content/kerby/features.mdtext - directory-site - Git at Google

 Title: Features
 Notice: Licensed to the Apache Software Foundation (ASF) under one
     or more contributor license agreements.  See the NOTICE file
     distributed with this work for additional information
     regarding copyright ownership.  The ASF licenses this file
     to you under the Apache License, Version 2.0 (the
     "License"); you may not use this file except in compliance
     with the License.  You may obtain a copy of the License at
     .
     http://www.apache.org/licenses/LICENSE-2.0
     .
     Unless required by applicable law or agreed to in writing,
     software distributed under the License is distributed on an
     "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
     KIND, either express or implied.  See the License for the
     specific language governing permissions and limitations
     under the License.

 # Kerby Features

 Kerby is an implementation of Kerberos V5 protocol in pure Java. It provides a rich, intuitive and interoperable library, KDC and various facilities that integrate PKI, OTP and token (OAuth2) as desired in modern environments such as cloud, Hadoop and mobile.
 Following features are (already) supported:

 * Kerberos libraries:
     * Client
     * KDC server
     * Kadmin
     * Credential cache and keytab utilities

 * Standalone KDC server

 * Support for various backends:
     * In-memory
     * Mavibot (MVCC BTree)
     * LDAP
     * JSON
     * Zookeeper

 * Embeddable KDC server allows easy integration into products for unit testing or production deployment.

 * FAST/Preauthentication framework, to allow popular and useful authentication mechanisms.

 * Token Preauth mechanism, to allow clients to request tickets using JWT tokens.

 * Client can request a TGT with:
     * User plain password credential
     * User keyTab
     * User token credential

 * Client can request a service ticket with:
     * user TGT credential for a server
     * user AccessToken credential for a server

 * Network support including UDP and TCP transport with two implementations:
     * Default implementation based on the JRE without depending on other libraries.
     * Netty based implementation for better throughput, lower latency.

 * Tools:
     * kdcinit: Initialize and prepare KDC, like choose storage type, setting up necessary principals (tgs, kadmin) etc.
     * kadmin: Command-line interface to administer Kerby.
     * kinit: Obtains and caches initial ticket-granting tickets for principals.
     * klist: Lists the Kerberos principals and tickets held in a credentials cache, or the keys held in a keytab file.

 * Support for JAAS, GSSAPI and SASL frameworks, allowing applications to leverage the authentication mechanisms provided by Kerby.
	Title: Features
	Notice: Licensed to the Apache Software Foundation (ASF) under one
	or more contributor license agreements. See the NOTICE file
	distributed with this work for additional information
	regarding copyright ownership. The ASF licenses this file
	to you under the Apache License, Version 2.0 (the
	"License"); you may not use this file except in compliance
	with the License. You may obtain a copy of the License at
	.
	http://www.apache.org/licenses/LICENSE-2.0
	.
	Unless required by applicable law or agreed to in writing,
	software distributed under the License is distributed on an
	"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	KIND, either express or implied. See the License for the
	specific language governing permissions and limitations
	under the License.

	# Kerby Features

	Kerby is an implementation of Kerberos V5 protocol in pure Java. It provides a rich, intuitive and interoperable library, KDC and various facilities that integrate PKI, OTP and token (OAuth2) as desired in modern environments such as cloud, Hadoop and mobile.
	Following features are (already) supported:

	* Kerberos libraries:
	* Client
	* KDC server
	* Kadmin
	* Credential cache and keytab utilities

	* Standalone KDC server

	* Support for various backends:
	* In-memory
	* Mavibot (MVCC BTree)
	* LDAP
	* JSON
	* Zookeeper

	* Embeddable KDC server allows easy integration into products for unit testing or production deployment.

	* FAST/Preauthentication framework, to allow popular and useful authentication mechanisms.

	* Token Preauth mechanism, to allow clients to request tickets using JWT tokens.

	* Client can request a TGT with:
	* User plain password credential
	* User keyTab
	* User token credential

	* Client can request a service ticket with:
	* user TGT credential for a server
	* user AccessToken credential for a server

	* Network support including UDP and TCP transport with two implementations:
	* Default implementation based on the JRE without depending on other libraries.
	* Netty based implementation for better throughput, lower latency.

	* Tools:
	* kdcinit: Initialize and prepare KDC, like choose storage type, setting up necessary principals (tgs, kadmin) etc.
	* kadmin: Command-line interface to administer Kerby.
	* kinit: Obtains and caches initial ticket-granting tickets for principals.
	* klist: Lists the Kerberos principals and tickets held in a credentials cache, or the keys held in a keytab file.

	* Support for JAAS, GSSAPI and SASL frameworks, allowing applications to leverage the authentication mechanisms provided by Kerby.