[jcifs] Re: Apache / jCIFS Collaboration

Enrique Rodriguez enriquer9 at gmail.com
Wed Jul 27 02:42:20 GMT 2005

Michael B Allen wrote:
> On Tue, 26 Jul 2005 18:07:23 -0400
> Enrique Rodriguez <enriquer9 at gmail.com> wrote:
> Nice. So do you have serious KDC functionality for Windows clients or
> is this mostly proof of concept right now?

This is fully operational.  Even has installers and RPMs.  Only major 
item missing from RFC 1510 is trusts but that's coming Real Soon Now, 
mostly deciding how we want to store this in the directory; trying to 
figure out if we do our own schema or use DMTF's CIM.

One thing we have which almost no one has is one-time password (OTP) 
support using the HOTP standard from OATH.  At Safehaus you'll find the 
HausKeys project which has midlets for using mobile devices as the token 

That doco is 2 days old and we just came out with the logging facility 
and RPM/installers which make installation and troubleshooting bearable. 
   Interop is decently tested with Windows 2000/2003 and Linux.  I'd 
love to hear your feedback.  Main Kerberos development is at Apache on 
the Directory project, so we have the mailing list at 
dev at directory.apache.org and issue tracking at 

Safehaus TripleSec adds packaging (RPM or installer), the HOTP 
subsystem, the HausKeys mobile token generator, and interop doco. 
Mailing list at dev at safehaus.org and issues at http://jira.safehaus.org.

> Did you ever find (or implement) an RC4-HMAC implimentation?

Nope.  Not really needed as Windows Kerberos works fine with DES-CBC-MD5 
at least.

> PS: I read RFC1510 about five times over on the train to/from the city
> a while ago. What a nicely written RFC. Kerberos is a nice protocol. I'm
> looking forward to working with it.

Yeah, RFC 1510 really stands out among RFC's as being a good read. 
However, I highly recommend reading the "clarifications" version which 
obsoletes RFC 1510:



More information about the jcifs mailing list