[
https://issues.apache.org/jira/browse/DIRKRB-132?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16002116#comment-16002116
]
Kai Zheng commented on DIRKRB-132:
----------------------------------
Thanks [~seelmann] for the thoughts!
bq. The LDAP API provider uses the SaslGssApiRequest class of the LDAP API
client ...
Is SaslGssApiRequest from JRE or something developed/maintained by Studio or
the LDAP API client?
bq. Most nasty problem that user have is that on Windows Java cannot use the
native TGT, can Kerby help with that?
I thought Kerby client can consume krb5.conf and native TGT in the credential
cache, as Oracle Java can do. I'm not sure what kind of problem or the root
cause. One benefit for Kerby is that if we thought something is useful then we
can implement it by us, to work around some issues that JRE can't be relied on.
bq. So all in all the Studio doesn't have much Kerberos specific parts, it just
used and configures the parts from LDAP API and ApacheDS.
Right, it seems so. I thought the hard part is the directory server itself,
since it contains an embedded KDC, which could be swapped out sometime for
better maintain.
> Update the Kerberos part in Directory Studio in favor of Kerby
> --------------------------------------------------------------
>
> Key: DIRKRB-132
> URL: https://issues.apache.org/jira/browse/DIRKRB-132
> Project: Directory Kerberos
> Issue Type: Sub-task
> Reporter: Kai Zheng
> Fix For: 2.0.0-RC1
>
>
> As discussed in the mailing list, we would decouple Kerberos logics from the
> Directory related projects and codes, to better maintain the dependencies and
> avoid the complexities. The Directory Studio should be also taken care of,
> but I'm not sure we would totally remove the embedded KDC server from the
> tool itself since that involves compatibility concern. Please give your
> feedback here, thanks.
> Updated and re-purposed, according to [~akiran]'s email:
> {quote}
> that feature will remain there, later will be swapped with Kerby's core when
> it is ready, but the
> Kerberos feature of ApacheDS stays.
> In the end we have two:
> 1. Embedded Kerby in ApacheDS
> 2. Standalone Kerby
> {quote}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
