[jcifs] Re: Apache / jCIFS Collaboration
enriquer9 at gmail.com
Wed Jul 27 02:42:20 GMT 2005
Michael B Allen wrote:
> On Tue, 26 Jul 2005 18:07:23 -0400
> Enrique Rodriguez <enriquer9 at gmail.com> wrote:
> Nice. So do you have serious KDC functionality for Windows clients or
> is this mostly proof of concept right now?
This is fully operational. Even has installers and RPMs. Only major
item missing from RFC 1510 is trusts but that's coming Real Soon Now,
mostly deciding how we want to store this in the directory; trying to
figure out if we do our own schema or use DMTF's CIM.
One thing we have which almost no one has is one-time password (OTP)
support using the HOTP standard from OATH. At Safehaus you'll find the
HausKeys project which has midlets for using mobile devices as the token
That doco is 2 days old and we just came out with the logging facility
and RPM/installers which make installation and troubleshooting bearable.
Interop is decently tested with Windows 2000/2003 and Linux. I'd
love to hear your feedback. Main Kerberos development is at Apache on
the Directory project, so we have the mailing list at
dev at directory.apache.org and issue tracking at
Safehaus TripleSec adds packaging (RPM or installer), the HOTP
subsystem, the HausKeys mobile token generator, and interop doco.
Mailing list at dev at safehaus.org and issues at http://jira.safehaus.org.
> Did you ever find (or implement) an RC4-HMAC implimentation?
Nope. Not really needed as Windows Kerberos works fine with DES-CBC-MD5
> PS: I read RFC1510 about five times over on the train to/from the city
> a while ago. What a nicely written RFC. Kerberos is a nice protocol. I'm
> looking forward to working with it.
Yeah, RFC 1510 really stands out among RFC's as being a good read.
However, I highly recommend reading the "clarifications" version which
obsoletes RFC 1510:
More information about the jcifs