Re: Kerby GSS tests?

2015-04-29 Thread Colm O hEigeartaigh
no much difference from your test case with Kerby’s, but wonder why it’s ok in Kerby project. Will continue to investigate it tomorrow. Regards, Kai From: Colm O hEigeartaigh [mailto:cohei...@apache.org] Sent: Friday, April 24, 2015 5:52 PM To: Zheng, Kai Cc: Apache Directory Developers List

Unit test regression

2015-06-10 Thread Colm O hEigeartaigh
/AuthenticationTest.java Specially, unitTest. The GSS interop testcases are all fine. Has anything changed with regards to the client API of Kerby that would cause this? Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com

Re: Jenkins job for Kerby

2015-07-02 Thread Colm O hEigeartaigh
to notificati...@directory.apache.org, if wished we can also send them to this list. Kind Regards, Stefan [1] https://builds.apache.org/view/A-D/view/Directory/job/dir-kerby/ [2] https://issues.apache.org/jira/browse/BUILDS-86 -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com

Re: state of KDC

2015-08-19 Thread Colm O hEigeartaigh
, 2015 11:33 AM To: kerby@directory.apache.org Subject: state of KDC Can anyone summarize what our KDC can and cannot do? I want to know what features are currently supported and what not and what are in progress. thank you -- Kiran Ayyagari http://keydap.com -- Colm O hEigeartaigh

Re: Unit test regression

2015-06-30 Thread Colm O hEigeartaigh
issue I can help with. Regards, Kai -Original Message- From: Colm O hEigeartaigh [mailto:cohei...@apache.org] Sent: Monday, June 22, 2015 10:35 PM To: kerby@directory.apache.org Subject: Re: Unit test regression Thanks, that works. Colm. On Wed, Jun 10, 2015 at 12:17 PM, Zheng

Re: Token PreAuth

2015-10-08 Thread Colm O hEigeartaigh
gt; -----Original Message- > From: Colm O hEigeartaigh [mailto:cohei...@apache.org] > Sent: Tuesday, October 06, 2015 9:48 PM > To: Zheng, Kai > Cc: kerby@directory.apache.org > Subject: Re: Token PreAuth > > Hi Kai, > > Thanks for your reply. > > Actually the Token

Token PreAuth

2015-09-30 Thread Colm O hEigeartaigh
Hi all, I'm just playing around with the Token PreAuth functionality. I'm a bit confused as to how this works on the KDC side. How does the KDC verify that the JWT token is valid? I would have assumed that the token must be signed by a trusted issuer to be accepted by the KDC. Colm. -- Colm O

Failing test

2015-12-15 Thread Colm O hEigeartaigh
Hi, There is a failing test on master at the moment in the "kerby-pkix" module: TestSignedData.testContentInfo:94 null Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com

Re: Failing test

2015-12-16 Thread Colm O hEigeartaigh
It's working fine now, I guess the "Merge from pkinit-support branch" fixed the issue. Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com On Tue, Dec 15, 2015 at 11:06 PM, Zheng, Kai <kai.zh...@intel.com> wrote: > Just checked out the latest code

Re: ASN1 parsing + dumping

2016-01-07 Thread Colm O hEigeartaigh
Done: https://issues.apache.org/jira/browse/DIRKRB-523 Colm. On Thu, Jan 7, 2016 at 10:31 AM, Emmanuel Lécharny <elecha...@gmail.com> wrote: > Le 07/01/16 11:21, Colm O hEigeartaigh a écrit : > > Hi all, > > > > I notice a lot of text output in the

Re: Rename master branch to trunk and create 1.0.0-RC2 branch for the upcoming release

2016-01-05 Thread Colm O hEigeartaigh
necessary, as I don't see how users could be confused with a branch called "master", as it's the default for git. Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com On Mon, Dec 28, 2015 at 1:12 AM, Zheng, Kai <kai.zh...@intel.com> wrote: > Hi, >

Trunk failures

2016-01-05 Thread Colm O hEigeartaigh
I'm getting some trunk test failures: e.g.: testKdc(org.apache.kerby.kerberos.kerb.server.OnlyTcpKdcTest) Time elapsed: 0.076 sec <<< ERROR! java.lang.NullPointerException: null at org.apache.kerby.kerberos.kerb.server.KdcTestBase.deletePrincipals(KdcTestBase.java:152) Colm. -

Re: Building Kerby throw normal exceptions

2015-12-01 Thread Colm O hEigeartaigh
, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 1.683 sec > - in > org.apache.kerby.kerberos.kerb.integration.test.TokenLoginWithTokenPreauthEnabledTest > Picked up _JAVA_OPTIONS: -Djava.net.preferIPv4Stack=true > > Results : > > Tests run: 6, Failures: 0, Errors: 0, Skipped: 0 > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com

Re: Kerby SNAPSHOTs

2015-11-20 Thread Colm O hEigeartaigh
> To: kerby@directory.apache.org > Subject: Re: Kerby SNAPSHOTs > > Two builds were aborted, so I increased build timeout from 10 to 30 > minutes. > > Kind Regards, > Stefan > > On 11/19/2015 04:55 PM, Colm O hEigeartaigh wrote: > > No need to ask INFRA, I've upd

Re: [Announcement] New PMC Members

2015-11-20 Thread Colm O hEigeartaigh
ement] New PMC Members > > > > Hi all, > > > > Please join the PMC in welcoming Colm Ó hÉigeartaigh and Kai Zheng > accepted as the newest PMC Members. > > > > > > On behalf of the PMC of the Apache Directory project. > > > > Best regard

Re: Kerby SNAPSHOTs

2015-11-19 Thread Colm O hEigeartaigh
The mark of the immature man is that he wants to die nobly for a cause, > while the mark of the mature man is that he wants to live humbly for one.” > - Wilhelm Stekel > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com

Re: About Jenkins building on a branch

2016-01-13 Thread Colm O hEigeartaigh
urself, but need to open a Jira. Which branch(es) should it > > build, I assume only "trunk"? > > Filed issue https://issues.apache.org/jira/browse/INFRA-11072 > > > [1] https://builds.apache.org/view/A-D/view/Directory/job/dir-kerby/ > > [2] https://analysis.apache.org/jenkins/job/directory-kerby/ > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com

Admin privileges in JIRA

2016-06-15 Thread Colm O hEigeartaigh
Could someone (Emmanuel?) give me administrator privileges for Kerby in JIRA? I want to release the last two versions, which are still marked as unreleased. Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com

Kerby migration in Apache Directory?

2016-05-27 Thread Colm O hEigeartaigh
Hi all, Do we have a plan or timeline to replace the older Kerberos code in Apache Directory with Kerby? If not, does it make sense to start discussing it? Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com

Re: JWT pre-authentication - get JWT token on service side

2016-06-22 Thread Colm O hEigeartaigh
the module will send the token to KDC for a TGT to get a SGT that's to > be used in a GSS session. We have already the module, please look at > TokenAuthLoginModule. > > Regards, > Kai > > -Original Message- > From: Colm O hEigeartaigh [mailto:cohei...@apache.org] >

Re: JWT pre-authentication - get JWT token on service side

2016-06-22 Thread Colm O hEigeartaigh
data. If you put the token in the > authorization data, then after decoding it, you could extract token from > it. I remembered we had defined the AuthzToken type for this actually but > guess it's not used yet. > > Regards, > Kai > > -----Original Message- > From: Colm O hEigeartaig

Re: Admin privileges in JIRA

2016-06-16 Thread Colm O hEigeartaigh
wrote: > On 06/15/2016 06:46 PM, Colm O hEigeartaigh wrote: > > Could someone (Emmanuel?) give me administrator privileges for Kerby in > > JIRA? > > Done. > > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com

Re: Admin privileges in JIRA

2016-06-16 Thread Colm O hEigeartaigh
pushed to next release like a > release after 1.0.0 GA. > > Regards, > Kai > > -----Original Message- > From: Colm O hEigeartaigh [mailto:cohei...@apache.org] > Sent: Thursday, June 16, 2016 5:07 PM > To: kerby@directory.apache.org > Subject: Re: Admin privileges in

JWT pre-authentication - get JWT token on service side

2016-06-16 Thread Colm O hEigeartaigh
nd token attributes" Is there an example in the code to look at? Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com

Re: JWT pre-authentication - get JWT token on service side

2016-06-16 Thread Colm O hEigeartaigh
t; For the JWT pre-authentication use-case, how can I get access to the token > information on the service side? > > From the documentation: "The service authenticates the ticket, extracts > the token derivation, then enforce any advanced authorization by employing > the token d

Re: JWT pre-authentication - get JWT token on service side

2016-06-23 Thread Colm O hEigeartaigh
he KDC on the client side using > GSS? > Great question. Here what you need would be a login module using token, > and the module will send the token to KDC for a TGT to get a SGT that's to > be used in a GSS session. We have already the module, please look at > TokenAuthLoginModule. &

Re: JWT pre-authentication - get JWT token on service side

2016-06-23 Thread Colm O hEigeartaigh
ing GSS? > Regards, > Kai > > -----Original Message- > From: Colm O hEigeartaigh [mailto:cohei...@apache.org] > Sent: Wednesday, June 22, 2016 9:36 PM > To: kerby@directory.apache.org > Subject: Re: JWT pre-authentication - get JWT token on service side > > Hi all, > &

Re: JWT pre-authentication - get JWT token on service side

2016-06-23 Thread Colm O hEigeartaigh
the first place :-) Thanks again for your help, Colm. > > Regards, > Kai > > -Original Message- > From: Colm O hEigeartaigh [mailto:cohei...@apache.org] > Sent: Thursday, June 23, 2016 9:40 PM > To: kerby@directory.apache.org > Subject: Re: JWT pre-authentication - get

Re: JWT pre-authentication - get JWT token on service side

2016-06-29 Thread Colm O hEigeartaigh
Sure, no rush :-) Colm. On Wed, Jun 29, 2016 at 2:48 AM, Zheng, Kai <kai.zh...@intel.com> wrote: > Hi Colm, I will look at this late of today. Hope it works for you. > > -Original Message----- > From: Colm O hEigeartaigh [mailto:cohei...@apache.org] > Sent: Tuesday, J

Re: Status of Kerby

2016-01-26 Thread Colm O hEigeartaigh
. > 37. Enable kinit tool kdc flag options. > 38. Added the graphics for teh ASN1 hierarchy > 39. Add some javadocs > > In process and plan to do: > > 1. Clean up the JIRAs > > 2. Update the Github website and the sub-project website > > 3. Che

Re: Java platforms Kerby supports

2016-02-02 Thread Colm O hEigeartaigh
gt; Regards, > Kai > > -Original Message- > From: Colm O hEigeartaigh [mailto:cohei...@apache.org] > Sent: Tuesday, February 02, 2016 12:39 AM > To: kerby@directory.apache.org > Subject: Re: Java platforms Kerby supports > > Here is a Jenkins build for Kerby + OpenJDK 7: > &

Re: Status of Kerby

2016-02-17 Thread Colm O hEigeartaigh
start-kdc, kadmin, kinit, > klist ), you can do it according to this guide: > https://github.com/apache/directory-kerby/blob/trunk/kerby-dist/README.md > Welcome your feedbacks. > > Thanks > Jiajia > > -Original Message- > From: Colm O hEigeartaigh [mailto:cohei...@a

Re: [VOTE] Release Apache Kerby 1.0.0-RC2

2016-03-08 Thread Colm O hEigeartaigh
s/asf?p=directory-kerby.git;a=commit;h=688b4aa0ac5b675af127cf8f3c08e742ca7c9659 > > > > Staging repo: > > https://repository.apache.org/content/repositories/orgapachedirectory-1077 > > > > Source package: > > https://home.apache.org/~seelmann/kerby-1.0.0-RC2/ > > > > > > Please cast your votes: > > [ ] +1 Release Apache Kerby 1.0.0-RC2 > > [ ] 0 abstain > > [ ] -1 Do not release Apache Kerby 1.0.0-RC2 > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com

Re: Next Kerby release

2016-04-27 Thread Colm O hEigeartaigh
C3. > > What would you think about this? If sounds good, let's target this and > prepare for it! > > Regards, > Kai > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com

Re: Travel to Vancouver and Bay Area

2016-05-09 Thread Colm O hEigeartaigh
1, Zheng, Kai a écrit : > > Hi Shawn, it's great we'll be able to have a meet. Yes, the whole next > week I'll be hanging there. > > Ra... I wish I could have gone :/ > > Enjoy the trip, and have some nice meeting with Shawn and Lucas ! All my > best to all of you, guys

Re: Anonymous PKINIT signatures

2016-07-22 Thread Colm O hEigeartaigh
e can't verify > the kdc sans, edu and so on. Such as the function > cryptoRetrieveX509Sans#PkinitCrypto is marked as TODO. > > > Thanks > Jiajia > > > -Original Message- > From: Colm O hEigeartaigh [mailto:cohei...@apache.org] > Sent: Thursday, July 21, 2016

Re: Prepare for 1.0.0-RC3

2016-07-28 Thread Colm O hEigeartaigh
StackTrace(); } catch (Exception e) { e.printStackTrace(); } We should either be logging exceptions properly or propagating them accordingly. Colm. On Wed, Jul 27, 2016 at 2:01 PM, Colm O hEigeartaigh <cohei...@apache.org> wrote: > +1 for a release.

Re: Anonymous PKINIT signatures

2016-07-27 Thread Colm O hEigeartaigh
jia...@intel.com> wrote: > Hi Colm, > >> However, the client doesn't use the certificate to verify a signature, > and thus proving that the KDC knows the private key associated with the > cert. Is this correct? > You are right. I think anonymous case, not actually signed. >

Re: JWT pre-authentication - get JWT token on service side

2016-07-27 Thread Colm O hEigeartaigh
Adding this data to service tickets would > mean that the roles only intended for the KDC could now be applied to > services etc. > > It's a good thought. If you'd check the token-preauth draft, it actually > said a token derivation should be put into ticket, not the token itself. It > mea

Re: Prepare for 1.0.0-RC3

2016-07-27 Thread Colm O hEigeartaigh
ain stupid. I really > like the way Chrome and Firefox are released those days, with a quick > incremental version : each new features added deserve a separate > version, with some potential minor versions for urgent bug fixes. > > But this is something you have to discuss, my

Re: Certificate Encoding

2016-07-21 Thread Colm O hEigeartaigh
Will you make this change Jiajia, or do you want me to do it? Colm. On Mon, Jul 18, 2016 at 12:00 PM, Colm O hEigeartaigh <cohei...@apache.org> wrote: > Yes that's right. > > Colm. > > On Fri, Jul 15, 2016 at 2:08 AM, Li, Jiajia <jiajia...@intel.com> wrote: &g

Anonymous PKINIT signatures

2016-07-21 Thread Colm O hEigeartaigh
the Certificate to verify some signed data, to make sure that the KDC knows the private key associated with the Certificate... I've updated the code so that the server at least includes the "Identity" Certificate in the response to the client. Thanks, Colm. -- Colm O hEigeartaigh Talend

Re: Certificate Encoding

2016-07-18 Thread Colm O hEigeartaigh
u have some comment? Thx! > > Regards, > Kai > > -Original Message- > From: Colm O hEigeartaigh [mailto:cohei...@apache.org] > Sent: Thursday, July 07, 2016 5:39 PM > To: Li, Jiajia <jiajia...@intel.com> > Cc: kerby@directory.apache.org > Subject: Re: Certif

Re: JWT pre-authentication - get JWT token on service side

2016-07-18 Thread Colm O hEigeartaigh
work > seamlessly! > > Regards, > Kai > > -----Original Message- > From: Colm O hEigeartaigh [mailto:cohei...@apache.org] > Sent: Friday, July 08, 2016 5:16 PM > To: kerby@directory.apache.org > Subject: Re: JWT pre-authentication - get JWT token on service side > &

Re: JWT pre-authentication - get JWT token on service side

2016-07-04 Thread Colm O hEigeartaigh
token was encrypted? Thanks again, Colm. > > Regards, > Kai > > -Original Message- > From: Colm O hEigeartaigh [mailto:cohei...@apache.org] > Sent: Monday, July 04, 2016 7:52 PM > To: kerby@directory.apache.org > Cc: Zheng, Kai <kai.zh...@intel.com> > Subject:

Re: JWT pre-authentication - get JWT token on service side

2016-07-01 Thread Colm O hEigeartaigh
cCache.store(bout); > os.close(); > > // Now validate the ticket using GSS > validateServiceTicket(bout.toByteArray()); > } catch (Exception e) { > e.printStackTrace(); > Assert.fail(); > } &

Re: Failing tests

2016-09-29 Thread Colm O hEigeartaigh
ficate: > > Caused by: java.security.cert.CertificateExpiredException: NotAfter: Wed > Sep 14 02:19:59 UTC 2016 > > Maybe one has an idea how to fix, otherwise I'll have a look at the > weekend. > > Kind Regards, > Stefan > > https://builds.apache.org/view/A-D/view/Directory/

Re: Sync up

2016-09-21 Thread Colm O hEigeartaigh
to Jiajia! After some basic ramp up, Sammi will help with > her role in my side and try to move on. Thanks for the support. > > Regards, > Kai > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com

Re: Anonymous PKINIT signatures

2016-09-27 Thread Colm O hEigeartaigh
oint from here. > But what you said let me doubt myself, I will take some time to dig into > this issue. > > Thanks > Jiajia > > -Original Message- > From: Colm O hEigeartaigh [mailto:cohei...@apache.org] > Sent: Wednesday, July 27, 2016 8:59 PM > To: kerby@directory.apache

Re: Kerby

2016-11-02 Thread Colm O hEigeartaigh
> correct? > Is the code actually used in any prod env? > Thanks a lot. > > Jim -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com

Re: directory-kerby git commit: DIRKRB-640 mplement renew ticket in kinit tool.

2017-08-01 Thread Colm O hEigeartaigh
t; @@ -131,14 +162,6 @@ public class KinitTool { > ktOptions.add(KinitOption.USER_PASSWD, password); > } > > -KrbClient krbClient = null; > -try { > -krbClient = getClient(confDir); > -} catch (KrbException e) { > -Syste

Re: Kerby SgtTicket to GSS token?

2017-08-10 Thread Colm O hEigeartaigh
service. JRE doesn't provide any API allowing to hook > logics like this. Not sure if you could make it if you would try the gssapi > branch. > > Regards, > Kai > > -----Original Message- > From: Colm O hEigeartaigh [mailto:cohei...@apache.org] > Sent: Tue

Kerby SgtTicket to GSS token?

2017-07-11 Thread Colm O hEigeartaigh
Hi all, Given a Kerby SgtTicket, is it possible to translate this into a GSS token somehow? Let's say I want to invoke on a service which uses GSS to validate the ticket, but obtain the ticket in the first place using Kerby's APIs. Colm. -- Colm O hEigeartaigh Talend Community Coder http

GSSAPI branch

2017-07-21 Thread Colm O hEigeartaigh
ther fixes. If there are no objections, I'll delete the gssapi branch Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com

Feedback requested on DIRKRB-638

2017-07-27 Thread Colm O hEigeartaigh
the key from the keytab, the patch modified the GssAcceptCred to instead just get the ticket + takes the key from that. This leads to a decryption error when processing the ticket. Could someone take a look and let me know where I am going wrong? Colm. -- Colm O hEigeartaigh Talend Community

Review requested for DIRKRB-637

2017-07-26 Thread Colm O hEigeartaigh
the principal from this. Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com

Re: GSSAPI branch

2017-07-24 Thread Colm O hEigeartaigh
ely clean up. > gss-v2; > gssapi. > > Thanks Wei for the big contribution and look forward to making it work. > > Regards, > Kai > > -Original Message- > From: Colm O hEigeartaigh [mailto:cohei...@apache.org] > Sent: Friday, July 21, 2017 11:06 PM > To: kerb

Re: GSSAPI branch

2017-07-24 Thread Colm O hEigeartaigh
if you could make sure all your gssapi related codes and tests >> were made in the trunk, so we can safely clean up. >> gss-v2; >> gssapi. >> >> Thanks Wei for the big contribution and look forward to making it work. >> >> Regards, >> Kai >>

Re: GSSAPI branch

2017-07-24 Thread Colm O hEigeartaigh
erging on Friday, actually I ended up > merging the gssapi branch to trunk, not gssapi-rebase as I thought. So the > question is, what is missing for the current gssapi code on trunk before we > can release it? > > Colm. > > On Mon, Jul 24, 2017 at 9:19 AM, Colm O hEigeartaigh <c

Re: Kerby JWT support

2017-06-30 Thread Colm O hEigeartaigh
that does this for a supplied ByteBuffer value. Should this method be called implicitly by the AdToken code somehow? Or is it up to the client code to call decode on KrbToken? Colm. > > Thanks > Jiajia > > -Original Message- > From: Colm O hEigeartaigh [mailto:cohei

Re: Kerby JWT support

2017-07-04 Thread Colm O hEigeartaigh
... > > I think the AD token type is a new type which undefined in > spec(RFC4120->7.5.4. Authorization Data Types), I think this new type name > is ok. > > Thanks > Jiajia > > > -Original Message- > From: Colm O hEigeartaigh [mailto:cohei...@apache.org] &

Re: Kerby JWT support

2017-07-04 Thread Colm O hEigeartaigh
t; > Yes, set the AuthToken as the parameter of getIdentityAuthorizationData is > a good choice. > > Thanks > Jiajia > > -Original Message- > From: Colm O hEigeartaigh [mailto:cohei...@apache.org] > Sent: Tuesday, July 4, 2017 4:03 PM > To: kerby@directory.apache.org > Subject:

Re: Kerby JWT support

2017-07-03 Thread Colm O hEigeartaigh
ly by > >the AdToken code somehow? Or is it up to the client code to call decode > on KrbToken? > > I'm not very sure, I think it's up to the client code to call to decode > the KrbToken. > > Thanks > Jiajia > > > -Original Message- > From: Colm O hEigeart

Re: Kerby JWT support

2017-07-05 Thread Colm O hEigeartaigh
> > It's a good idea. > > Thanks > Jiajia > > -Original Message- > From: Colm O hEigeartaigh [mailto:cohei...@apache.org] > Sent: Tuesday, July 4, 2017 9:54 PM > To: kerby@directory.apache.org > Subject: Re: Kerby JWT support > > The problem with this is t

Re: Kerby JWT support

2017-06-28 Thread Colm O hEigeartaigh
ee what the authorization data of the ticket is on the client side, so that I can test that it was inserted correctly? Colm. > > Thanks > Jiajia > > -Original Message- > From: Colm O hEigeartaigh [mailto:cohei...@apache.org] > Sent: Monday, June 19, 2017 8:24

Re: Kerby JWT support

2017-07-05 Thread Colm O hEigeartaigh
? There are a few issues I need to clarify there to finish with the "identity" token use-case. Colm. On Wed, Jul 5, 2017 at 12:36 PM, Colm O hEigeartaigh <cohei...@apache.org> wrote: > Ok this is done, please take a look and let me know what you think. > > Colm. > > On W

Re: Kerby 1.0 GA

2017-04-26 Thread Colm O hEigeartaigh
.0.0-RC2, we have added > lots of new features and bug fixes. > And this release will include some blocking issues for Hadoop and 1.0.0 GA > will impact the next Hadoop release version 3.0.0-alpha1. > > Regards, > Jiajia > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com

Re: kadmin-remote branch status

2017-05-12 Thread Colm O hEigeartaigh
Is it merged to > master or if not is there a plan to do so? > > Colm. > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com

Re: [VOTE] - Release Apache Kerby 1.0.0 (take II)

2017-05-10 Thread Colm O hEigeartaigh
PGP key from "ws/wss4j/KEYS", please also add it to > https://www.apache.org/dist/directory/KEYS > > 2) All threee LICENSE files have a section about kerby subcomponents and > references to other (nonexisting) files, I think that should be removed. > > Kind Regards, >

[VOTE] - Release Apache Kerby 1.0.0 (take II)

2017-05-10 Thread Colm O hEigeartaigh
-1130/org/apache/kerby/kerby-all/1.0.0/ Git tag: https://git-wip-us.apache.org/repos/asf?p=directory-kerby.git;a=commit;h=b0e8f9da3cdb494c82d62c956ee35a53a52ac0ce +1 from me. Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com

kadmin-remote branch status

2017-05-11 Thread Colm O hEigeartaigh
Hi all, What is the current status of the kadmin-remote branch? Is it merged to master or if not is there a plan to do so? Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com

Re: Questions about the release

2017-05-09 Thread Colm O hEigeartaigh
sage- > From: Emmanuel Lécharny [mailto:elecha...@gmail.com] > Sent: Tuesday, May 09, 2017 7:17 AM > To: kerby@directory.apache.org > Subject: Re: Questions about the release > > > > Le 08/05/2017 à 21:40, Colm O hEigeartaigh a écrit : > > I don't th

Re: Questions about the release

2017-05-09 Thread Colm O hEigeartaigh
r. For now less change much better. > > Thanks again. > > Regards, > Kai > > -Original Message- > From: Colm O hEigeartaigh [mailto:cohei...@apache.org] > Sent: Tuesday, May 09, 2017 4:52 PM > To: kerby@directory.apache.org > Subject: Re: Questions about the r

Re: Questions about the release

2017-05-09 Thread Colm O hEigeartaigh
dle Netty + SLF4J in "kdc-dist" and only SLF4J in the tool-dist, so I think we are covered. Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com On Tue, May 9, 2017 at 11:04 AM, Emmanuel Lécharny <elecha...@gmail.com> wrote: > > > Le 09/05/2017 à 11

Re: [VOTE] - Release Apache Kerby 1.0.0 (take II)

2017-05-17 Thread Colm O hEigeartaigh
to other channels. > > > That being said, you should also start thinking about moving Kerby to a > TLP, now that 1.0 is out. Please consider doing so while discussing with > press@a.o, so that both moves are done at the same time, in order to > have more spotlights on the project. >

[ANNOUNCE] - Apache Kerby™ 1.0.0

2017-05-18 Thread Colm O hEigeartaigh
/directory-kerby.git Github site: https://github.com/apache/directory-kerby Umbrella JIRA: https://issues.apache.org/jira/browse/DIRKRB-102 Thanks to everyone who contributed to the release! Best Regards, The Apache Directory Team -- Colm O hEigeartaigh Talend Community Coder http

Re: [VOTE] - Release Apache Kerby 1.0.0 (take II)

2017-05-16 Thread Colm O hEigeartaigh
Thanks! Colm. On Tue, May 16, 2017 at 2:52 PM, Emmanuel Lécharny <elecha...@gmail.com> wrote: > > > Le 16/05/2017 à 15:42, Colm O hEigeartaigh a écrit : > > Thanks, I guess it takes +24 hours as I made some changes yesterday > morning > > that still haven't appeare

Re: [VOTE] - Release Apache Kerby 1.0.0 (take II)

2017-05-17 Thread Colm O hEigeartaigh
Is it possible to push the staging site manually? I'm still waiting to see the updates I made propagate through... Colm. On Tue, May 16, 2017 at 3:03 PM, Colm O hEigeartaigh <cohei...@apache.org> wrote: > Thanks! > > Colm. > > On Tue, May 16, 2017 at 2:52 PM, Emma

Re: [VOTE] - Release Apache Kerby 1.0.0 (take II)

2017-05-17 Thread Colm O hEigeartaigh
uel Lécharny <elecha...@gmail.com> wrote: > > > Le 17/05/2017 à 10:32, Colm O hEigeartaigh a écrit : > > Is it possible to push the staging site manually? I'm still waiting to > see > > the updates I made propagate through... > > What commit don't you see on the s

Re: [VOTE] - Release Apache Kerby 1.0.0 (take II)

2017-05-17 Thread Colm O hEigeartaigh
Yes, looks good thanks! Colm. On Wed, May 17, 2017 at 11:00 AM, Emmanuel Lécharny <elecha...@gmail.com> wrote: > That should be OK now. Can you check ? > > > Le 17/05/2017 à 11:40, Colm O hEigeartaigh a écrit : > > No the staging site is fine - the problem is that

Re: [VOTE] - Release Apache Kerby 1.0.0 (take II)

2017-05-17 Thread Colm O hEigeartaigh
What kind of announcement did you have in mind? Colm. On Wed, May 17, 2017 at 12:51 PM, Zheng, Kai <kai.zh...@intel.com> wrote: > Cool. Thanks Colm and Emmanuel. Is there any going to have an announcement > message? > > Regards, > Kai > > -Original Message-

Re: [VOTE] - Release Apache Kerby 1.0.0 (take II)

2017-05-13 Thread Colm O hEigeartaigh
;> >> Run kadmin, kinit, klist successfully. >> >> >> >> non-binding +1 from me. >> >> >> >> Regards, >> >> Frank >> >> >> >> *From:* Colm O hEigeartaigh [mailto:cohei...@apache.org >>

Re: [VOTE] - Release Apache Kerby 1.0.0 (take II)

2017-05-16 Thread Colm O hEigeartaigh
Thanks Emmanuel...where is the staging site? Colm. On Tue, May 16, 2017 at 1:12 PM, Emmanuel Lécharny <elecha...@gmail.com> wrote: > > > Le 16/05/2017 à 11:44, Colm O hEigeartaigh a écrit : > > Yes, the release is done and available in Maven central + the dist. The > >

Re: [VOTE] - Release Apache Kerby 1.0.0 (take II)

2017-05-16 Thread Colm O hEigeartaigh
ck so far? Thanks! > > Sent from iPhone > > > 在 2017年5月13日,下午9:54,Colm O hEigeartaigh <cohei...@apache.org> 写道: > > > > With all +1 votes, this vote passes. I'll do the release. > > > > Colm. > > > > On Fri, May 12, 2017 at 12:54 PM,

Re: Questions about the release

2017-05-09 Thread Colm O hEigeartaigh
Colm. On Tue, May 9, 2017 at 12:46 PM, Emmanuel Lécharny <elecha...@gmail.com> wrote: > > > Le 09/05/2017 à 12:24, Colm O hEigeartaigh a écrit : > > Thanks Emmanuel. The user would have to add zookeeper/nimbus in the poms > > before generating the distribution to a

Re: Questions about the release

2017-05-09 Thread Colm O hEigeartaigh
> modified portion" portions from the NOTICE file, but not "This product > optionally depends on" from here: > > https://github.com/netty/netty/blob/4.1/NOTICE.txt > > ? As well as any of the licenses that are referred. > > Colm. > > On Tue, May 9, 2017 a

Re: Questions about the release

2017-05-09 Thread Colm O hEigeartaigh
ay 9, 2017 at 2:37 PM, Emmanuel Lécharny <elecha...@gmail.com> wrote: > > > Le 09/05/2017 à 14:23, Colm O hEigeartaigh a écrit : > > Hi Kai, > > > > What matters is what jars we are including in the "lib". Any changes > Netty > > made to th

Re: Questions about the release

2017-05-09 Thread Colm O hEigeartaigh
Great thanks! I will re-spin the release. Colm. On Tue, May 9, 2017 at 4:01 PM, Emmanuel Lécharny <elecha...@gmail.com> wrote: > > > Le 09/05/2017 à 16:54, Colm O hEigeartaigh a écrit : > > OK I have added all of the parts from the Netty NOTICE that were > "modifi

Anonymous PKINIT support

2017-06-20 Thread Colm O hEigeartaigh
. c) Is there a way to differentiate between anonymous + authenticated PKINIT in the KDC configuration? What if you don't want to allow the anonymous case? Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com

Re: [VOTE] - Release Apache Kerby 1.0.0 (take II)

2017-05-16 Thread Colm O hEigeartaigh
kin...@apache.org> wrote: > > > On May 16, 2017, at 4:44 AM, Colm O hEigeartaigh <cohei...@apache.org> > wrote: > > > > Yes, the release is done and available in Maven central + the dist. The > website isn't updated yetis there anything I need to do to

Re: [Kerby] TGS req failing with "Unexpected item context"

2017-06-04 Thread Colm O hEigeartaigh
5: Response was not from master KDC > [1590761] 1496516355.25127: Decoding FAST response > [1590761] 1496516355.25198: FAST reply key: aes256-cts/03AB > [1590761] 1496516355.25234: TGS reply is for u...@example.com -> krbtgt/ > example@example.com with session key aes256-cts/A423 > [1590761] 1496516355.25246: Got cred; 0/Success > [1590761] 1496516355.25315: Creating authenticator for u...@example.com -> > myservice/kdc.example@example.com, seqnum 751690771, subkey > aes256-cts/91D0, session key aes256-cts/126E > > > > My best guess is that maybe I'm missing some configuration steps in my Java > code and that's causing the FAST request to fail. I couldn't find any code > examples for kerby anywhere which can help me with my use case. Does anyone > have any ideas about the above? > > Apologies again for the long email, just wanted to share my trials so far. > Have a nice weekend. > > Cheers, > Pratyush > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com

Re: MIT Kerberos compatibility

2017-06-19 Thread Colm O hEigeartaigh
t; > > Thanks > Jiajia > > -Original Message- > From: Colm O hEigeartaigh [mailto:cohei...@apache.org] > Sent: Monday, May 8, 2017 6:19 PM > To: kerby@directory.apache.org > Subject: Re: MIT Kerberos compatibility > > OK I have created a JIRA and attached a patch th

Re: MIT Kerberos compatibility

2017-06-19 Thread Colm O hEigeartaigh
ustify a new minor release. > > Regards, > Kai > > -Original Message- > From: Colm O hEigeartaigh [mailto:cohei...@apache.org] > Sent: Monday, June 19, 2017 4:45 PM > To: kerby@directory.apache.org > Subject: Re: MIT Kerberos compatibility > > Yes, it wor

Kerby JWT support

2017-06-19 Thread Colm O hEigeartaigh
y to check that it's actually getting inserted properly? Thoughts? Am I missing anything else? Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com

Re: [Kerby] TGS req failing with "Unexpected item context"

2017-06-14 Thread Colm O hEigeartaigh
nd as a comment below: > >> > >> https://issues.apache.org/jira/browse/DIRKRB-614 > >> > >> Cheers, Marc > >> > >> > >> Kai wrote: > >> > >> It seems so and we need to fix it. However, I don't see any

[CANCELLED] Re: [VOTE] - Release Apache Kerby 1.0.0

2017-05-07 Thread Colm O hEigeartaigh
te that some parts of netty are using some GPL dependencies, which > is incompatible with AL 2.0. It's mandatory to check if those dependencies > are used or not in Kerby (jboss-marshalling). > > > So I have to cast a -1 at this point :-/ > > > > Le 05/05/2017 à 15:40, Colm

Re: Questions about the release

2017-05-08 Thread Colm O hEigeartaigh
ar:1.52:compile > > [INFO] | \- commons-io:commons-io:jar:2.4:compile > > [INFO] +- junit:junit:jar:4.12:test > > [INFO] | \- org.hamcrest:hamcrest-core:jar:1.3:test > > [INFO] \- org.assertj:assertj-core:jar:2.6.0:test > > [INFO] > > > > [INFO] BUILD SUCCESS > > [INFO] > > > > [INFO] Total time: 1.527 s > > [INFO] Finished at: 2017-05-08T06:14:52+02:00 [INFO] Final Memory: > > 15M/247M [INFO] > > > > > > > > As we can see, nimbus-jose-jwt has itself some dependencies that requires > > some N (potentially, that has to be checked) : > > jcip-annotations, json-smart and bcprov-jdk15on. If nimbus-jose-jwt has > > done its job properly, its N files should already contain the required > > bits, but we must check. > > > > > > This tas has to be ran on all the modules that have noapache and > non-tests > > dependencies... > > > > > > -- > > Emmanuel Lecharny > > > > Symas.com > > directory.apache.org > > > > -- > Regards, > Cordialement, > Emmanuel Lécharny > www.iktek.com > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com

Re: MIT Kerberos compatibility

2017-05-08 Thread Colm O hEigeartaigh
s again and made > improvements. Would you check it out? Thanks! > > Sent from iPhone > > > 在 2017年5月6日,上午6:28,Zheng, Kai <kai.zh...@intel.com> 写道: > > > > Thanks colm for the clarification and it sounds an issue we need to > address. I will investigate it s

Re: MIT Kerberos compatibility

2017-05-08 Thread Colm O hEigeartaigh
nd > improve the default transport. We probably shouldn't introduce more changes > to get the release out. Note please prefer to use the TCP transport over > the UDP one, in today's world. > > Regards, > Kai > > -Original Message- > From: Colm O hEigeartaigh [mailto:

Re: MIT Kerberos compatibility

2017-05-08 Thread Colm O hEigeartaigh
; the new failures? Any difference between the failed GSS tests and the Kerby > GSS tests? > > Regards, > Kai > > -----Original Message- > From: Colm O hEigeartaigh [mailto:cohei...@apache.org] > Sent: Monday, May 08, 2017 5:42 PM > To: Zheng, Kai <kai.zh...@intel

  1   2   >