Apache Kerby™ is a Java Kerberos binding. It provides a rich,
intuitive and interoperable implementation, library, KDC and various
facilities that integrates PKI, OTP and token (OAuth2) as desired in
modern environments such as cloud, Hadoop and mobile.
Apache Kerby 2.1.0 is released and is availa
This is a vote to release Apache Kerby 2.1.0. The main features are
the removal of the HAS project, which was not maintained, and updates
to the LDAP API and Directory Server versions. I've tested it with the
CXF Kerberos system tests and it's fine.
Since the last vote I've fixed the integration t
Thanks again Shawn for checking, I'll fix that and re-spin the vote.
This vote is cancelled.
Colm.
On Wed, Jul 31, 2024 at 3:52 PM Shawn McKinney wrote:
>
>
>
> > On Jul 31, 2024, at 4:28 AM, Colm O hEigeartaigh
> > wrote:
> >
> > This is a vote t
This is a vote to release Apache Kerby 2.1.0. The main features are
the removal of the HAS project, which was not maintained, and updates
to the LDAP API and Directory Server versions. I've tested it with the
CXF Kerberos system tests and it's fine.
Since the last vote I've fixed the build so that
> cannot access java.time.Duration
> class file for java.time.Duration not found
> [ERROR]
> /opt/kerby/directory-kerby/kerby-common/kerby-asn1/src/test/java/org/apache/kerby/asn1/PersonnelRecordTest.java:[88,9]
> cannot access java.time.Period
> class file for java.time.Perio
This is a vote to release Apache Kerby 2.1.0. The main features are
the removal of the HAS project, which was not maintained, and updates
to the LDAP API and Directory Server versions. I've tested it with the
CXF Kerberos system tests and it's fine.
Issues fixed:
https://issues.apache.org/jira/se
Hi,
FYI I am removing the HAS project from the next major release (2.1.0),
as it is not satisfactorily maintained:
https://issues.apache.org/jira/browse/DIRKRB-765
Colm.
-
To unsubscribe, e-mail: kerby-unsubscr...@directory.apac
Description:
An LDAP Injection vulnerability exists in the LdapIdentityBackend of
Apache Kerby before 2.0.3.
Credit:
4ra1n of Chaitin Tech (finder)
References:
https://directory.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-25613
---
This is a vote to release Apache Kerby 2.0.3:
Release notes:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310910&version=12351717
Git tag: https://github.com/apache/directory-kerby/releases/tag/kerby-all-2.0.3
Artifacts:
https://repository.apache.org/content/repositories/or
Hi Lars,
Could you submit a pull request for this against
https://github.com/apache/directory-kerby ?
Colm.
On Sat, Jul 16, 2022 at 1:23 PM Lars Froböse wrote:
>
> Hi,
> this is my first mail to this mailing list and hopefully this is the
> right place to address my case.
>
> I've found what I
With 3 binding +1 votes, and no other votes, this vote passes - I'll
do the release.
Colm.
On Sat, May 7, 2022 at 2:03 PM 李佳佳(佳加)
wrote:
>
> +1, built successfully and all the tests passed.
>
> Thanks,
> Jiajia
>
>
> --
> From:Colm
This is a vote to release Apache Kerby 2.0.2.
Issues fixed:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310910&version=12348361
Git tag: https://github.com/apache/directory-kerby/tree/kerby-all-2.0.2
Artifacts:
https://repository.apache.org/content/repositories/orgapachedi
Hi,
I'm planning to release 2.0.2 of Kerby soon with these fixes:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310910&version=12348361
Let me know ASAP if there is anything missing please.
Colm.
-
To unsub
Hi,
I think this is a bug, would you consider submitting a pull request to fix it?
Colm.
On Wed, Jun 16, 2021 at 8:43 AM Sai Sandeep Rangisetti
wrote:
>
> Hi,
>
> I was using kerby-kdc and found that netty implementation is not responding
> anything if we give a wrong realm. From the code I hav
rce artifact but I assume you
> create them when uploading to dist.apache.org
>
> Kind Regards,
> Stefan
>
>
> On 5/25/20 11:49 AM, Colm O hEigeartaigh wrote:
> > This is a vote to release Apache Kerby 2.0.1. It's been over a year since
> > the last release, thi
This is a vote to release Apache Kerby 2.0.1. It's been over a year since
the last release, this release fixes a few bugs and updates some
dependencies.
Issues fixed:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310910&version=12344836
Artifacts:
https://repository.apache.org
exception
> "java.lang.IllegalArgumentException: The RSA key size must be at least 2048
> bits"
>
> I think the following commit is for fixing it:
> "
> commit c865ab74a9eb8a14b2506f3b86dbe4984c140545
> Author: Colm O hEigeartaigh
> Date: Mon Nov 11 12:58:58 2019 +
>
>
Hi Jiajia,
I want to release a new version of Kerby. Can you build the HAS dist from
the current trunk code and verify that it's working OK?
Colm.
I think I will release 2.0.1 soon. Please shout if there are any further
changes anyone would like to see in it!
Colm.
Hi Richard,
Thanks for the contribution. Could you either create a new JIRA (
https://issues.apache.org/jira/browse/DIRKRB) and attach the patch there,
or else create a new pull request on github with the changes?
Colm.
On Fri, Nov 8, 2019 at 10:43 PM Richard Feezel wrote:
> My application, wh
nd/src/test/java/org/apache/kerby/kerberos/kerb/identity/backend/LdapBackendKdcTest.java
> > [3] https://paste.apache.org/ep0B
> > [4]
> >
> >
> https://github.com/apache/directory-kerby/blob/trunk/kerby-backend/ldap-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/LdapIdentityBackend.java
> >
> > --
> > Francesco Chicchiriccò
> >
> > Tirasa - Open Source Excellence
> > http://www.tirasa.net/
> >
> > Member at The Apache Software Foundation
> > Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
> > http://home.apache.org/~ilgrosso/
> >
> > Kiran
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
release!
Best Regards,
The Apache Directory Team
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
The move is now complete. Please clone the following URL for use with Kerby
from now on:
https://gitbox.apache.org/repos/asf?p=directory-kerby.git
Colm.
On Thu, Jan 24, 2019 at 11:50 AM Colm O hEigeartaigh
wrote:
> As there are no objections, I'm going to proceed with this switch.
As there are no objections, I'm going to proceed with this switch.
Colm.
On Sun, Jan 20, 2019 at 11:40 AM Stefan Seelmann
wrote:
> +1 from me too.
>
> On 1/15/19 10:22 AM, Colm O hEigeartaigh wrote:
> > Hi,
> >
> > Apache Infra are moving the git re
> Hi Colm,
>
> Thanks for driving the release and making it happen. Can we use the 2.0.0
> now? Will there be the announcement email for this release?
>
> Thanks,
> Jiajia
>
> -----Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> Sent:
though is
that it gives us the ability to merge PRs directly from github.
+1 from me.
Colm.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
fan Seelmann [mailto:m...@stefan-seelmann.de]
> > Sent: Thursday, January 10, 2019 6:07 AM
> > To: Apache Directory Developers List ;
> kerby@directory.apache.org
> > Subject: Re: [VOTE] - Release Apache Kerby 2.0.0 - take II
> >
> > +1
> >
> > Built w
base 64 encode the ticket for addition to HTTP headers:
>
> Authorization: Negotiate
>
> I have:
>
> sgt.getTicket().encode()
>
> But never get quite what I expect.
>
>
>
> On Mon, Jan 7, 2019 at 5:39 AM Colm O hEigeartaigh
> wrote:
> >
> > Hi
/repositories/orgapachedirectory-1180/
Issues fixed:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310910&version=12342433
+1 from me.
Colm.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
OK sounds good thanks!
Colm.
On Tue, Jan 8, 2019 at 7:20 AM Li, Jiajia wrote:
> The implementation of HadminApi REST API is based on SPNEGO, the admin
> should have the admin.keytab to call this API.
>
> Thanks,
> Jiajia
>
> -Original Message-
> From: Colm O hE
ava:75)
> at
> org.apache.kerby.kerberos.kerb.client.KrbHandler.handleRequest(KrbHandler.java:71)
> at
> org.apache.kerby.kerberos.kerb.client.impl.DefaultKrbHandler.handleRequest(DefaultKrbHandler.java:40)
> at
> org.apache.kerby.kerberos.kerb.client.impl.DefaultInternalKrbClient.sendIfPossible(DefaultInternalKrbClient.java:118)
> at
> org.apache.kerby.kerberos.kerb.client.impl.DefaultInternalKrbClient.doRequest(DefaultInternalKrbClient.java:81)
>
> Thanks,
>
> Shane
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Hi,
I'm wondering how the HadminApi REST API is secured to prevent non-admin
users from calling it?
Colm.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
erby/tree/kerby-all-2.0.0
+1 from me.
Colm.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
; Jiajia
>
> -Original Message-
> From: Emmanuel Lécharny [mailto:elecha...@gmail.com]
> Sent: Tuesday, October 16, 2018 12:18 AM
> To: kerby@directory.apache.org
> Subject: Re: Kerby 2.0.0
>
>
>
> Le 15/10/2018 à 15:20, Colm O hEigeartaigh a écrit :
> > H
use mvn dependency:tree for that purpose.
>
> Note that the N&L will change between a binary package and a source
> package. Typically, in a source package, if you have dependencies that are
> only added while building a binary package, then there is no need to add
> them (
d a distribution
> > >>> containing
> > the required jars. How does it work for HAS?
> > HAS can be the same as the kdc-dist + tool-dist.
> >
>
> > Do you mean here that you plan to change the HAS distribution to also
> include the required jars?
>
> Y
u plan to change the HAS distribution to also
include the required jars?
Colm.
>
> Thanks,
> Jiajia
>
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> Sent: Saturday, September 8, 2018 12:41 AM
> To: Li, Jiajia
> Cc: kerby@directory.apache.org
> Subject: Re: Kerby 2
es in the Hadoop is for Hadoop Client
> using the new authentication method.
>
OK now I understand thanks.
Colm.
>
>
> Thanks,
>
> Jiajia
>
>
>
>
>
> *From:* Colm O hEigeartaigh [mailto:cohei...@apache.org]
> *Sent:* Friday, September 7, 2018 12:24 AM
tributions?
>
> The Hadoop version has been upgraded to 3.0.3.
> "HAS project" will build a distribution, here is the license folder:
> https://github.com/apache/directory-kerby/tree/trunk/kerby-dist/has-dist/licenses
>
> Thanks,
> Jiajia
>
>
> -Origin
s
> >> critical
> >> - we need some "getting started" type tutorials to explain how to use
> the product.
>
> Agree with you, it's also in our plan.
>
> Regards,
> Jiajia
>
> -Original Message-
> From: Colm O hEigeartaigh [mailto:c
e documents
> 4. Testing
>
> How do you think about this?
>
>
> Regards,
> Jiajia
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
the ticket client side using only Kerby API? If not,
> what is the recommended approach at this time?
>
> Btw. I encode the bytes using:
>
> new String(Base64.getEncoder().encode(bout.toByteArray()),
> StandardCharsets.UTF_8).replaceAll("\n", "");
>
> and add them to the header under
>
> Authorization: Negotiate + token
>
> Cheers,
>
> Kamil Krynicki
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
want to use a tool to verify the N&L files which
> are spread all over the project...
>
>
> Le 21/05/2018 à 14:12, Colm O hEigeartaigh a écrit :
> > This is a vote to release Apache Kerby 1.1.1.
> >
> > Artifacts:
> >
> > https://repository.apache.o
&version=12342211
+1 from me.
Colm.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
; TGT as a client?
> Thank you so much!
> Jim
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
t; -Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> Sent: Wednesday, April 25, 2018 4:55 PM
> To: kerby@directory.apache.org
> Subject: Re: Re: Kerby support for keytab in arcfour-hmac-md5?
>
> That's great! Yes the fix is already in the 1.1.x br
; Yup. Works like a charm.
>
> Please be sure to include this fix in 1.1.1!
>
> Btw. When is the planned release?
>
> Cheers,
> Kamil
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
true);
>
> File keytab = new File(".keytab");
> Assert.assertTrue(keytab.exists());
> requestOptions.add(KrbOption.KEYTAB_FILE, keytab);
>
>
> TgtTicket tgt = client.requestTgt(requestOptions);
>
> Kamil
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
CIPHER_ALGO_MAP.put("aes128", "AES128");
> CIPHER_ALGO_MAP.put("des3", "DESede");
> CIPHER_ALGO_MAP.put("des", "DES");
> }
>
> My questions are:
> - is this a bug or a feature?
> - is it possible to make kerby work with keytab ciphered with
> arcfour-hmac-md5?
>
> I'm on centOS 7 btw.
>
> Thank you,
> Kamil
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
has a patch but no test.
Are there any other issues that should make it in for 1.1.1?
Colm.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
iew/A-D/view/Directory/job/dir-kerby/
> [2] https://builds.apache.org/view/A-D/view/Directory/job/
> dir-kerby-openjdk/
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
ed to support autocomplete in Kadmin
> tool later? JLine supports command line completion.
>
> Thanks,
> Frank
>
> -Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> Sent: Friday, February 9, 2018 6:28 PM
> To: kerby@directory.apache.org
>
.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
will speed up the progress, make the
> Kerby 2.0 available as soon as possible.
>
> Thanks,
> Jiajia
>
> -Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> Sent: Thursday, February 1, 2018 5:40 PM
> To: kerby@directory.apache.org
>
.7.2.patch
> +++ b/has/supports/hadoop/hadoop-2.7.2.patch
> @@ -11,6 +11,16 @@ index aa3c2c7..e4f1fd2 100644
> + has-client
> + 1.0.0-SNAPSHOT
> +
> ++
> ++ org.drizzle.jdbc
> ++ drizzle-jdbc
> ++ 1.4
> ++
> ++
> ++ org.apache.kerby
> ++ has-plugins
> ++ 1.0.0-SNAPSHOT
> ++
>
>
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
ge org.apache.kerby.has.server.web.rest.param;
> +
> +public class HostParam extends StringParam {
> + /**
> + * Parameter name.
> + */
> + public static final String NAME = "host";
> + /**
> + * Default parameter value.
> + */
> + public static final String DEFAULT = "";
> +
> + private static final Domain DOMAIN = new Domain(NAME, null);
> +
> + /**
> + * Constructor.
> + *
> + * @param str a string representation of the parameter value.
> + */
> + public HostParam(final String str) {
> +super(DOMAIN, str == null || str.equals(DEFAULT) ? null : str);
> + }
> +
> + @Override
> + public String getName() {
> +return NAME;
> + }
> +}
>
> http://git-wip-us.apache.org/repos/asf/directory-kerby/
> blob/2e9a8644/has-project/has-server/src/main/java/org/
> apache/kerby/has/server/web/rest/param/HostRoleParam.java
> --
> diff --git a/has-project/has-server/src/main/java/org/apache/kerby/
> has/server/web/rest/param/HostRoleParam.java b/has-project/has-server/src/
> main/java/org/apache/kerby/has/server/web/rest/param/HostRoleParam.java
> new file mode 100644
> index 000..72706ff
> --- /dev/null
> +++ b/has-project/has-server/src/main/java/org/apache/kerby/
> has/server/web/rest/param/HostRoleParam.java
> @@ -0,0 +1,45 @@
> +/**
> + * Licensed to the Apache Software Foundation (ASF) under one
> + * or more contributor license agreements. See the NOTICE file
> + * distributed with this work for additional information
> + * regarding copyright ownership. The ASF licenses this file
> + * to you under the Apache License, Version 2.0 (the
> + * "License"); you may not use this file except in compliance
> + * with the License. You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
> implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +package org.apache.kerby.has.server.web.rest.param;
> +
> +public class HostRoleParam extends StringParam {
> + /**
> + * Parameter name.
> + */
> + public static final String NAME = "role";
> + /**
> + * Default parameter value.
> + */
> + public static final String DEFAULT = "";
> +
> + private static final Domain DOMAIN = new Domain(NAME, null);
> +
> + /**
> + * Constructor.
> + *
> + * @param str a string representation of the parameter value.
> + */
> + public HostRoleParam(final String str) {
> +super(DOMAIN, str == null || str.equals(DEFAULT) ? null : str);
> + }
> +
> + @Override
> + public String getName() {
> +return NAME;
> + }
> +}
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Great, thanks!
Colm.
On Fri, Jan 26, 2018 at 8:24 AM, Li, Jiajia wrote:
> The error occurred after upgrading the mvn version to 3.5.2, I've fixed
> it. Thanks Colm.
>
> Regards,
> Jiajia
>
> -Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...
Actually this could be OK if the intention was to drop the decimal place
after dividing by 1000?
Colm.
On Thu, Jan 25, 2018 at 2:09 AM, Zeng, Frank wrote:
> Hi Colm,
>
> So sorry for that, I will fix it.
>
> Thanks,
> Frank
>
> -Original Message-
>
you provide the java and OS
> version?
>
>
>
> Thanks,
>
> Jiajia
>
>
>
> *From:* Colm O hEigeartaigh [mailto:cohei...@apache.org]
> *Sent:* Wednesday, January 24, 2018 11:30 PM
> *To:* kerby@directory.apache.org; Li, Jiajia
> *Subject:* Re: directory-ker
s/has-plugins/src/test/
> java/org/apache/kerby/has/plugins/TestHasServerPluginRegistry.java
> new file mode 100644
> index 000..d727b12
> --- /dev/null
> +++ b/has/has-plugins/src/test/java/org/apache/kerby/has/plugins/
> TestHasServerPluginRegistry.java
> @@ -0,0 +1,43 @@
> +/**
> + * Licensed to the Apache Software Foundation (ASF) under one
> + * or more contributor license agreements. See the NOTICE file
> + * distributed with this work for additional information
> + * regarding copyright ownership. The ASF licenses this file
> + * to you under the Apache License, Version 2.0 (the
> + * "License"); you may not use this file except in compliance
> + * with the License. You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
> implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +package org.apache.kerby.has.plugins;
> +
> +import org.apache.kerby.has.common.HasException;
> +import org.apache.kerby.has.server.HasServerPluginRegistry;
> +import org.junit.Assert;
> +import org.junit.Test;
> +
> +import java.util.Set;
> +
> +public class TestHasServerPluginRegistry {
> +
> + @Test
> + public void testInit() {
> +Set pluginsNames = HasServerPluginRegistry.
> registeredPlugins();
> +Assert.assertTrue(pluginsNames.size() > 0);
> + }
> +
> + @Test
> + public void testCreatePlugin() throws HasException {
> +Assert.assertTrue(HasServerPluginRegistry.createPlugin("MySQL") !=
> null);
> +Set pluginNames = HasServerPluginRegistry.
> registeredPlugins();
> +for (String name : pluginNames) {
> + HasServerPluginRegistry.createPlugin(name);
> +}
> + }
> +}
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
\t\t[Krb5LoginModule]: "
> ++ "Entering logout");
> +}
> +
> +if (subject.isReadOnly()) {
> +cleanKerberosCred();
> +throw new LoginException("Subject is Readonly");
> +}
> +
> +subject.getPrincipals().remove(kerbClientPrinc);
> +// Let us remove all Kerberos credentials stored in the
> Subject
> +Iterator it = subject.getPrivateCredentials(
> ).iterator();
> +while (it.hasNext()) {
> +Object o = it.next();
> +if (o instanceof KerberosTicket) {
> +it.remove();
> +}
> +}
> +// clean the kerberos ticket and keys
> +cleanKerberosCred();
> +
> +succeeded = false;
> +commitSucceeded = false;
> +if (debug) {
> +System.out.println("\t\t[HasLoginModule]: "
> ++ "logged out Subject");
> +}
> +return true;
> +} else {
> +return krb5LoginModule.logout();
> +}
> +}
> +
> +/**
> + * Clean Kerberos credentials
> + */
> +private void cleanKerberosCred() throws LoginException {
> +// Clean the ticket and server key
> +try {
> +if (kerbTicket != null) {
> +kerbTicket.destroy();
> +}
> +} catch (DestroyFailedException e) {
> +throw new LoginException("Destroy Failed on Kerberos Private
> Credentials");
> +}
> +kerbTicket = null;
> +kerbClientPrinc = null;
> +}
> +
> +/**
> + * Clean out the state
> + */
> +private void cleanState() {
> +
> +if (!succeeded) {
> +// remove temp results for the next try
> +principal = null;
> +}
> +if (krb5PrincName != null && krb5PrincName.length() != 0) {
> +krb5PrincName.delete(0, krb5PrincName.length());
> +}
> +krb5PrincName = null;
> +}
> +}
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
agreed to in writing,
> + * software distributed under the License is distributed on an
> + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
> + * KIND, either express or implied. See the License for the
> + * specific language governing permissions and limitations
> + * under the License.
> + *
> + */
> +package org.apache.kerby.kerberos.kerb.identity.backend;
> +
> +import org.apache.kerby.config.Conf;
> +import org.apache.kerby.kerberos.kdc.identitybackend.MySQLConfKey;
> +import org.apache.kerby.kerberos.kdc.identitybackend.
> MySQLIdentityBackend;
> +import org.apache.kerby.kerberos.kerb.KrbException;
> +import org.junit.AfterClass;
> +import org.junit.BeforeClass;
> +
> +import java.io.File;
> +import java.io.IOException;
> +
> +public class MySQLBackendTest extends BackendTestBase {
> +private static File testDir = new File(System.getProperty("test.dir",
> "target"));
> +private static File dbFile = new File(testDir, "mysqlbackend.mv.db");
> +
> +@BeforeClass
> +public static void setup() throws KrbException, IOException {
> +Conf config = new Conf();
> +config.setString(MySQLConfKey.MYSQL_DRIVER, "org.h2.Driver");
> +config.setString(MySQLConfKey.MYSQL_URL,
> +"jdbc:h2:" + testDir.getCanonicalPath() +
> "/mysqlbackend;MODE=MySQL");
> +config.setString(MySQLConfKey.MYSQL_USER, "root");
> +config.setString(MySQLConfKey.MYSQL_PASSWORD, "123456");
> +backend = new MySQLIdentityBackend(config);
> +backend.initialize();
> +}
> +
> +@AfterClass
> +public static void tearDown() throws KrbException {
> +if (backend != null) {
> +backend.stop();
> +}
> +if (dbFile.exists() && !dbFile.delete()) {
> +System.err.println("Failed to delete the test database
> file.");
> +}
> +}
> +}
>
> http://git-wip-us.apache.org/repos/asf/directory-kerby/
> blob/11089e86/kerby-backend/pom.xml
> --
> diff --git a/kerby-backend/pom.xml b/kerby-backend/pom.xml
> index ef95b87..6ce432c 100644
> --- a/kerby-backend/pom.xml
> +++ b/kerby-backend/pom.xml
> @@ -53,6 +53,7 @@
> ldap-backend
> mavibot-backend
> zookeeper-backend
> +mysql-backend
>
>
>
>
> http://git-wip-us.apache.org/repos/asf/directory-kerby/
> blob/11089e86/kerby-dist/kdc-dist/conf/backend.conf
> --
> diff --git a/kerby-dist/kdc-dist/conf/backend.conf
> b/kerby-dist/kdc-dist/conf/backend.conf
> index 2ead268..20134ef 100644
> --- a/kerby-dist/kdc-dist/conf/backend.conf
> +++ b/kerby-dist/kdc-dist/conf/backend.conf
> @@ -22,3 +22,7 @@ embedded_zk = false
> zk_host = 127.0.0.1
> zk_port = 2181
> data_dir = /tmp/zookeeper/data
> +mysql_driver = org.drizzle.jdbc.DrizzleDriver
> +mysql_url = jdbc:mysql:thin://127.0.0.1:3306/mysqlbackend?createDB=true
> +mysql_user = root
> +mysql_password = passwd
>
> http://git-wip-us.apache.org/repos/asf/directory-kerby/
> blob/11089e86/kerby-dist/kdc-dist/pom.xml
> --
> diff --git a/kerby-dist/kdc-dist/pom.xml b/kerby-dist/kdc-dist/pom.xml
> index 1766d28..3a5de2d 100644
> --- a/kerby-dist/kdc-dist/pom.xml
> +++ b/kerby-dist/kdc-dist/pom.xml
> @@ -89,6 +89,13 @@
>${gson.version}
>
>
> +
> +
> + org.apache.kerby
> + mysql-backend
> + ${project.version}
> +
> +
>
>
>org.slf4j
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
The branch is now created:
https://github.com/apache/directory-kerby/tree/1.1.x-fixes
Colm.
On Wed, Jan 10, 2018 at 1:35 AM, Li, Jiajia wrote:
> +1. Thanks Colm.
>
> Regards,
> Jiajia
>
> -Original Message-----
> From: Colm O hEigeartaigh [mailto:cohei...@apach
Hi all,
I'd like to propose creating a new 1.1.x-fixes branch (without the recent
HAS commits), and moving master to 2.0.0-SNAPSHOT. I think the HAS work
warrants a new major release.
Thoughts?
Colm.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
we will start to merge under the master
> JIRA(https://issues.apache.org/jira/browse/DIRKRB-671), please help to
> review the patches.
>
>
>
> Thanks,
>
> Jiajia
>
>
>
> <#m_8069559770700476617_this>*From:* Colm O hEigeartaigh [mailto:
> cohei...@apache.org
27;m not sure whether Alibaba already provided, is there one place we
> could check it?
>
>
>
> Thanks,
>
> Jiajia
>
>
>
> *From:* Colm O hEigeartaigh [mailto:cohei...@apache.org]
> *Sent:* Tuesday, December 5, 2017 1:50 AM
> *To:* kerby@directory.apache.o
AS binds webserver and Kerby KDC very closely, they are all included
> in HasServer(we can rename it after merging), we could also think the
> webserver is one part of Kerby KDC, we using the webserver for KDC to
> receive some requests from HTTPs client.
>
Yes +1 from me on merging to Kerby,
REST APIs not only for the new authentication, also provide some
> useful interfaces, such as: config Kerby KDC, manage the Kerby backend,
> export keytab files. These could help Kerby KDC to be stronger.
> 3. HAS binds webserver and Kerby KDC very closely, they are all included
> in
tokens etc, where you can "plug in" the tokens
that are supported. It might be worth exploring if the functionality of HAS
could be integrated with the CXF STS.
Colm.
> Thanks,
> Jiajia
>
> -----Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
ul, could continue the others steps, such as:
> getting SGT ticket.
>
> We replace the step through "kinit" to get Kerberos Ticket. There are two
> important benefits:
> 1. The user's principal may not be in the backend, security admins won't
> have
environments
such as cloud, Hadoop and mobile.
This is a new major release of Apache Kerby, which implements cross-realm
support, and also includes a GSSAPI module.
http://directory.apache.org/kerby/
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
kdc module with HAS, upgrade the Kerby KDC.
>
> Contributors:
> Jiajia, Li (Intel)
> Lin, Zeng (Intel)
> Zhiqiang, Zhang (Intel)
> Kai, Zheng (Intel)
> Wei, Wu (Alibaba)
> Jun, Song (Alibaba)
> Long, Cao (Alibaba)
> Zhenyuan, Wei (Alibaba)
>
> Your review efforts are truly appreciated, please feel free to provide us
> your feedback.
>
> Regards,
> Jiajia
>
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
HAS provides a complete Hadoop/Spark authentication framework and
> solution based on Kerberos, HAS can help to upgrade Kerby KDC, make it more
> solid and stronger. And if HAS can be merged to Apache Kerby, community
> will help HAS grow faster and users can more easily using this solution in
> their own production. We have two suggestions about how to merge:
> > - Option1:
> > Create a standalone module "kerby-has", putting HAS project under this
> module.
> > - Option2:
> > Suggest replacing kerby-kdc module with HAS, upgrade the Kerby KDC.
> >
> > Contributors:
> > Jiajia, Li (Intel)
> > Lin, Zeng (Intel)
> > Zhiqiang, Zhang (Intel)
> > Kai, Zheng (Intel)
> > Wei, Wu (Alibaba)
> > Jun, Song (Alibaba)
> > Long, Cao (Alibaba)
> > Zhenyuan, Wei (Alibaba)
> >
> > Your review efforts are truly appreciated, please feel free to provide
> us your feedback.
> >
> > Regards,
> > Jiajia
> >
> >
> >
> >
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
-- Forwarded message --
From: Colm O hEigeartaigh
Date: Mon, Nov 27, 2017 at 10:00 AM
Subject: Re: [VOTE] - Release Apache Kerby 1.1.0
To: Apache Directory Developers List
With 8 +1 votes, and no other votes, this vote passes. I'll do the release.
Colm.
On Fri, Nov 24,
che licensed:
https://github.com/netplex/json-smart-v2/blob/master/LICENSE
Colm.
> Le 21/11/2017 à 12:29, Colm O hEigeartaigh a écrit :
> > This is a vote to release Apache Kerby 1.1.0. This is a new major release
> > of Apache Kerby, which implements cross-realm support, and also includes
://repository.apache.org/content/repositories/orgapachedirectory-1150/
In particular, the source distribution:
https://repository.apache.org/content/repositories/
orgapachedirectory-1150/org/apache/kerby/kerby-all/1.1.0/
+1 from me.
--
Colm O hEigeartaigh
Talend Community Coder
http
This is a vote to release Apache Kerby 1.1.0. This is a new major release
of Apache Kerby, which implements cross-realm support, and also includes a
GSSAPI module.
The list of issues fixed is here:
https://issues.apache.org/jira/projects/DIRKRB/versions/12341144
Maven artifacts:
https://reposit
Hi all,
I'm planning to call a vote on the 1.1.0 release next week. Is there
anything else anyone wants to include in the release?
Colm.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Hi all,
Are there any thoughts on a 1.1.0 release? The two new big features
(cross-realm + GSS support) are more or less ready. Is there anything major
left to be done for it?
Colm.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Proposed patch here: https://issues.apache.org/jira/browse/DIRKRB-667
Colm.
On Mon, Nov 6, 2017 at 10:41 AM, Colm O hEigeartaigh
wrote:
> Hi Kai,
>
> No I think the fix is to include transitive dependencies, but to "exclude"
> any dependencies that are not req
m principal in
> in kdc1 and kdc2.
>
> Thanks,
> Jiajia
>
> -Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> Sent: Monday, November 6, 2017 7:15 PM
> To: kerby@directory.apache.org
> Subject: Re: Kerby Update
>
> Hi Jiajia,
&
nf conf -c /tmp/krb5cc_0 -S h...@b.example.com
> Then we will get the service tgt, MIT Kerberos using "kvno" to get
> service tgt in this step.
>
>
> Thanks,
> Jiajia
>
> -Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
gt;
> I couldn't recall the reall issue I was targeting at that time, but looks
> like the thinking is to list all the required modules explicitly. I guess
> the fix would be to add the missed deps?
>
> Regards,
> Kai
>
> -Original Message-
> From: Colm O hEigeart
hanks,
> Jiajia
>
> -Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> Sent: Friday, November 3, 2017 7:06 PM
> To: kerby@directory.apache.org
> Subject: Transitive dependencies in the distributions
>
> Hi all,
>
> We are excluding transitive dep
ption:
org.apache.kerby.kerberos.kerb.KrbException
at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
Colm.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
so can be used to build
> trust relationship with MIT Kerberos KDC and we have tested compatibility.
>
> Here is the document about setting up cross realm:
> https://github.com/apache/directory-kerby/blob/trunk/docs/cross-realm.md
>
> Thanks,
> Jiajia
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
instead of using the correctly port contained in
> krbSetting.getKdcHost().
>
> I ran into the problem as my /etc/krb5.conf contains an old setting for a
> given realm, and the test code was picking this port up instead of the port
> set on krbSetting.
>
> Any thoughts on how to
port contained in
krbSetting.getKdcHost().
I ran into the problem as my /etc/krb5.conf contains an old setting for a
given realm, and the test code was picking this port up instead of the port
set on krbSetting.
Any thoughts on how to handle this?
Colm.
--
Colm O hEigeartaigh
Talend Community
ative. I thought we should list or mention it
> somewhere in our Directory/Kerby projects.
>
> Regards,
> Kai
>
> -----Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> Sent: Monday, September 11, 2017 7:30 PM
> To: Zheng, Kai
> Cc: kerby@dir
r after
> the upcoming 3.0 BETA 1, so that's why I asked.
>
> Any contributor would love to take this? Thanks!
>
> -kai
>
> -Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> Sent: Wednesday, September 13, 2017 7:13 PM
> To: kerby@di
n get notified by the announcement? Before I can receive such
> announcement messages, but now I don't, not sure what's wrong.
>
> -kai
>
> -Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> Sent: Wednesday, September 13, 2017 4:41 PM
---Original Message-----
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> Sent: Monday, September 4, 2017 6:48 PM
> To: kerby@directory.apache.org
> Subject: Re: [VOTE] - Release Apache Kerby 1.0.1
>
> Thanks to everyone who voted. We have 6 binding +1 votes, and one
>
merging PRs a lot
easier.
IMO we should also migrate...any thoughts?
Colm.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
anks Colm for the take. I'll try to bring up the context in my mind and
> give you some comments later.
>
> Regards,
> Kai
>
> -----Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> Sent: Friday, September 08, 2017 10:38 PM
> To: kerby@
Now that I've finished the JWT access token work, it'd be nice to finish
the Anonymous PKINIT side of things to get the Identity token part of it to
work. Please review my questions below.
Colm.
On Tue, Jun 20, 2017 at 12:39 PM, Colm O hEigeartaigh
wrote:
> Hi all,
>
> As p
Hi all,
I need some feedback on my proposed patch for DIRKRB-651:
https://issues.apache.org/jira/browse/DIRKRB-651
The patch adds support to specify a JWT AccessToken using the GSS API in
1.1.
Colm.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
all is good
>
>
> +1 !
>
>
> Le 30/08/2017 à 12:30, Colm O hEigeartaigh a écrit :
> > This is a vote to release Apache Kerby 1.0.1.
> >
> > Issues fixed:
> >
> > https://issues.apache.org/jira/projects/DIRKRB/versions/12340574
> >
> >
particular, the source artifacts:
https://repository.apache.org/content/repositories/orgapachedirectory-1146/org/apache/kerby/kerby-all/1.0.1/
+1 from me.
Colm.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
job and source/target level in pom.xml to Java 8
>
> Your call :)
>
> Kind Regards,
> Stefan
>
> [1] https://builds.apache.org/view/A-D/view/Directory/job/dir-kerby/
> [2] https://builds.apache.org/view/A-D/view/Directory/job/
> dir-kerby-openjdk/
>
> On 08/28/2017 11:
se/DIRKRB-614>, DIRKRB-631<
> https://issues.apache.org/jira/browse/DIRKRB-631>;
> > Fix the network related issue: DIRKRB-629<https://issues.
> apache.org/jira/browse/DIRKRB-629>;
> > And with some improvements in token preauth and kinit;
> >
> > I suggest we can make the new minor release. How do you think about it?
> >
> > Thanks,
> > Jiajia
> >
> >
> >
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
1 - 100 of 235 matches
Mail list logo
