On Fri, Jul 3, 2015 at 4:24 PM, Zheng, Kai <[email protected]> wrote:
> Thanks Jiajia for sorting this out! It's helpful to learn about the new > project. Maybe we should have such status update or lighter ones regularly? > > it is a good practice to let the team know before if you are planning to add any new features or any _significant_ changes to the code base. Regards, > Kai > > -----Original Message----- > From: Li, Jiajia [mailto:[email protected]] > Sent: Friday, July 03, 2015 4:02 PM > To: [email protected] > Subject: RE: state of KDC > > Refine the format for easying reading. > > Kerby Status Summary > > Supported(done and almost done): > 1. Kerberos library: > a) KrbClient API > b) KDC server API > c) Kadmin API > d) Credential cache and keytab utilities > > 2. Provides a standalone KDC server . > > 3. Supports various identity backends including: > a) MemoryIdentityBackend > b) JsonIdentityBackend > c) LdapIdentityBackend > d) ZookeeperIdentityBackend > e) MavibotBackend. > > 4. Provides an embedded KDC server named SimpleKdcServer that applications > can easily integrate into products, unit tests or integration tests. > > 5. Supports FAST/Preauthentication framework to allow popular and useful > authentication mechanisms. > > 6. Supports Token Preauth mechanism to allow clients to request tickets > using JWT tokens. > > 7. Client can request a TGT with: > a) User plain password credential > b) User keyTab > c) User token credential > > 8. Client can request a service ticket with: > a) user TGT credential for a server > b) user AccessToken credential for a server > > 9. Network support including UDP and TCP transport with two > implementations: > a) Default implementation based on the JRE without depending on other > libraries. > b) Netty based implementation for better throughput, lower latency. > > 10. Tools: > a) kadmin: Command-line interfaces to the Kerby administration system. > b) kinit: Obtains and caches an initial ticket-granting ticket for > principal. > c) klist: Lists the Kerby principal and tickets held in a credentials > cache, or the keys held in a keytab file. > > 11. Provides support for JAAS, GSSAPI and SASL frameworks that > applications can leverage the authentication mechanisms provided by Kerby. > > In progress: > 1. Supports PKINIT mechanism to allow clients to request tickets using > x509 certificate credentials. (50% is finished) > > 2. Server scripts for Kerby KDC. > > 3. Building support: checking style and find bugs. > > 4. Integration and compatible tests. > > 5. Building the web site. > > Plan to do: > 1. Supports OTP mechanism to allow clients to request tickets using One > Time Password. > > 2. Consolidate the existing Change Password protocol implementation. > > 3. REST representation for Kadmin interface. > > 4. Implement remote mode kadmin tool based on Kadmin REST API > > 5. Web management console to simplify the configuration and management > > 6. Write the admin guide and user guide. > > 7. Implementing cross-realm support. > > Please look at here https://github.com/apache/directory-kerby for details. > > Thanks > Jiajia > > -----Original Message----- > From: Li, Jiajia [mailto:[email protected]] > Sent: Friday, July 03, 2015 3:43 PM > To: [email protected] > Subject: RE: state of KDC > > Kerby Status Summary > > Supported(done and almost done): > 1. Kerberos library: > KrbClient API > KDC server API > Kadmin API > Credential cache and keytab utilities > 2. Provides a standalone KDC server . > 3. Supports various identity backends including: > a) MemoryIdentityBackend > b) JsonIdentityBackend > c) LdapIdentityBackend > d) ZookeeperIdentityBackend > e) MavibotBackend. > 4. Provides an embedded KDC server named SimpleKdcServer that > applications can easily integrate into products, unit tests or integration > tests. > 5. Supports FAST/Preauthentication framework to allow popular and > useful authentication mechanisms. > 6. Supports Token Preauth mechanism to allow clients to request > tickets using JWT tokens. > 7. Client can request a TGT with: > a) User plain password credential > b) User keyTab > c) User token credential > 8. Client can request a service ticket with: > a) user TGT credential for a server > b) user AccessToken credential for a server > 9. Network support including UDP and TCP transport with two > implementations: > a) Default implementation based on the JRE without depending on other > libraries. > b) Netty based implementation for better throughput, lower latency. > 10. Tools: > a) kadmin: Command-line interfaces to the Kerby administration system. > b) kinit: Obtains and caches an initial ticket-granting ticket for > principal. > c) klist: Lists the Kerby principal and tickets held in a credentials > cache, or the keys held in a keytab file. > 11. Provides support for JAAS, GSSAPI and SASL frameworks that > applications can leverage the authentication mechanisms provided by Kerby. > > In progress: > 1. Supports PKINIT mechanism to allow clients to request tickets > using x509 certificate credentials. (50% is finished) > 2. Server scripts for Kerby KDC. > 3. Building support: checking style and find bugs. > 4. Integration and compatible tests. > 5. Building the web site. > > Plan to do: > 1. Supports OTP mechanism to allow clients to request tickets using > One Time Password. > 2. Consolidate the existing Change Password protocol implementation. > 3. REST representation for Kadmin interface. > 4. Implement remote mode kadmin tool based on Kadmin REST API > 5. Web management console to simplify the configuration and management > 6. Write the admin guide and user guide. > 7. Implementing cross-realm support. > > Please look at here https://github.com/apache/directory-kerby for details. > > > Thanks > Jiajia > > -----Original Message----- > From: Kiran Ayyagari [mailto:[email protected]] > Sent: Friday, July 03, 2015 11:33 AM > To: [email protected] > Subject: state of KDC > > Can anyone summarize what our KDC can and cannot do? > > I want to know what features are currently supported and what not and what > are in progress. > > thank you > > -- > Kiran Ayyagari > http://keydap.com > > -- Kiran Ayyagari http://keydap.com
