drankye / haox Goto Github PK

This is to implement the pre-authentication/FAST framework.

This is to refactor not-so-commons-ssl library and replace the asn1 parser with haox-asn1.

This is to implement the Access Token profile based on the TokenPreauth pre-authentication mechanism defined in the draft. Ref. docs/Accesstoken-profile.pdf

Haox-event already supports mix of TCP and UDP together in a server. Based on it, this will allow KDC to bind and process requests from TCP and UDP ports.

With the mix support of TCP and UDP provided by haox-event, this is to allow KrbClient to support the both protocols with TCP being tried first.

This is going to implement the cross-realm support.

This is to refactor not-so-commons-ssl library and get rid of external dependencies for the core parts.

Enhance KrbClient to respect krb5.conf file to make it easy.

This is to implement PKINIT pre-authentication mechanism.

This is going to implement an Ldap identity backend for Haox KDC server. The Ldap server can be standalone or embedded.

Credential cache utility needs to be updated to support latest cache file format. It's necessary because KrbClient needs to use the feature to store temporary negotiation data for a preauth mechanism.

This is to implement TokenPreauth pre-authentication mechanism defined in token-preauth draft. Ref. docs/token-preauth.pdf

This is going to support INIT configuration file format. Below is a sample (krb5.conf):

default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log 

[libdefaults]
default_realm = EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true

For above sample, we can have:

Conf conf = ...
conf.addIniConfig("/etc/krb5.conf");
conf.getString("default_realm") == "EXAMPLE.COM";
Config config = conf.getConfig("libdefaults");
config.getBoolean("forwardable") == true
...

Based on it, it will be easy to support MIT Kerberos configurations like krb5.conf and kdc.conf.