|
Home > Archive > Apache Directory Project > August 2007 > [OT]Where is the source code for kerberos client?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
[OT]Where is the source code for kerberos client?
|
|
| Leo Li 2007-08-31, 1:11 am |
| Hi, all
I am Leo, from apache harmony project.
Harmony is now exploring for an Open Source implementation for JGSS
provider, whose mainly job is to work as a kerberos client to interact with
KDC.
So does directory project has such an Java implementation of kerberos
client? If so, it can save us from rewriting such feature and wrap it as a
JGSS provider.
Thanks.
--
Leo Li
China Software Development Lab, IBM
| |
| Emmanuel Lecharny 2007-08-31, 1:11 am |
| Hi Leo,
we don't have a lot of time currently to give you a sharp response, as
we are just in the middle of a release.
here are the places were you can find the kerberos source code in ADS :
http://svn.apache.org/viewvc/direct...erberos-shared/
and
http://svn.apache.org/viewvc/direct...tocol-kerberos/
These parts will be deeply rework in the next few months.
Please come back in two weeks, we will be available for more detailed
explanations.
Emmanuel
On 8/31/07, Leo Li <liyilei1979-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> Hi, all
> I am Leo, from apache harmony project.
> Harmony is now exploring for an Open Source implementation for JGSS
> provider, whose mainly job is to work as a kerberos client to interact wi=
th
> KDC.
> So does directory project has such an Java implementation of kerbero=
s
> client? If so, it can save us from rewriting such feature and wrap it as =
a
> JGSS provider.
>
> Thanks.
> --
> Leo Li
> China Software Development Lab, IBM
--=20
Regards,
Cordialement,
Emmanuel L=E9charny
www.iktek.com
| |
| Emmanuel Lecharny 2007-08-31, 1:11 am |
| Leo,
just a Q, how does it relates with the current org.ietf.jgss
implementation into the Harmony classes which are marked as
'completed' (http://people.apache.org/~apetrenko...5vsharmony5.ja=
vajavax.html#pkg_javax_xml_xpath)
?
On 8/31/07, Emmanuel Lecharny <elecharny-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> Hi Leo,
>
> we don't have a lot of time currently to give you a sharp response, as
> we are just in the middle of a release.
>
> here are the places were you can find the kerberos source code in ADS :
> http://svn.apache.org/viewvc/direct...erberos-shared/
> and
> http://svn.apache.org/viewvc/direct...tocol-kerberos/
>
> These parts will be deeply rework in the next few months.
>
> Please come back in two weeks, we will be available for more detailed
> explanations.
>
> Emmanuel
>
> On 8/31/07, Leo Li <liyilei1979-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
S[vbcol=seagreen]
with[vbcol=seagreen]
ros[vbcol=seagreen]
s a[vbcol=seagreen]
>
>
> --
> Regards,
> Cordialement,
> Emmanuel L=E9charny
> www.iktek.com
>
--=20
Regards,
Cordialement,
Emmanuel L=E9charny
www.iktek.com
| |
| Enrique Rodriguez 2007-08-31, 1:11 am |
| On 8/30/07, Leo Li <liyilei1979-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> ...
> So does directory project has such an Java implementation of kerberos
> client? If so, it can save us from rewriting such feature and wrap it as a
> JGSS provider.
Hi, Leo,
The links from Emmanuel are the shared (kerberos-shared) and
server-side (protocol-kerberos) components for Kerberos that are in
the Directory trunk. What you are looking for is the kerberos client
(not in the trunk, but which uses kerberos-shared) at:
http://svn.apache.org/repos/asf/dir...trunk/kerberos/
There is draft doco at:
http://cwiki.apache.org/confluence/...ient+components
Please note this is a client-side *component* for Kerberos, meaning it
is not a CLI or GUI client. But, that is likely what you want for
JGSS, anyway. We use this for integration tests for the Kerberos
server running in ApacheDS, in JUnit tests.
We need to complete support for client-side handling during
pre-authentication, but most everything works. I am planning to
re-engage pre-authentication when our current trunk code freeze is
over so we should have this client pretty well cleaned up in the next
month or so.
Enrique
| |
| Leo Li 2007-08-31, 1:11 am |
| On 8/31/07, Emmanuel Lecharny <elecharny-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> Leo,
>
> just a Q, how does it relates with the current org.ietf.jgss
> implementation into the Harmony classes which are marked as
> 'completed' (
> http://people.apache.org/~apetrenko...javax_xml_xpath
> )
> ?
Thank you Emmanuel. I will be back in a few weeks.
The org.ietf.jgss package is just a framework and the GSSManager is a
class factory and will get service provider from an GSSManager
implementation. Users can specify their preferred ones by configuration.
Furthermore, normally, the class library will provide a default service
provider and is not part of public API, for example, the
sun.security.auth.jgss.GSSManagerImpl.
So just from the view of public API, harmony has completed the feature of
jgss, but actually it will not work unless a 3rd party jgss provider is
specified since we do not have a default one.
> On 8/31/07, Emmanuel Lecharny <elecharny-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> JGSS
> with
> kerberos
> as a
>
>
> --
> Regards,
> Cordialement,
> Emmanuel Lécharny
> www.iktek.com
>
--
Leo Li
China Software Development Lab, IBM
| |
| Leo Li 2007-08-31, 1:11 am |
| On 8/31/07, Enrique Rodriguez <enriquer9-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
> On 8/30/07, Leo Li <liyilei1979-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> kerberos
> a
>
> Hi, Leo,
>
> The links from Emmanuel are the shared (kerberos-shared) and
> server-side (protocol-kerberos) components for Kerberos that are in
> the Directory trunk. What you are looking for is the kerberos client
> (not in the trunk, but which uses kerberos-shared) at:
>
> http://svn.apache.org/repos/asf/dir...trunk/kerberos/
>
> There is draft doco at:
>
>
> http://cwiki.apache.org/confluence/...ient+components
>
> Please note this is a client-side *component* for Kerberos, meaning it
> is not a CLI or GUI client. But, that is likely what you want for
> JGSS, anyway. We use this for integration tests for the Kerberos
> server running in ApacheDS, in JUnit tests.
Thank you, Enrique.
Yes, what we need are the classes for a library.
We need to complete support for client-side handling during
> pre-authentication, but most everything works. I am planning to
> re-engage pre-authentication when our current trunk code freeze is
> over so we should have this client pretty well cleaned up in the next
> month or so.
No problem.We are just making a plan whether we shall implement this
feature ourselves and I think we have found enough luck and help from
directory project.
Enrique
>
--
Leo Li
China Software Development Lab, IBM
|
|
|
|
|