Refine the format for easying reading.
Kerby Status Summary
Supported(done and almost done):
1. Kerberos library:
a) KrbClient API
b) KDC server API
c) Kadmin API
d) Credential cache and keytab utilities
2. Provides a standalone KDC server .
3. Supports various identity backends including:
a) MemoryIdentityBackend
b) JsonIdentityBackend
c) LdapIdentityBackend
d) ZookeeperIdentityBackend
e) MavibotBackend.
4. Provides an embedded KDC server named SimpleKdcServer that applications can
easily integrate into products, unit tests or integration tests.
5. Supports FAST/Preauthentication framework to allow popular and useful
authentication mechanisms.
6. Supports Token Preauth mechanism to allow clients to request tickets using
JWT tokens.
7. Client can request a TGT with:
a) User plain password credential
b) User keyTab
c) User token credential
8. Client can request a service ticket with:
a) user TGT credential for a server
b) user AccessToken credential for a server
9. Network support including UDP and TCP transport with two implementations:
a) Default implementation based on the JRE without depending on other
libraries.
b) Netty based implementation for better throughput, lower latency.
10. Tools:
a) kadmin: Command-line interfaces to the Kerby administration system.
b) kinit: Obtains and caches an initial ticket-granting ticket for
principal.
c) klist: Lists the Kerby principal and tickets held in a credentials
cache, or the keys held in a keytab file.
11. Provides support for JAAS, GSSAPI and SASL frameworks that applications can
leverage the authentication mechanisms provided by Kerby.
In progress:
1. Supports PKINIT mechanism to allow clients to request tickets using x509
certificate credentials. (50% is finished)
2. Server scripts for Kerby KDC.
3. Building support: checking style and find bugs.
4. Integration and compatible tests.
5. Building the web site.
Plan to do:
1. Supports OTP mechanism to allow clients to request tickets using One Time
Password.
2. Consolidate the existing Change Password protocol implementation.
3. REST representation for Kadmin interface.
4. Implement remote mode kadmin tool based on Kadmin REST API
5. Web management console to simplify the configuration and management
6. Write the admin guide and user guide.
7. Implementing cross-realm support.
Please look at here https://github.com/apache/directory-kerby for details.
Thanks
Jiajia
-----Original Message-----
From: Li, Jiajia [mailto:[email protected]]
Sent: Friday, July 03, 2015 3:43 PM
To: [email protected]
Subject: RE: state of KDC
Kerby Status Summary
Supported(done and almost done):
1. Kerberos library:
KrbClient API
KDC server API
Kadmin API
Credential cache and keytab utilities
2. Provides a standalone KDC server .
3. Supports various identity backends including:
a) MemoryIdentityBackend
b) JsonIdentityBackend
c) LdapIdentityBackend
d) ZookeeperIdentityBackend
e) MavibotBackend.
4. Provides an embedded KDC server named SimpleKdcServer that applications
can easily integrate into products, unit tests or integration tests.
5. Supports FAST/Preauthentication framework to allow popular and useful
authentication mechanisms.
6. Supports Token Preauth mechanism to allow clients to request tickets
using JWT tokens.
7. Client can request a TGT with:
a) User plain password credential
b) User keyTab
c) User token credential
8. Client can request a service ticket with:
a) user TGT credential for a server
b) user AccessToken credential for a server
9. Network support including UDP and TCP transport with two
implementations:
a) Default implementation based on the JRE without depending on other
libraries.
b) Netty based implementation for better throughput, lower latency.
10. Tools:
a) kadmin: Command-line interfaces to the Kerby administration system.
b) kinit: Obtains and caches an initial ticket-granting ticket for
principal.
c) klist: Lists the Kerby principal and tickets held in a credentials
cache, or the keys held in a keytab file.
11. Provides support for JAAS, GSSAPI and SASL frameworks that applications
can leverage the authentication mechanisms provided by Kerby.
In progress:
1. Supports PKINIT mechanism to allow clients to request tickets using
x509 certificate credentials. (50% is finished)
2. Server scripts for Kerby KDC.
3. Building support: checking style and find bugs.
4. Integration and compatible tests.
5. Building the web site.
Plan to do:
1. Supports OTP mechanism to allow clients to request tickets using One
Time Password.
2. Consolidate the existing Change Password protocol implementation.
3. REST representation for Kadmin interface.
4. Implement remote mode kadmin tool based on Kadmin REST API
5. Web management console to simplify the configuration and management
6. Write the admin guide and user guide.
7. Implementing cross-realm support.
Please look at here https://github.com/apache/directory-kerby for details.
Thanks
Jiajia
-----Original Message-----
From: Kiran Ayyagari [mailto:[email protected]]
Sent: Friday, July 03, 2015 11:33 AM
To: [email protected]
Subject: state of KDC
Can anyone summarize what our KDC can and cannot do?
I want to know what features are currently supported and what not and what are
in progress.
thank you
--
Kiran Ayyagari
http://keydap.com
