On 7/2/07, Emmanuel Lecharny <
elecharny@...> wrote:
> On 7/2/07, Enrique Rodriguez <
enriquer9@...> wrote:
> > On 7/1/07, Emmanuel Lecharny <
elecharny@...> wrote:
> > > Hi,
> > >
> > > I have some questions regarding the kerberos implementation :
> > >
> > > 1) We have a TicketModifier class. Is it really usefull ?
> >
> > The Ticket has no attribute setters, so the intention is that you use
> > the modifier to create immutable Ticket's.
>
> Do we need to create immutable Tickets ? We just produce Tickets in
> the server, then send them to the client. What's the point to have
> Immutable Tickets ? I may miss something ...
I think it is good programming practice, both for security
implications and for the resulting API, even if it is internal to
ApacheDS on the server-side. You can web search on "security
immutable" or here is a direct reference from Sun:
http://java.sun.com/security/seccodeguide.html#gcg6
> ...
> Ok, I gonna have a look at it. From the client side, we obviously must
> work with Sun classes, but from server side, having our own classes
> will help a lot (debug, logs, etc.). It can be done step by step, but
> first we need to build integration tests to be sure that moving from
> Sun to our own classes don't break everything.
>
> This is what I find difficult atm : changing the code is risky,
> because of the lack of tests.
> ...
I have integration tests I would like to add to server-unit. But it
requires adding a dep for kerberos-clients to server-unit, since the
tests use the new client. If this is acceptable, I will add the dep
and commit a new test class.
This dep will also set us up for a new SASL GSSAPI bind integration
test and some tests for Change Password, as well.
Enrique
