Details

    • Type: New Feature New Feature
    • Status: In Progress
    • Priority: Minor Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: 2.0.0-RC2
    • Component/s: None
    • Labels:
      None

      Description

      We could really use our own Kerberos client library. We have a lot of the necessary code in kerberos-shared. We would use this for:
      o Integration tests
      o Experimental pre-authentication types
      o Experimental authorization mechanisms

        Activity

        Hide
        Emmanuel Lecharny added a comment -

        I'll add a really new RFC, ublished on march 2013 : http://www.ietf.org/rfc/rfc6880.txt

        Show
        Emmanuel Lecharny added a comment - I'll add a really new RFC, ublished on march 2013 : http://www.ietf.org/rfc/rfc6880.txt
        Hide
        Steve Moyer added a comment -

        Preliminary (light-weight) specifications for a cross-platform client:

        Server support

        The Kerberos Client shall support the following servers:

        • Active Directory Kerberos server
        • Apache Directory Server Kerberos server
        • Heimdal Kerberos server
        • MIT Kerberos server

        Client functionality

        The client functionality shall be available from the KerberosClient class. It's functions shall be divided into the following three categories:

        • Authentication
        • Self-serve password changing (kpasswd)
        • Administration of principals (kadmin)

        Each of these categories provide the functions listed in the sections below.

        Authentication

        • Authenticate
        • Get TGT
        • Get TGS

        Self-serve password changing (kpasswd - see the protocol in the references below for command description, syntax and responses)

        • QUIT
        • CHECKPW
        • CHANGEPW
        • MOTD
        • MIME
        • LANGUAGE

        Administration of principals (kadmin - see the protocol in the references below for command descriptions, syntax and responses)

        • ADD-PRINCIPAL
        • DELETE-PRINCIPAL
        • RENAME-PRINCIPAL
        • MODIFY-PRINCIPAL
        • OTHER-CHANGEPW
        • OTHER-RANDOM-CHANGEPW
        • INQUIRE-PRINCIPAL
        • EXTRACT-KEY (*+)
        • ADD-KEY
        • DELETE-KEY

        References:

        RFC4120 - The Kerberos Network Authentication Service (V5)
        RFC3244 - Microsoft Windows 2000 Kerberos Change Password and Set Password Protocols
        kadmin.protocol - A Proposal for a Standardized Kerberos Password Changing Protocol
        kpasswd.protocol - A Proposal for a Standardized Kerberos Password Changing Protocol

        Show
        Steve Moyer added a comment - Preliminary (light-weight) specifications for a cross-platform client: Server support The Kerberos Client shall support the following servers: Active Directory Kerberos server Apache Directory Server Kerberos server Heimdal Kerberos server MIT Kerberos server Client functionality The client functionality shall be available from the KerberosClient class. It's functions shall be divided into the following three categories: Authentication Self-serve password changing (kpasswd) Administration of principals (kadmin) Each of these categories provide the functions listed in the sections below. Authentication Authenticate Get TGT Get TGS Self-serve password changing (kpasswd - see the protocol in the references below for command description, syntax and responses) QUIT CHECKPW CHANGEPW MOTD MIME LANGUAGE Administration of principals (kadmin - see the protocol in the references below for command descriptions, syntax and responses) ADD-PRINCIPAL DELETE-PRINCIPAL RENAME-PRINCIPAL MODIFY-PRINCIPAL OTHER-CHANGEPW OTHER-RANDOM-CHANGEPW INQUIRE-PRINCIPAL EXTRACT-KEY (*+) ADD-KEY DELETE-KEY References: RFC4120 - The Kerberos Network Authentication Service (V5) RFC3244 - Microsoft Windows 2000 Kerberos Change Password and Set Password Protocols kadmin.protocol - A Proposal for a Standardized Kerberos Password Changing Protocol kpasswd.protocol - A Proposal for a Standardized Kerberos Password Changing Protocol
        Hide
        Emmanuel Lecharny added a comment -

        Postponed to 1.5.8

        Show
        Emmanuel Lecharny added a comment - Postponed to 1.5.8
        Hide
        Emmanuel Lecharny added a comment -

        The client exists, let's add some more flesh around the bones in 1.5.5

        Show
        Emmanuel Lecharny added a comment - The client exists, let's add some more flesh around the bones in 1.5.5
        Hide
        Enrique Rodriguez added a comment -

        There is already an empty clients subproject with a module for Kerberos:
        http://svn.apache.org/viewvc/directory/clients/trunk/kerberos

        Show
        Enrique Rodriguez added a comment - There is already an empty clients subproject with a module for Kerberos: http://svn.apache.org/viewvc/directory/clients/trunk/kerberos

          People

          • Assignee:
            Enrique Rodriguez
            Reporter:
            Enrique Rodriguez
          • Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:

              Development