On Fri, Jul 3, 2015 at 3:42 PM, Li, Jiajia <[email protected]> wrote:
> Kerby Status Summary > > Supported(done and almost done): > 1. Kerberos library: > KrbClient API > KDC server API > Kadmin API > Credential cache and keytab utilities > 2. Provides a standalone KDC server . > 3. Supports various identity backends including: > a) MemoryIdentityBackend > b) JsonIdentityBackend > c) LdapIdentityBackend > d) ZookeeperIdentityBackend > e) MavibotBackend. > 4. Provides an embedded KDC server named SimpleKdcServer that > applications can easily integrate into products, unit tests or integration > tests. > 5. Supports FAST/Preauthentication framework to allow popular and > useful authentication mechanisms. > 6. Supports Token Preauth mechanism to allow clients to request > tickets using JWT tokens. > 7. Client can request a TGT with: > a) User plain password credential > b) User keyTab > c) User token credential > 8. Client can request a service ticket with: > a) user TGT credential for a server > b) user AccessToken credential for a server > 9. Network support including UDP and TCP transport with two > implementations: > a) Default implementation based on the JRE without depending on other > libraries. > b) Netty based implementation for better throughput, lower latency. > 10. Tools: > a) kadmin: Command-line interfaces to the Kerby administration system. > b) kinit: Obtains and caches an initial ticket-granting ticket for > principal. > c) klist: Lists the Kerby principal and tickets held in a credentials > cache, or the keys held in a keytab file. > 11. Provides support for JAAS, GSSAPI and SASL frameworks that > applications can leverage the authentication mechanisms provided by Kerby. > > In progress: > 1. Supports PKINIT mechanism to allow clients to request tickets > using x509 certificate credentials. (50% is finished) > 2. Server scripts for Kerby KDC. > 3. Building support: checking style and find bugs. > 4. Integration and compatible tests. > 5. Building the web site. > > Plan to do: > 1. Supports OTP mechanism to allow clients to request tickets using > One Time Password. > 2. Consolidate the existing Change Password protocol implementation. > 3. REST representation for Kadmin interface. > 4. Implement remote mode kadmin tool based on Kadmin REST API > 5. Web management console to simplify the configuration and management > 6. Write the admin guide and user guide. > 7. Implementing cross-realm support. > > thank you > Please look at here https://github.com/apache/directory-kerby for details. > > > Thanks > Jiajia > > -----Original Message----- > From: Kiran Ayyagari [mailto:[email protected]] > Sent: Friday, July 03, 2015 11:33 AM > To: [email protected] > Subject: state of KDC > > Can anyone summarize what our KDC can and cannot do? > > I want to know what features are currently supported and what not and what > are in progress. > > thank you > > -- > Kiran Ayyagari > http://keydap.com > > -- Kiran Ayyagari http://keydap.com
