[jira] [Commented] (DIRKRB-132) Update the Kerberos part in Directory Studio in favor of Kerby

Sun, 07 May 2017 02:36:41 -0700 

    [ 
https://issues.apache.org/jira/browse/DIRKRB-132?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15999750#comment-15999750
 ] 

Stefan Seelmann commented on DIRKRB-132:
----------------------------------------

In Studio there are tow usages of Kerberos:

1. Use of GSSAPI to authenticate to an LDAP server. There is an UI to ask the 
user for Kerberos specific parameters (use native TGT or obtain a new TGT, use 
of /etc/krb5.conf or manually define KDC parameters) which used to configure 
the connection provider. Currently there are still two providers, JNDI and 
Apache LDAP API. The JNDI one will be removed anyway at some point. The LDAP 
API provider uses the SaslGssApiRequest class of the LDAP API client, which in 
the end uses "javax.security.auth" and Krb5LoginModule from JDK. Most nasty 
problem that user have is that on Windows Java cannot use the native TGT, can 
Kerby help with that?

2. Configuration UI of the Kerberos server part in ApacheDS.

So all in all the Studio doesn't have much Kerberos specific parts, it just 
used the parts from LDAP API and ApacheDS.



> Update the Kerberos part in Directory Studio in favor of Kerby
> --------------------------------------------------------------
>
>                 Key: DIRKRB-132
>                 URL: https://issues.apache.org/jira/browse/DIRKRB-132
>             Project: Directory Kerberos
>          Issue Type: Sub-task
>            Reporter: Kai Zheng
>             Fix For: 2.0.0-RC1
>
>
> As discussed in the mailing list, we would decouple Kerberos logics from the 
> Directory related projects and codes, to better maintain the dependencies and 
> avoid the complexities. The Directory Studio should be also taken care of, 
> but I'm not sure we would totally remove the embedded KDC server from the 
> tool itself since that involves compatibility concern. Please give your 
> feedback here, thanks.
> Updated and re-purposed, according to [~akiran]'s email:
> {quote}
> that feature will remain there, later will be swapped with Kerby's core when 
> it is ready, but the
> Kerberos feature of ApacheDS stays.
> In the end we have two:
> 1. Embedded Kerby in ApacheDS
> 2. Standalone Kerby
> {quote}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to