Apache Kerby

Apache Kerby is a Java-based implementation of the Kerberos V5 protocol, designed to provide a modern, flexible, and embeddable Kerberos Key Distribution Center (KDC) and client library. It integrates advanced authentication mechanisms such as PKI, OTP, and OAuth2 tokens, making it suitable for cloud-native, mobile, and big data environments like Hadoop. Kerby aims to simplify Kerberos deployment and usage while maintaining interoperability and security.

Features

• Pure Java implementation of Kerberos V5 protocol
• Embeddable and standalone KDC server
• Rich client API for interacting with any KDC
• Support for multiple identity backends: in-memory, JSON, LDAP, Zookeeper, Mavibot
• Integration with PKINIT (X.509 certificates), OTP, and OAuth2 token-based authentication
• FAST/Preauthentication framework for enhanced security
• JAAS, GSSAPI, and SASL support for application integration
• Minimal external dependencies (only SLF4J in core)

Capabilities

• Enables secure authentication across distributed systems
• Facilitates integration of Kerberos with modern identity systems
• Supports ticket requests using certificates, tokens, or one-time passwords
• Allows embedding KDC into applications for testing or production
• Provides flexible backend options for storing principals and keys
• Offers tools for managing Kerberos identities and tickets

Benefits

• Simplifies Kerberos setup and integration in Java environments
• Enhances security with support for modern authentication methods
• Reduces operational complexity with embeddable KDC
• Promotes interoperability with standard Kerberos clients and servers
• Ideal for cloud, mobile, and big data platforms
• Backed by the Apache Directory community with regular updates