-
Notifications
You must be signed in to change notification settings - Fork 79
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add refreshKrb5Config to GSSAPIBindRequestProperties #8
Comments
It should be a fairly straightforward change to add this into the next release of the LDAP SDK. I'll try to get that in soon. As a workaround, you should be able to provide your own JAAS configuration file instead of using one that is automatically generated by the LDAP SDK. |
I've just committed a change that updates the LDAP SDK to add the ability to include the refreshKrb5Config property in the dynamically-generated JAAS configuration file. I've also added support for the useKeyTab and keyTab properties. |
Thanks, that was fast! When are you expecting 3.0.1 to drop? |
I don't have a specific date, but it will be within the next three weeks. Probably sometime during the week of December 14th. |
Updated the LDAP SDK documentation to include a number of RFCs with certificate-related specifications. This includes: * RFC 2986 -- PKCS #10: Certificate Request Syntax Specification Version 1.7 * RFC 5208 -- Asymmetric Key Packages (PKCS #8) * RFC 5280 -- Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile * RFC 7292 -- PKCS #12: Personal Information Exchange Syntax v1.1 * RFC 8017 -- PKCS #1: RSA Cryptography Specifications Version 2.2
Updated the manage-certificates import subcommand to support importing RSA private keys from a PEM file that does not wrap the key in a PKCS #8 envelope (that is, a private key in a file that starts with a "BEGIN RSA PRIVATE KEY" header instead of just "BEGIN PRIVATE KEY"). Previously, private keys could only be imported in the PKCS #8 format.
Added a new PEMFileKeyManager class that can be used as a Java X.509 key manager that reads the certificate chain and private key from PEM files. Added a new PEMFileTrustManager class that can be used as a Java X.509 trust manager that reads information about trusted certificates from PEM files. Added new X509PEMFileReader and PKCS8PEMFileReader classes that can be used to read PEM-formatted X.509 certificates and PKCS #8 private keys.
Added support for encrypted PKCS #8 private keys. Private keys can now be formatted in encrypted PEM when provided with an encryption password and a set of encryption properties, and the PKCS #8 PEM file reader can read encrypted private keys when provided with the encryption password. The manage-certificates export-private-key command has been updated to support writing an encrypted representation of the private key in either PEM or DER form, and manage-certificates import-certificate has been updated to support obtaining the private key when it is encrypted form.
Currently it doesn't seem possible to specify refreshKrb5Config to force a refresh of the Kerberos configuration, via GSSAPIBindRequest and its associated properties class. I tried to extend GSSAPIBindRequest but writeSunJAASConfig() doesn't really allow for it. Is it possible to add a way to extend or support refreshKrb5Config directly?
Thanks.
The text was updated successfully, but these errors were encountered: