Apache Kerby ™ is a Java Kerberos binding that provides a rich, intuitive and interoperable implementation of libraries, KDC, and various infrastructures that integrate PKI, OTP and the command-set (OAuth2). Apache Kerby provides the features needed in a modern environment (cloud, Hadoop, and mobile).
- Aims to become the preferred Kerberos server implementation in java, with rich facilities that integrate Kerberos, PKI and token (OAuth2) on both client and server sides.
- Provides client API to interact with any KDC server.
- Provides an embeddable and standalone KDC server that supports various backends for storing principals and keys.
- Comes with in-memory, Mavibot(MVCC BTree), JSON, LDAP and Zookeeper backends to store data.
- Embedded KDC server allows easy integration into products for unit testing or production deployment.
- Supports FAST/Preauthentication framework to allow popular and useful authentication mechanisms.
- Supports PKINIT mechanism to allow clients to request tickets using x509 certificate credentials.
- Supports Token Preauth mechanism to allow clients to request tickets using JWT tokens.
- Supports OTP mechanism to allow clients to request tickets using One Time Password.
- Provides support for JAAS, GSSAPI and SASL frameworks that applications can leverage.
- Minimal dependencies, SLF4J is the only external dependency in the core part.
Apache Kerby 1.1.0 released. This is a new major release of Apache Kerby, which implements cross-realm support, and also includes a GSSAPI module.