Add refreshKrb5Config to GSSAPIBindRequestProperties #8
Comments
|
It should be a fairly straightforward change to add this into the next release of the LDAP SDK. I'll try to get that in soon. As a workaround, you should be able to provide your own JAAS configuration file instead of using one that is automatically generated by the LDAP SDK. |
|
I've just committed a change that updates the LDAP SDK to add the ability to include the refreshKrb5Config property in the dynamically-generated JAAS configuration file. I've also added support for the useKeyTab and keyTab properties. |
|
Thanks, that was fast! When are you expecting 3.0.1 to drop? |
|
I don't have a specific date, but it will be within the next three weeks. Probably sometime during the week of December 14th. |
dirmgr
added a commit
that referenced
this issue
Nov 22, 2017
Updated the LDAP SDK documentation to include a number of RFCs with certificate-related specifications. This includes: * RFC 2986 -- PKCS #10: Certificate Request Syntax Specification Version 1.7 * RFC 5208 -- Asymmetric Key Packages (PKCS #8) * RFC 5280 -- Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile * RFC 7292 -- PKCS #12: Personal Information Exchange Syntax v1.1 * RFC 8017 -- PKCS #1: RSA Cryptography Specifications Version 2.2
dirmgr
added a commit
that referenced
this issue
Mar 28, 2018
Updated the manage-certificates import subcommand to support importing RSA private keys from a PEM file that does not wrap the key in a PKCS #8 envelope (that is, a private key in a file that starts with a "BEGIN RSA PRIVATE KEY" header instead of just "BEGIN PRIVATE KEY"). Previously, private keys could only be imported in the PKCS #8 format.
dirmgr
added a commit
that referenced
this issue
Mar 6, 2021
Added a new PEMFileKeyManager class that can be used as a Java X.509 key manager that reads the certificate chain and private key from PEM files. Added a new PEMFileTrustManager class that can be used as a Java X.509 trust manager that reads information about trusted certificates from PEM files. Added new X509PEMFileReader and PKCS8PEMFileReader classes that can be used to read PEM-formatted X.509 certificates and PKCS #8 private keys.
dirmgr
added a commit
that referenced
this issue
Dec 9, 2022
Added support for encrypted PKCS #8 private keys. Private keys can now be formatted in encrypted PEM when provided with an encryption password and a set of encryption properties, and the PKCS #8 PEM file reader can read encrypted private keys when provided with the encryption password. The manage-certificates export-private-key command has been updated to support writing an encrypted representation of the private key in either PEM or DER form, and manage-certificates import-certificate has been updated to support obtaining the private key when it is encrypted form.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently it doesn't seem possible to specify refreshKrb5Config to force a refresh of the Kerberos configuration, via GSSAPIBindRequest and its associated properties class. I tried to extend GSSAPIBindRequest but writeSunJAASConfig() doesn't really allow for it. Is it possible to add a way to extend or support refreshKrb5Config directly?
Thanks.
The text was updated successfully, but these errors were encountered: