News

Apache Kerby 1.0.0 released posted on May 13th, 2017

The Apache Directory team is pleased to announce the release of Apache Kerby 1.0.0. The issues fixed are available here.

Downloads are available here

Apache Kerby 1.0.0-RC2 released posted on March 14th, 2016

The Apache Directory team is pleased to announce the release of Apache Kerby 1.0.0-RC2.

105 JIRA issues were resolved and with the following Features and important changes since 1.0.0-RC1:

  1. Anonymous PKINIT support(BETA): allows a client to obtain anonymous credentials without authenticating as any particular principal.

  2. Finished token support:

  3. Add ability to encrypt and sign using non-RSA keys;
  4. Get the verify key for signed JWT token from kdc config;
  5. Token issuer must be trusted as one of preconfigured issuers;
  6. Add support for decrypting JWT tokens in the KDC.

  7. PKIX CMS/X509 support.

  8. BER encoding support.

  9. Improved the ASN1 framework:

  10. Separate Asn1 parser;
  11. Support decoding of primitive but constructed encoded types;
  12. Allow to define explicit and implicit fields more easily for collection types;
  13. Providing an API to use some useful ASN1 functions by consolidating existing utilities

  14. Dump support for Asn1.

  15. provide an ASN1 dumping tool for troubleshooting

  16. Separate KrbClient, KrbTokenClient, and KrbPkinitClient APIs.

Apache Kerby 1.0.0-RC1 released posted on September 16th, 2015

The Apache Directory team is pleased to announce the release of Apache Kerby 1.0.0-RC1, the first release candidate towards a 1.0 version.

Downloads are available here

Apache Kerby 1.0.0-RC1 Release Notes

In this release 236 JIRA issues were resolved and the following features are supported:

  1. Kerberos libraries:

    • Client
    • KDC server
    • Kadmin
    • Credential cache and keytab utilities
  2. Standalone KDC server .

  3. Support for various identity backends:

    • In-memory
    • JSON
    • LDAP
    • Mavibot(MVCC BTree)
    • Zookeeper
  4. Embedded KDC server allows easy integration into products for unit tests or production deployment.

  5. FAST/Preauthentication framework to allow popular and useful authentication mechanisms.

  6. Token Preauth mechanism to allow clients to request tickets using JWT tokens.

  7. Client can request a TGT with:

    • User plain password credential
    • User keyTab
    • User token credential
  8. Client can request a service ticket with:

    • user TGT credential for a server
    • user AccessToken credential for a server
  9. Network support including UDP and TCP transport with two implementations:

    • Default implementation based on the JRE without depending on other libraries.
    • Netty based implementation for better throughput, lower latency.
  10. Tools:

    • kdcinit: Initialize and prepare KDC, like choose storage type, setting up necessary principals (tgs, kadmin) etc.
    • kadmin: Command-line interfaces to administration system.
    • kinit: Obtains and caches an initial ticket-granting ticket for principal.
    • klist: Lists the Kerby principal and tickets held in a credentials cache, or the keys held in a keytab file.
  11. Support for JAAS, GSSAPI and SASL frameworks that applications can leverage the authentication mechanisms provided by Kerby.

  12. Building support: checking style and find bugs.