[
https://issues.apache.org/jira/browse/DIRKRB-458?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kai Zheng updated DIRKRB-458:
-----------------------------
Assignee: Steve Moyer
> Update KrbOptions to include all KDC Option flags
> -------------------------------------------------
>
> Key: DIRKRB-458
> URL: https://issues.apache.org/jira/browse/DIRKRB-458
> Project: Directory Kerberos
> Issue Type: Bug
> Reporter: Steve Moyer
> Assignee: Steve Moyer
>
> When creating a client request, one uses the KrbOptions to specify many
> aspects of the AsRequest. Most of the methods that retrieve tickets from the
> Kerberos server are simply for convenient - all the packets are structured in
> a similar way underneath.
> The KDC Options are collection of fifteen boolean flags that are spread out
> in a 32 bit field. Currently, not all the KDC Option flags are represented
> in the KrbOption enum but those that are have the following structure:
> {code}
> FORWARDABLE("forwardable"),
> NOT_FORWARDABLE("not forwardable"),
> PROXIABLE("proxiable"),
> NOT_PROXIABLE("not proxiable"),
> {code}
> The code I submitted as a resolution to DIRKRB-450 doesn't actually use the
> "NOT" flags (e.g. NOT_FORWARDABLE or NOT_PROXIABLE), it simply treats the
> absence of a flag as a false. The changes made to manage the KDC Options
> bitmap in DIRKRB-449 allow the bitmap to be expressed as an integer, and the
> code included in DIRKRB-450 effectively builds that integer by logical-or'ing
> these flags together (e.g. FORWARDABLE | PROXIABLE | RENEWABLE_OK).
> I'd like to propose that the KrbOption enum be updated to include all fifteen
> of the KDC Option flags, and that the "negatives" of those flags be removed.
> For reference, the complete list of KDC Options is:
> - Forwardable
> - Forwarded
> - Proxiable
> - Proxy
> - Allow Postdate
> - Postdated
> - Renewable
> - Opt HW Auth
> - Constrained Delegation
> - Canonicalize
> - Disable
> - Renewable OK
> - Enc-Tkt-in-Skey
> - Renew
> - Validate
> I've pushed the change to KrbOption for RENEWABLE_OK we discussed on the
> mailing list to GitHub
> (https://github.com/PennState/directory-kerby/blob/master/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbOption.java)
> but I think this is a better long-term solution to managing the KDC Options.
> I'd be happy to reedit the KrbOption file to make these changes - assign this
> issue to me if it makes sense in the grand scheme of things.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
