trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/KerberosConfig.java - directory-server - Git at Google

 /*
  *  Licensed to the Apache Software Foundation (ASF) under one
  *  or more contributor license agreements.  See the NOTICE file
  *  distributed with this work for additional information
  *  regarding copyright ownership.  The ASF licenses this file
  *  to you under the Apache License, Version 2.0 (the
  *  "License"); you may not use this file except in compliance
  *  with the License.  You may obtain a copy of the License at
  *
  *    http://www.apache.org/licenses/LICENSE-2.0
  *
  *  Unless required by applicable law or agreed to in writing,
  *  software distributed under the License is distributed on an
  *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  *  KIND, either express or implied.  See the License for the
  *  specific language governing permissions and limitations
  *  under the License.
  *
  */
 package org.apache.directory.server.kerberos;


 import java.util.HashSet;
 import java.util.Set;

 import javax.security.auth.kerberos.KerberosPrincipal;

 import org.apache.directory.server.constants.ServerDNConstants;
 import org.apache.directory.shared.kerberos.KerberosUtils;
 import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
 import org.apache.directory.shared.kerberos.codec.types.PrincipalNameType;


 /**
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  */
 public class KerberosConfig
 {

     /** The default kdc service principal */
     public static final String DEFAULT_PRINCIPAL = "krbtgt/EXAMPLE.COM@EXAMPLE.COM";

     /** The default kdc realm */
     public static final String DEFAULT_REALM = "EXAMPLE.COM";

     /** The default allowable clockskew */
     public static final long DEFAULT_ALLOWABLE_CLOCKSKEW = 5 * 60000;

     /** The default for allowing empty addresses */
     public static final boolean DEFAULT_EMPTY_ADDRESSES_ALLOWED = true;

     /** The default for requiring encrypted timestamps */
     public static final boolean DEFAULT_PA_ENC_TIMESTAMP_REQUIRED = true;

     /** The default for the maximum ticket lifetime */
     public static final int DEFAULT_TGS_MAXIMUM_TICKET_LIFETIME = 60000 * 1440;

     /** The default for the minimum ticket lifetime, 4 minutes */
     public static final int DEFAULT_TGS_MINIMUM_TICKET_LIFETIME = 60000 * 4;

     /** The default for the maximum renewable lifetime */
     public static final int DEFAULT_TGS_MAXIMUM_RENEWABLE_LIFETIME = 60000 * 10080;

     /** The default for allowing forwardable tickets */
     public static final boolean DEFAULT_TGS_FORWARDABLE_ALLOWED = true;

     /** The default for allowing proxiable tickets */
     public static final boolean DEFAULT_TGS_PROXIABLE_ALLOWED = true;

     /** The default for allowing postdated tickets */
     public static final boolean DEFAULT_TGS_POSTDATED_ALLOWED = true;

     /** The default for allowing renewable tickets */
     public static final boolean DEFAULT_TGS_RENEWABLE_ALLOWED = true;

     /** The default for verifying the body checksum */
     public static final boolean DEFAULT_VERIFY_BODY_CHECKSUM = true;

     /** The default encryption types */
     public static final String[] DEFAULT_ENCRYPTION_TYPES = new String[]
         { "aes128-cts-hmac-sha1-96", "des-cbc-md5", "des3-cbc-sha1-kd" };

     /** The primary realm */
     private String primaryRealm = KerberosConfig.DEFAULT_REALM;

     /** The service principal name. */
     private String servicePrincipal = KerberosConfig.DEFAULT_PRINCIPAL;

     /** The allowable clock skew. */
     private long allowableClockSkew = KerberosConfig.DEFAULT_ALLOWABLE_CLOCKSKEW;

     /** Whether pre-authentication by encrypted timestamp is required. */
     private boolean isPaEncTimestampRequired = KerberosConfig.DEFAULT_PA_ENC_TIMESTAMP_REQUIRED;

     /** The maximum ticket lifetime. */
     private long maximumTicketLifetime = KerberosConfig.DEFAULT_TGS_MAXIMUM_TICKET_LIFETIME;

     /** The minimum ticket lifetime. */
     private long minimumTicketLifetime = KerberosConfig.DEFAULT_TGS_MINIMUM_TICKET_LIFETIME;

     /** The maximum renewable lifetime. */
     private long maximumRenewableLifetime = KerberosConfig.DEFAULT_TGS_MAXIMUM_RENEWABLE_LIFETIME;

     /** Whether empty addresses are allowed. */
     private boolean isEmptyAddressesAllowed = KerberosConfig.DEFAULT_EMPTY_ADDRESSES_ALLOWED;

     /** Whether forwardable addresses are allowed. */
     private boolean isForwardableAllowed = KerberosConfig.DEFAULT_TGS_FORWARDABLE_ALLOWED;

     /** Whether proxiable addresses are allowed. */
     private boolean isProxiableAllowed = KerberosConfig.DEFAULT_TGS_PROXIABLE_ALLOWED;

     /** Whether postdated tickets are allowed. */
     private boolean isPostdatedAllowed = KerberosConfig.DEFAULT_TGS_POSTDATED_ALLOWED;

     /** Whether renewable tickets are allowed. */
     private boolean isRenewableAllowed = KerberosConfig.DEFAULT_TGS_RENEWABLE_ALLOWED;

     /** Whether to verify the body checksum. */
     private boolean isBodyChecksumVerified = KerberosConfig.DEFAULT_VERIFY_BODY_CHECKSUM;

     /** The encryption types. */
     private Set<EncryptionType> encryptionTypes;

     /* cached kerberos/changepassword service principal */
     private KerberosPrincipal srvPrincipal;

     private String searchBaseDn;


     public KerberosConfig()
     {
         setSearchBaseDn( ServerDNConstants.USER_EXAMPLE_COM_DN );
         prepareEncryptionTypes();
     }


     /**
      * Returns the allowable clock skew.
      *
      * @return The allowable clock skew.
      */
     public long getAllowableClockSkew()
     {
         return allowableClockSkew;
     }


     /**
      * @return the isEmptyAddressesAllowed
      */
     public boolean isEmptyAddressesAllowed()
     {
         return isEmptyAddressesAllowed;
     }


     /**
      * @return the isForwardableAllowed
      */
     public boolean isForwardableAllowed()
     {
         return isForwardableAllowed;
     }


     /**
      * @return the isPostdatedAllowed
      */
     public boolean isPostdatedAllowed()
     {
         return isPostdatedAllowed;
     }


     /**
      * @return the isProxiableAllowed
      */
     public boolean isProxiableAllowed()
     {
         return isProxiableAllowed;
     }


     /**
      * @return the isRenewableAllowed
      */
     public boolean isRenewableAllowed()
     {
         return isRenewableAllowed;
     }


     /**
      * @return the maximumRenewableLifetime
      */
     public long getMaximumRenewableLifetime()
     {
         return maximumRenewableLifetime;
     }


     /**
      * @return the maximumTicketLifetime
      */
     public long getMaximumTicketLifetime()
     {
         return maximumTicketLifetime;
     }


     /**
      * @param allowableClockSkew the allowableClockSkew to set
      */
     public void setAllowableClockSkew( long allowableClockSkew )
     {
         this.allowableClockSkew = allowableClockSkew;
     }


     /**
      * Initialize the encryptionTypes set
      *
      * @param encryptionTypes the encryptionTypes to set
      */
     public void setEncryptionTypes( EncryptionType[] encryptionTypes )
     {
         if ( encryptionTypes != null )
         {
             this.encryptionTypes.clear();

             for ( EncryptionType encryptionType : encryptionTypes )
             {
                 this.encryptionTypes.add( encryptionType );
             }
         }

         this.encryptionTypes = KerberosUtils.orderEtypesByStrength( this.encryptionTypes );
     }


     /**
      * Initialize the encryptionTypes set
      *
      * @param encryptionTypes the encryptionTypes to set
      */
     public void setEncryptionTypes( Set<EncryptionType> encryptionTypes )
     {
         this.encryptionTypes = KerberosUtils.orderEtypesByStrength( encryptionTypes );
     }


     /**
      * @param isEmptyAddressesAllowed the isEmptyAddressesAllowed to set
      */
     public void setEmptyAddressesAllowed( boolean isEmptyAddressesAllowed )
     {
         this.isEmptyAddressesAllowed = isEmptyAddressesAllowed;
     }


     /**
      * @param isForwardableAllowed the isForwardableAllowed to set
      */
     public void setForwardableAllowed( boolean isForwardableAllowed )
     {
         this.isForwardableAllowed = isForwardableAllowed;
     }


     /**
      * @param isPaEncTimestampRequired the isPaEncTimestampRequired to set
      */
     public void setPaEncTimestampRequired( boolean isPaEncTimestampRequired )
     {
         this.isPaEncTimestampRequired = isPaEncTimestampRequired;
     }


     /**
      * @param isPostdatedAllowed the isPostdatedAllowed to set
      */
     public void setPostdatedAllowed( boolean isPostdatedAllowed )
     {
         this.isPostdatedAllowed = isPostdatedAllowed;
     }


     /**
      * @param isProxiableAllowed the isProxiableAllowed to set
      */
     public void setProxiableAllowed( boolean isProxiableAllowed )
     {
         this.isProxiableAllowed = isProxiableAllowed;
     }


     /**
      * @param isRenewableAllowed the isRenewableAllowed to set
      */
     public void setRenewableAllowed( boolean isRenewableAllowed )
     {
         this.isRenewableAllowed = isRenewableAllowed;
     }


     /**
      * @param kdcPrincipal the kdcPrincipal to set
      */
     public void setServicePrincipal( String kdcPrincipal )
     {
         this.servicePrincipal = kdcPrincipal;
     }


     /**
      * @param maximumRenewableLifetime the maximumRenewableLifetime to set
      */
     public void setMaximumRenewableLifetime( long maximumRenewableLifetime )
     {
         this.maximumRenewableLifetime = maximumRenewableLifetime;
     }


     /**
      * @param maximumTicketLifetime the maximumTicketLifetime to set
      */
     public void setMaximumTicketLifetime( long maximumTicketLifetime )
     {
         this.maximumTicketLifetime = maximumTicketLifetime;
     }


     /**
      * @param primaryRealm the primaryRealm to set
      */
     public void setPrimaryRealm( String primaryRealm )
     {
         this.primaryRealm = primaryRealm;
     }


     /**
      * Returns the primary realm.
      *
      * @return The primary realm.
      */
     public String getPrimaryRealm()
     {
         return primaryRealm;
     }


     /**
      * Returns the service principal for this KDC/changepwd service.
      *
      * @return The service principal for this KDC/changepwd service.
      */
     public KerberosPrincipal getServicePrincipal()
     {
         if ( srvPrincipal == null )
         {
             srvPrincipal = new KerberosPrincipal( servicePrincipal, PrincipalNameType.KRB_NT_SRV_INST.getValue() );
         }

         return srvPrincipal;
     }


     /**
      * Returns the encryption types.
      *
      * @return The encryption types.
      */
     public Set<EncryptionType> getEncryptionTypes()
     {
         return encryptionTypes;
     }


     /**
      * Returns whether pre-authentication by encrypted timestamp is required.
      *
      * @return Whether pre-authentication by encrypted timestamp is required.
      */
     public boolean isPaEncTimestampRequired()
     {
         return isPaEncTimestampRequired;
     }


     /**
      * @return the isBodyChecksumVerified
      */
     public boolean isBodyChecksumVerified()
     {
         return isBodyChecksumVerified;
     }


     /**
      * @param isBodyChecksumVerified the isBodyChecksumVerified to set
      */
     public void setBodyChecksumVerified( boolean isBodyChecksumVerified )
     {
         this.isBodyChecksumVerified = isBodyChecksumVerified;
     }


     public String getSearchBaseDn()
     {
         return searchBaseDn;
     }


     public void setSearchBaseDn( String searchBaseDn )
     {
         this.searchBaseDn = searchBaseDn;
     }


     public long getMinimumTicketLifetime()
     {
         return minimumTicketLifetime;
     }


     public void setMinimumTicketLifetime( long minimumTicketLifetime )
     {
         this.minimumTicketLifetime = minimumTicketLifetime;
     }


     /**
      * Construct an HashSet containing the default encryption types
      */
     private void prepareEncryptionTypes()
     {
         String[] encryptionTypeStrings = KerberosConfig.DEFAULT_ENCRYPTION_TYPES;

         encryptionTypes = new HashSet<EncryptionType>();

         for ( String enc : encryptionTypeStrings )
         {
             for ( EncryptionType type : EncryptionType.getEncryptionTypes() )
             {
                 if ( type.getName().equalsIgnoreCase( enc ) )
                 {
                     encryptionTypes.add( type );
                 }
             }
         }

         encryptionTypes = KerberosUtils.orderEtypesByStrength( encryptionTypes );
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*
	*/
	package org.apache.directory.server.kerberos;


	import java.util.HashSet;
	import java.util.Set;

	import javax.security.auth.kerberos.KerberosPrincipal;

	import org.apache.directory.server.constants.ServerDNConstants;
	import org.apache.directory.shared.kerberos.KerberosUtils;
	import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
	import org.apache.directory.shared.kerberos.codec.types.PrincipalNameType;


	/**
	* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
	*/
	public class KerberosConfig
	{

	/** The default kdc service principal */
	public static final String DEFAULT_PRINCIPAL = "krbtgt/EXAMPLE.COM@EXAMPLE.COM";

	/** The default kdc realm */
	public static final String DEFAULT_REALM = "EXAMPLE.COM";

	/** The default allowable clockskew */
	public static final long DEFAULT_ALLOWABLE_CLOCKSKEW = 5 * 60000;

	/** The default for allowing empty addresses */
	public static final boolean DEFAULT_EMPTY_ADDRESSES_ALLOWED = true;

	/** The default for requiring encrypted timestamps */
	public static final boolean DEFAULT_PA_ENC_TIMESTAMP_REQUIRED = true;

	/** The default for the maximum ticket lifetime */
	public static final int DEFAULT_TGS_MAXIMUM_TICKET_LIFETIME = 60000 * 1440;

	/** The default for the minimum ticket lifetime, 4 minutes */
	public static final int DEFAULT_TGS_MINIMUM_TICKET_LIFETIME = 60000 * 4;

	/** The default for the maximum renewable lifetime */
	public static final int DEFAULT_TGS_MAXIMUM_RENEWABLE_LIFETIME = 60000 * 10080;

	/** The default for allowing forwardable tickets */
	public static final boolean DEFAULT_TGS_FORWARDABLE_ALLOWED = true;

	/** The default for allowing proxiable tickets */
	public static final boolean DEFAULT_TGS_PROXIABLE_ALLOWED = true;

	/** The default for allowing postdated tickets */
	public static final boolean DEFAULT_TGS_POSTDATED_ALLOWED = true;

	/** The default for allowing renewable tickets */
	public static final boolean DEFAULT_TGS_RENEWABLE_ALLOWED = true;

	/** The default for verifying the body checksum */
	public static final boolean DEFAULT_VERIFY_BODY_CHECKSUM = true;

	/** The default encryption types */
	public static final String[] DEFAULT_ENCRYPTION_TYPES = new String[]
	{ "aes128-cts-hmac-sha1-96", "des-cbc-md5", "des3-cbc-sha1-kd" };

	/** The primary realm */
	private String primaryRealm = KerberosConfig.DEFAULT_REALM;

	/** The service principal name. */
	private String servicePrincipal = KerberosConfig.DEFAULT_PRINCIPAL;

	/** The allowable clock skew. */
	private long allowableClockSkew = KerberosConfig.DEFAULT_ALLOWABLE_CLOCKSKEW;

	/** Whether pre-authentication by encrypted timestamp is required. */
	private boolean isPaEncTimestampRequired = KerberosConfig.DEFAULT_PA_ENC_TIMESTAMP_REQUIRED;

	/** The maximum ticket lifetime. */
	private long maximumTicketLifetime = KerberosConfig.DEFAULT_TGS_MAXIMUM_TICKET_LIFETIME;

	/** The minimum ticket lifetime. */
	private long minimumTicketLifetime = KerberosConfig.DEFAULT_TGS_MINIMUM_TICKET_LIFETIME;

	/** The maximum renewable lifetime. */
	private long maximumRenewableLifetime = KerberosConfig.DEFAULT_TGS_MAXIMUM_RENEWABLE_LIFETIME;

	/** Whether empty addresses are allowed. */
	private boolean isEmptyAddressesAllowed = KerberosConfig.DEFAULT_EMPTY_ADDRESSES_ALLOWED;

	/** Whether forwardable addresses are allowed. */
	private boolean isForwardableAllowed = KerberosConfig.DEFAULT_TGS_FORWARDABLE_ALLOWED;

	/** Whether proxiable addresses are allowed. */
	private boolean isProxiableAllowed = KerberosConfig.DEFAULT_TGS_PROXIABLE_ALLOWED;

	/** Whether postdated tickets are allowed. */
	private boolean isPostdatedAllowed = KerberosConfig.DEFAULT_TGS_POSTDATED_ALLOWED;

	/** Whether renewable tickets are allowed. */
	private boolean isRenewableAllowed = KerberosConfig.DEFAULT_TGS_RENEWABLE_ALLOWED;

	/** Whether to verify the body checksum. */
	private boolean isBodyChecksumVerified = KerberosConfig.DEFAULT_VERIFY_BODY_CHECKSUM;

	/** The encryption types. */
	private Set<EncryptionType> encryptionTypes;

	/* cached kerberos/changepassword service principal */
	private KerberosPrincipal srvPrincipal;

	private String searchBaseDn;


	public KerberosConfig()
	{
	setSearchBaseDn( ServerDNConstants.USER_EXAMPLE_COM_DN );
	prepareEncryptionTypes();
	}


	/**
	* Returns the allowable clock skew.
	*
	* @return The allowable clock skew.
	*/
	public long getAllowableClockSkew()
	{
	return allowableClockSkew;
	}


	/**
	* @return the isEmptyAddressesAllowed
	*/
	public boolean isEmptyAddressesAllowed()
	{
	return isEmptyAddressesAllowed;
	}


	/**
	* @return the isForwardableAllowed
	*/
	public boolean isForwardableAllowed()
	{
	return isForwardableAllowed;
	}


	/**
	* @return the isPostdatedAllowed
	*/
	public boolean isPostdatedAllowed()
	{
	return isPostdatedAllowed;
	}


	/**
	* @return the isProxiableAllowed
	*/
	public boolean isProxiableAllowed()
	{
	return isProxiableAllowed;
	}


	/**
	* @return the isRenewableAllowed
	*/
	public boolean isRenewableAllowed()
	{
	return isRenewableAllowed;
	}


	/**
	* @return the maximumRenewableLifetime
	*/
	public long getMaximumRenewableLifetime()
	{
	return maximumRenewableLifetime;
	}


	/**
	* @return the maximumTicketLifetime
	*/
	public long getMaximumTicketLifetime()
	{
	return maximumTicketLifetime;
	}


	/**
	* @param allowableClockSkew the allowableClockSkew to set
	*/
	public void setAllowableClockSkew( long allowableClockSkew )
	{
	this.allowableClockSkew = allowableClockSkew;
	}


	/**
	* Initialize the encryptionTypes set
	*
	* @param encryptionTypes the encryptionTypes to set
	*/
	public void setEncryptionTypes( EncryptionType[] encryptionTypes )
	{
	if ( encryptionTypes != null )
	{
	this.encryptionTypes.clear();

	for ( EncryptionType encryptionType : encryptionTypes )
	{
	this.encryptionTypes.add( encryptionType );
	}
	}

	this.encryptionTypes = KerberosUtils.orderEtypesByStrength( this.encryptionTypes );
	}


	/**
	* Initialize the encryptionTypes set
	*
	* @param encryptionTypes the encryptionTypes to set
	*/
	public void setEncryptionTypes( Set<EncryptionType> encryptionTypes )
	{
	this.encryptionTypes = KerberosUtils.orderEtypesByStrength( encryptionTypes );
	}


	/**
	* @param isEmptyAddressesAllowed the isEmptyAddressesAllowed to set
	*/
	public void setEmptyAddressesAllowed( boolean isEmptyAddressesAllowed )
	{
	this.isEmptyAddressesAllowed = isEmptyAddressesAllowed;
	}


	/**
	* @param isForwardableAllowed the isForwardableAllowed to set
	*/
	public void setForwardableAllowed( boolean isForwardableAllowed )
	{
	this.isForwardableAllowed = isForwardableAllowed;
	}


	/**
	* @param isPaEncTimestampRequired the isPaEncTimestampRequired to set
	*/
	public void setPaEncTimestampRequired( boolean isPaEncTimestampRequired )
	{
	this.isPaEncTimestampRequired = isPaEncTimestampRequired;
	}


	/**
	* @param isPostdatedAllowed the isPostdatedAllowed to set
	*/
	public void setPostdatedAllowed( boolean isPostdatedAllowed )
	{
	this.isPostdatedAllowed = isPostdatedAllowed;
	}


	/**
	* @param isProxiableAllowed the isProxiableAllowed to set
	*/
	public void setProxiableAllowed( boolean isProxiableAllowed )
	{
	this.isProxiableAllowed = isProxiableAllowed;
	}


	/**
	* @param isRenewableAllowed the isRenewableAllowed to set
	*/
	public void setRenewableAllowed( boolean isRenewableAllowed )
	{
	this.isRenewableAllowed = isRenewableAllowed;
	}


	/**
	* @param kdcPrincipal the kdcPrincipal to set
	*/
	public void setServicePrincipal( String kdcPrincipal )
	{
	this.servicePrincipal = kdcPrincipal;
	}


	/**
	* @param maximumRenewableLifetime the maximumRenewableLifetime to set
	*/
	public void setMaximumRenewableLifetime( long maximumRenewableLifetime )
	{
	this.maximumRenewableLifetime = maximumRenewableLifetime;
	}


	/**
	* @param maximumTicketLifetime the maximumTicketLifetime to set
	*/
	public void setMaximumTicketLifetime( long maximumTicketLifetime )
	{
	this.maximumTicketLifetime = maximumTicketLifetime;
	}


	/**
	* @param primaryRealm the primaryRealm to set
	*/
	public void setPrimaryRealm( String primaryRealm )
	{
	this.primaryRealm = primaryRealm;
	}


	/**
	* Returns the primary realm.
	*
	* @return The primary realm.
	*/
	public String getPrimaryRealm()
	{
	return primaryRealm;
	}


	/**
	* Returns the service principal for this KDC/changepwd service.
	*
	* @return The service principal for this KDC/changepwd service.
	*/
	public KerberosPrincipal getServicePrincipal()
	{
	if ( srvPrincipal == null )
	{
	srvPrincipal = new KerberosPrincipal( servicePrincipal, PrincipalNameType.KRB_NT_SRV_INST.getValue() );
	}

	return srvPrincipal;
	}


	/**
	* Returns the encryption types.
	*
	* @return The encryption types.
	*/
	public Set<EncryptionType> getEncryptionTypes()
	{
	return encryptionTypes;
	}


	/**
	* Returns whether pre-authentication by encrypted timestamp is required.
	*
	* @return Whether pre-authentication by encrypted timestamp is required.
	*/
	public boolean isPaEncTimestampRequired()
	{
	return isPaEncTimestampRequired;
	}


	/**
	* @return the isBodyChecksumVerified
	*/
	public boolean isBodyChecksumVerified()
	{
	return isBodyChecksumVerified;
	}


	/**
	* @param isBodyChecksumVerified the isBodyChecksumVerified to set
	*/
	public void setBodyChecksumVerified( boolean isBodyChecksumVerified )
	{
	this.isBodyChecksumVerified = isBodyChecksumVerified;
	}


	public String getSearchBaseDn()
	{
	return searchBaseDn;
	}


	public void setSearchBaseDn( String searchBaseDn )
	{
	this.searchBaseDn = searchBaseDn;
	}


	public long getMinimumTicketLifetime()
	{
	return minimumTicketLifetime;
	}


	public void setMinimumTicketLifetime( long minimumTicketLifetime )
	{
	this.minimumTicketLifetime = minimumTicketLifetime;
	}


	/**
	* Construct an HashSet containing the default encryption types
	*/
	private void prepareEncryptionTypes()
	{
	String[] encryptionTypeStrings = KerberosConfig.DEFAULT_ENCRYPTION_TYPES;

	encryptionTypes = new HashSet<EncryptionType>();

	for ( String enc : encryptionTypeStrings )
	{
	for ( EncryptionType type : EncryptionType.getEncryptionTypes() )
	{
	if ( type.getName().equalsIgnoreCase( enc ) )
	{
	encryptionTypes.add( type );
	}
	}
	}

	encryptionTypes = KerberosUtils.orderEtypesByStrength( encryptionTypes );
	}
	}