directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Karasulu <>
Subject Re: Java client to password change protocol
Date Wed, 07 Sep 2011 07:33:31 GMT
Hi Mario,

On Tue, Sep 6, 2011 at 3:07 PM, Mario Reichel <> wrote:
> Hello,
> I have to produce an authentication and authorization infrastructure for
> a web-service oriented architecture. For this I use MIT Kerberos and
> OpenLDAP. In addition I use JAAS, GSS-API and JNDI. So far so good.
> Now my problem is to administrate the users from the web-services. I
> found the "work around" to open a shell and use kadmin or kpasswd. This
> is not a acceptable solution.


I have seen the Apache Directory project
> implement the password change protocol. Is there a way to use some classes
> of the project or other library?s to implement a client for
> the password change protocol? Can anybody recommend a documentation for
> this problem?

One of our aims is to ultimately provide a client for Kerberos
infrastructure however due to limited resources and time we've only
slowly made progress on this goal. At this point the server side
handling was the primary concern with a full rewrite of the Kerberos
codec. We're poised well to start work on the client which now should
not be too difficult. The matter just boils down to who and when.

> If there is no one and I get enough tip's to solve this problem, I will
> write one. I hope that's the right way to get some help.

Sure you're welcome to do so. The best way to begin would be to look
at how we implement the server codec handling. You need to have a
grasp of MINA as well as the protocol (low level ASN.1 aspects +
PDUs). I recommend looking at the existing kerberos codec and the
changepwd protocol codec to get a good idea. I don't know if the
changepwd code also got revamped. Perhaps someone else can opine on
that matter.

Best Regards,
-- Alex

View raw message