[jira] [Closed] (DIRKRB-478) Refine and enhance the client side library

Wed, 03 May 2017 07:17:14 -0700 

     [ 
https://issues.apache.org/jira/browse/DIRKRB-478?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jiajia Li closed DIRKRB-478.
----------------------------
    Assignee: Kai Zheng

> Refine and enhance the client side library
> ------------------------------------------
>
>                 Key: DIRKRB-478
>                 URL: https://issues.apache.org/jira/browse/DIRKRB-478
>             Project: Directory Kerberos
>          Issue Type: Sub-task
>            Reporter: Kai Zheng
>            Assignee: Kai Zheng
>             Fix For: 1.0.0-GA
>
>
> From discussion in mailing list:
> {quote}
> There are good feedbacks from Steve recently. Based on discussions with him 
> and Emmanuel, I assembled below thoughts.
> KrbClient and its relatives like KrbOption would be broken down according to 
> supported mechanisms and functionalities.
> Eventually we would have these client side APIs for applications to use.
> == KrbClient ==
> Focus on classical Kerberos protocol, allowing to request/update tickets to 
> KDC using password, keytab, credential cache and etc.
> == KrbPkinitClient ==
> Support PKINIT mechanism, allowing to request tickets to KDC using anonymous 
> and x509 certficate.
> == KrbTokenClient ==
> Support standard JWT token, allowing to request tickets to KDC using JWT 
> token.
> == KrbPwChange ==
> Change passwd client, interacting with KDC using the change password protocol.
> == KrbAdmin ==
> KDC admin utilities compatible with MIT kadmin tool in either local or remote 
> mode. In remote mode interacting  with KDC, though no spec standardizing that.
> Note there're already keytab and credential cache utilities.
> All these components will define their own options with good specific 
> descriptions; For the components that use configurations, krb5.conf is 
> default format; For the components that interacts with KDC side servers, 
> common network and message support will be used; All will provide both 
> intuitive functions and advanced function that supports directly calling into 
> the underlying layer.
> These library APIs can be used to write tools like kinit, or embedded in 
> applications.
> It would be good to provide corresponding server side components or supports, 
> but not mandatory. Better to have at least for easier tests.
> {quote}
> This issue will track the related tasks.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to