Apache Kerby 1.0.0-RC1 Release Note

In this release 236 JIRA issues were resolved and the following features are supported:

  1. Kerberos libraries:
  • Client
  • KDC server
  • Kadmin
  • Credential cache and keytab utilities

  1. Standalone KDC server .

  2. Support for various identity backends:

  • In-memory
  • JSON
  • LDAP
  • Mavibot(MVCC BTree)
  • Zookeeper

  1. Embedded KDC server allows easy integration into products for unit tests or production deployment.

  2. FAST/Preauthentication framework to allow popular and useful authentication mechanisms.

  3. Token Preauth mechanism to allow clients to request tickets using JWT tokens.

  4. Client can request a TGT with:

  • User plain password credential
  • User keyTab
  • User token credential
  1. Client can request a service ticket with:
  • user TGT credential for a server
  • user AccessToken credential for a server
  1. Network support including UDP and TCP transport with two implementations:
  • Default implementation based on the JRE without depending on other libraries.
  • Netty based implementation for better throughput, lower latency.
  1. Tools:
  • kdcinit: Initialize and prepare KDC, like choose storage type, setting up necessary principals (tgs, kadmin) etc.
  • kadmin: Command-line interfaces to administration system.
  • kinit: Obtains and caches an initial ticket-granting ticket for principal.
  • klist: Lists the Kerby principal and tickets held in a credentials cache, or the keys held in a keytab file.

  1. Support for JAAS, GSSAPI and SASL frameworks that applications can leverage the authentication mechanisms provided by Kerby.

  2. Building support: checking style and find bugs.