Thanks Kiran for the response. >> you are all using JIRA well, I'm afraid we're not, being far from good.
>>but it is only referred when one is working on a issue. I thought big/important features should deserve a master JIRA, which should document well the requirement/goal, rough approach and design. So if anybody has concerns, just comment. It should be the same good as raised in the ML. >> From now onwards sending a summary note before making any significant >> changes, I'm OK with this and will do. Hope the developers all love to write, not only codes, but also docs and emails. >>cause I believe the code base is already huge. I would rather think it's a good base, at least we have codes to improve. It's a new Kerberos impl, and has so many things to catch up with. We're far from enough, still long way to go. Regards, Kai -----Original Message----- From: Kiran Ayyagari [mailto:[email protected]] Sent: Friday, July 03, 2015 5:09 PM To: [email protected] Subject: Re: state of KDC On Fri, Jul 3, 2015 at 4:43 PM, Zheng, Kai <[email protected]> wrote: > Yeah, I agree. > > One thing to note is we're making use of JIRA not very well in my view. > For most features we added, we have JIRA entries. The bad thing is > they got very few inputs. I thought we should rely more on JIRA system > to discuss so they could be tracked well for following contributors, > as most ASF projects do. > you are all using JIRA well, but it is only referred when one is working on a issue. From now onwards sending a summary note before making any significant changes, cause I believe the code base is already huge. > Regards, > Kai > > -----Original Message----- > From: Kiran Ayyagari [mailto:[email protected]] > Sent: Friday, July 03, 2015 4:34 PM > To: [email protected] > Subject: Re: state of KDC > > On Fri, Jul 3, 2015 at 4:24 PM, Zheng, Kai <[email protected]> wrote: > > > Thanks Jiajia for sorting this out! It's helpful to learn about the > > new project. Maybe we should have such status update or lighter ones > regularly? > > > > > it is a good practice to let the team know before if you are planning > to add any new features or any _significant_ changes to the code base. > > > Regards, > > Kai > > > > -----Original Message----- > > From: Li, Jiajia [mailto:[email protected]] > > Sent: Friday, July 03, 2015 4:02 PM > > To: [email protected] > > Subject: RE: state of KDC > > > > Refine the format for easying reading. > > > > Kerby Status Summary > > > > Supported(done and almost done): > > 1. Kerberos library: > > a) KrbClient API > > b) KDC server API > > c) Kadmin API > > d) Credential cache and keytab utilities > > > > 2. Provides a standalone KDC server . > > > > 3. Supports various identity backends including: > > a) MemoryIdentityBackend > > b) JsonIdentityBackend > > c) LdapIdentityBackend > > d) ZookeeperIdentityBackend > > e) MavibotBackend. > > > > 4. Provides an embedded KDC server named SimpleKdcServer that > > applications can easily integrate into products, unit tests or > integration tests. > > > > 5. Supports FAST/Preauthentication framework to allow popular and > > useful authentication mechanisms. > > > > 6. Supports Token Preauth mechanism to allow clients to request > > tickets using JWT tokens. > > > > 7. Client can request a TGT with: > > a) User plain password credential > > b) User keyTab > > c) User token credential > > > > 8. Client can request a service ticket with: > > a) user TGT credential for a server > > b) user AccessToken credential for a server > > > > 9. Network support including UDP and TCP transport with two > > implementations: > > a) Default implementation based on the JRE without depending on > > other libraries. > > b) Netty based implementation for better throughput, lower latency. > > > > 10. Tools: > > a) kadmin: Command-line interfaces to the Kerby administration > system. > > b) kinit: Obtains and caches an initial ticket-granting ticket > > for principal. > > c) klist: Lists the Kerby principal and tickets held in a > > credentials cache, or the keys held in a keytab file. > > > > 11. Provides support for JAAS, GSSAPI and SASL frameworks that > > applications can leverage the authentication mechanisms provided by > Kerby. > > > > In progress: > > 1. Supports PKINIT mechanism to allow clients to request tickets > > using > > x509 certificate credentials. (50% is finished) > > > > 2. Server scripts for Kerby KDC. > > > > 3. Building support: checking style and find bugs. > > > > 4. Integration and compatible tests. > > > > 5. Building the web site. > > > > Plan to do: > > 1. Supports OTP mechanism to allow clients to request tickets using > > One Time Password. > > > > 2. Consolidate the existing Change Password protocol implementation. > > > > 3. REST representation for Kadmin interface. > > > > 4. Implement remote mode kadmin tool based on Kadmin REST API > > > > 5. Web management console to simplify the configuration and > > management > > > > 6. Write the admin guide and user guide. > > > > 7. Implementing cross-realm support. > > > > Please look at here https://github.com/apache/directory-kerby for > details. > > > > Thanks > > Jiajia > > > > -----Original Message----- > > From: Li, Jiajia [mailto:[email protected]] > > Sent: Friday, July 03, 2015 3:43 PM > > To: [email protected] > > Subject: RE: state of KDC > > > > Kerby Status Summary > > > > Supported(done and almost done): > > 1. Kerberos library: > > KrbClient API > > KDC server API > > Kadmin API > > Credential cache and keytab utilities > > 2. Provides a standalone KDC server . > > 3. Supports various identity backends including: > > a) MemoryIdentityBackend > > b) JsonIdentityBackend > > c) LdapIdentityBackend > > d) ZookeeperIdentityBackend > > e) MavibotBackend. > > 4. Provides an embedded KDC server named SimpleKdcServer that > > applications can easily integrate into products, unit tests or > > integration tests. > > 5. Supports FAST/Preauthentication framework to allow popular and > > useful authentication mechanisms. > > 6. Supports Token Preauth mechanism to allow clients to request > > tickets using JWT tokens. > > 7. Client can request a TGT with: > > a) User plain password credential > > b) User keyTab > > c) User token credential > > 8. Client can request a service ticket with: > > a) user TGT credential for a server > > b) user AccessToken credential for a server > > 9. Network support including UDP and TCP transport with two > > implementations: > > a) Default implementation based on the JRE without depending on > other > > libraries. > > b) Netty based implementation for better throughput, lower latency. > > 10. Tools: > > a) kadmin: Command-line interfaces to the Kerby administration > system. > > b) kinit: Obtains and caches an initial ticket-granting ticket for > > principal. > > c) klist: Lists the Kerby principal and tickets held in a > credentials > > cache, or the keys held in a keytab file. > > 11. Provides support for JAAS, GSSAPI and SASL frameworks that > > applications can leverage the authentication mechanisms provided by > Kerby. > > > > In progress: > > 1. Supports PKINIT mechanism to allow clients to request tickets > > using x509 certificate credentials. (50% is finished) > > 2. Server scripts for Kerby KDC. > > 3. Building support: checking style and find bugs. > > 4. Integration and compatible tests. > > 5. Building the web site. > > > > Plan to do: > > 1. Supports OTP mechanism to allow clients to request tickets using > > One Time Password. > > 2. Consolidate the existing Change Password protocol implementation. > > 3. REST representation for Kadmin interface. > > 4. Implement remote mode kadmin tool based on Kadmin REST API > > 5. Web management console to simplify the configuration and > management > > 6. Write the admin guide and user guide. > > 7. Implementing cross-realm support. > > > > Please look at here https://github.com/apache/directory-kerby for > details. > > > > > > Thanks > > Jiajia > > > > -----Original Message----- > > From: Kiran Ayyagari [mailto:[email protected]] > > Sent: Friday, July 03, 2015 11:33 AM > > To: [email protected] > > Subject: state of KDC > > > > Can anyone summarize what our KDC can and cannot do? > > > > I want to know what features are currently supported and what not > > and what are in progress. > > > > thank you > > > > -- > > Kiran Ayyagari > > http://keydap.com > > > > > > > -- > Kiran Ayyagari > http://keydap.com > -- Kiran Ayyagari http://keydap.com
