pull request #2](https://github.com/apache/directory-kerby/pull/2) on GitHub 
resolves this issue.  In order to mimc the MIT kinit program, the KinitTool 
needs to be updated with code that requests a TGT as follows:

    KrbClient client = new KrbClient();
    
    client.setKdcHost(KDC_HOST);
    client.setKdcUdpPort(KDC_PORT);
    client.setKdcTcpPort(KDC_PORT);
    client.setKdcRealm(KDC_REALM);
    client.setAllowTcp(true);
    client.setAllowUdp(true);
    client.setTimeout(5000);

    try {
      client.init();
    } catch (KrbException e1) {
      // TODO Auto-generated catch block
      e1.printStackTrace();
    }

    try {

      KOptions requestOptions = new KOptions();
      requestOptions.add(KrbOption.CLIENT_PRINCIPAL, CLIENT_PRINCIPAL);
      requestOptions.add(KrbOption.USE_PASSWD, true);
      requestOptions.add(KrbOption.USER_PASSWD, CLIENT_PASSWORD);

      requestOptions.add(KrbOption.FORWARDABLE, true);
      requestOptions.add(KrbOption.PROXIABLE, true);
      requestOptions.add(KrbOption.RENEWABLE_OK, true);

      TgtTicket tgTicket = client.requestTgtWithOptions(requestOptions);
    } catch (KrbException e) {
      e.printStackTrace();
    }

This code results in a

> Allow to pass KdcOption related options from KinitTool down to KrbClient
> ------------------------------------------------------------------------
>
>                 Key: DIRKRB-450
>                 URL: https://issues.apache.org/jira/browse/DIRKRB-450
>             Project: Directory Kerberos
>          Issue Type: Sub-task
>            Reporter: Steve Moyer
>            Assignee: Steve Moyer
>
> Currently, only KrbOptions can be set when making calls to the KrbClient.  At 
> a minimum a method with a signature like the following would suffice:
>     public TgtTicket requestTgtWithOptions(KOptions requestOptions, 
> KdcOptions kdcOptions);
> I'd be interested in having a more general discussion about the future 
> direction of the Kerby client since we need the existing KrbClient 
> functionality (which is KDC focused) as well as (remote) kpasswd and kadmin 
> functionality.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to