Apache Kerby 1.0.0-RC1 Release Note
In this release 236 JIRA issues were resolved and the following features are supported:
- Kerberos libraries:
- Client
- KDC server
- Kadmin
- Credential cache and keytab utilities
Standalone KDC server .
Support for various identity backends:
- In-memory
- JSON
- LDAP
- Mavibot(MVCC BTree)
- Zookeeper
Embedded KDC server allows easy integration into products for unit tests or production deployment.
FAST/Preauthentication framework to allow popular and useful authentication mechanisms.
Token Preauth mechanism to allow clients to request tickets using JWT tokens.
Client can request a TGT with:
- User plain password credential
- User keyTab
- User token credential
- Client can request a service ticket with:
- user TGT credential for a server
- user AccessToken credential for a server
- Network support including UDP and TCP transport with two implementations:
- Default implementation based on the JRE without depending on other libraries.
- Netty based implementation for better throughput, lower latency.
- Tools:
- kdcinit: Initialize and prepare KDC, like choose storage type, setting up necessary principals (tgs, kadmin) etc.
- kadmin: Command-line interfaces to administration system.
- kinit: Obtains and caches an initial ticket-granting ticket for principal.
- klist: Lists the Kerby principal and tickets held in a credentials cache, or the keys held in a keytab file.
Support for JAAS, GSSAPI and SASL frameworks that applications can leverage the authentication mechanisms provided by Kerby.
Building support: checking style and find bugs.