Kai Zheng created DIRKRB-478:
--------------------------------
Summary: Refine and enhance the client side library
Key: DIRKRB-478
URL: https://issues.apache.org/jira/browse/DIRKRB-478
Project: Directory Kerberos
Issue Type: Sub-task
Reporter: Kai Zheng
>From discussion in mailing list:
{quote}
There are good feedbacks from Steve recently. Based on discussions with him and
Emmanuel, I assembled below thoughts.
KrbClient and its relatives like KrbOption would be broken down according to
supported mechanisms and functionalities.
Eventually we would have these client side APIs for applications to use.
== KrbClient ==
Focus on classical Kerberos protocol, allowing to request/update tickets to KDC
using password, keytab, credential cache and etc.
== KrbPkinitClient ==
Support PKINIT mechanism, allowing to request tickets to KDC using anonymous
and x509 certficate.
== KrbTokenClient ==
Support standard JWT token, allowing to request tickets to KDC using JWT token.
== KrbPwChange ==
Change passwd client, interacting with KDC using the change password protocol.
== KrbAdmin ==
KDC admin utilities compatible with MIT kadmin tool in either local or remote
mode. In remote mode interacting with KDC, though no spec standardizing that.
Note there're already keytab and credential cache utilities.
All these components will define their own options with good specific
descriptions; For the components that use configurations, krb5.conf is default
format; For the components that interacts with KDC side servers, common network
and message support will be used; All will provide both intuitive functions and
advanced function that supports directly calling into the underlying layer.
These library APIs can be used to write tools like kinit, or embedded in
applications.
It would be good to provide corresponding server side components or supports,
but not mandatory. Better to have at least for easier tests.
{quote}
This issue will track the related tasks.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
