commit | 4a56178f53b3740dc66be3f96da2ab8ed732d3f7 | [log] [tgz] |
---|---|---|
author | Colm O hEigeartaigh <coheigea@apache.org> | Tue May 09 22:22:36 2017 +0100 |
committer | Colm O hEigeartaigh <coheigea@apache.org> | Tue May 09 22:22:36 2017 +0100 |
tree | 56ea66481cef0d4a255f100592725a40ccbd7fe9 | |
parent | 87dbae34f7ae46b9c8e307fcd593159dfd47935a [diff] |
*sigh* Revert "[maven-release-plugin] prepare release kerby-all-1.0.0" This reverts commit 87dbae34f7ae46b9c8e307fcd593159dfd47935a.
Apache Kerby, as an Apache Directory sub project, is a Java Kerberos binding. It provides a rich, intuitive and interoperable implementation, library, KDC and various facilities that integrates PKI, OTP and token (OAuth2) as desired in modern environments such as cloud, Hadoop and mobile.
A Krb client API for applications to interact with KDC.
Please look at kerb-client for details.
Server side admin facilities.
Please look at kerb-admin for details.
Kerberos Server API.
Please look at kerb-server for details.
A simplified Kdc server. It can be imported by other project to work as a kdc server.
Please look at kerb-simplekdc for details.
A model driven ASN-1 encoding and decoding framework implemented with Java.
Please look at kerby-asn1 for details.
Please look at Kerby KDC for details.
Similar to MIT krb5 encryption types:
Encryption Type | Description |
---|---|
des-cbc-crc | DES cbc mode with CRC-32 (weak) |
des-cbc-md4 | DES cbc mode with RSA-MD4 (weak) |
des-cbc-md5 | DES cbc mode with RSA-MD5 (weak) |
des3-cbc-sha1 des3-hmac-sha1 des3-cbc-sha1-kd | Triple DES cbc mode with HMAC/sha1 |
des-hmac-sha1 | DES with HMAC/sha1 (weak) |
aes256-cts-hmac-sha1-96 aes256-cts AES-256 | CTS mode with 96-bit SHA-1 HMAC |
aes128-cts-hmac-sha1-96 aes128-cts AES-128 | CTS mode with 96-bit SHA-1 HMAC |
arcfour-hmac rc4-hmac arcfour-hmac-md5 | RC4 with HMAC/MD5 |
arcfour-hmac-exp rc4-hmac-exp arcfour-hmac-md5-exp | Exportable RC4 with HMAC/MD5 (weak) |
camellia256-cts-cmac camellia256-cts | Camellia-256 CTS mode with CMAC |
camellia128-cts-cmac camellia128-cts | Camellia-128 CTS mode with CMAC |
des | The DES family: des-cbc-crc, des-cbc-md5, and des-cbc-md4 (weak) |
des3 | The triple DES family: des3-cbc-sha1 |
aes | The AES family: aes256-cts-hmac-sha1-96 and aes128-cts-hmac-sha1-96 |
rc4 | The RC4 family: arcfour-hmac |
camellia | The Camellia family: camellia256-cts-cmac and camellia128-cts-cmac |
A standalone KDC server that can integrate various identity backends including:
The Apache Kerby is also available as a Maven dependency.
<dependency> <groupId>org.apache.kerby</groupId> <artifactId>kerb-client-api-all</artifactId> <version>${kerby-version}</version> </dependency>
<dependency> <groupId>org.apache.kerby</groupId> <artifactId>kerb-server-api-all</artifactId> <version>${kerby-version}</version> </dependency>
<dependency> <groupId>org.apache.kerby</groupId> <artifactId>kerby-asn1</artifactId> <version>${kerby-version}</version> </dependency>
<dependency> <groupId>org.apache.kerby</groupId> <artifactId>kerb-simplekdc</artifactId> <version>${kerby-version}/version> </dependency>
Apache License V2.0
Sub-task
[DIRKRB-247] - Kerby's KDC supports MIT's kinit [DIRKRB-421] - Define transaction API for identity backend [DIRKRB-422] - Enhance json backend to support transaction for reasonable efficiency [DIRKRB-478] - Refine and enhance the client side library [DIRKRB-524] - XDR (RFC 4506) support
Bug
[DIRKRB-583] - Validate payload length declared in keytab [DIRKRB-584] - NPE if the token issuers value is not specified [DIRKRB-585] - Allow for optional expiry + NotBefore claims when processing a JWT token [DIRKRB-586] - NPE in KdcHandler on an Exception [DIRKRB-613] - Tests fails on systems with includedir in /etc/krb5.conf [DIRKRB-621] - 0x502 version keytab with multiple entries are not read properly [DIRKRB-624] - KdcServerTest failed with exception [DIRKRB-626] - Some improvement work for exception handling [DIRKRB-627] - Kerby hangs when the service principal is not known
Improvement
[DIRKRB-416] - Allow to support transaction for backend [DIRKRB-459] - Enhance the support for MIT krb5.conf configuration format [DIRKRB-482] - Break down KrbOption [DIRKRB-587] - Load JWT verification key from classpath as well [DIRKRB-588] - Support validation keys in different formats [DIRKRB-607] - Improve Simple KDC Server to be thread safe [DIRKRB-623] - Move the backend releated tests to backend modules
Task
[DIRKRB-155] - Add the missing Javadoc for kerby-asn1 module [DIRKRB-532] - Encode and decode XDR: Union and Struct
105 JIRA issues were resolved and with the following Features and important changes since 1.0.0-RC1: