directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r1443554 - in /directory/site/trunk/content/apacheds/kerberos-ug: 1.1-introduction.mdtext 1.1.1-realms.mdtext images/ images/kerberos-realm-config.png
Date Thu, 07 Feb 2013 15:27:47 GMT
Author: elecharny
Date: Thu Feb  7 15:27:47 2013
New Revision: 1443554

URL: http://svn.apache.org/viewvc?rev=1443554&view=rev
Log:
Added the realm page, and some image

Added:
    directory/site/trunk/content/apacheds/kerberos-ug/1.1.1-realms.mdtext
    directory/site/trunk/content/apacheds/kerberos-ug/images/
    directory/site/trunk/content/apacheds/kerberos-ug/images/kerberos-realm-config.png   (with
props)
Modified:
    directory/site/trunk/content/apacheds/kerberos-ug/1.1-introduction.mdtext

Modified: directory/site/trunk/content/apacheds/kerberos-ug/1.1-introduction.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/kerberos-ug/1.1-introduction.mdtext?rev=1443554&r1=1443553&r2=1443554&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/kerberos-ug/1.1-introduction.mdtext (original)
+++ directory/site/trunk/content/apacheds/kerberos-ug/1.1-introduction.mdtext Thu Feb  7 15:27:47
2013
@@ -1,9 +1,9 @@
 Title: 1.1 - Introduction
 NavPrev: 1-kerberos.html
 NavPrevText: 1 - What is Kerberos ?
-NavUp: ../kerberos-user-guide.html
-NavUpText: Kerberos User Guide
-NavNext: 1.2-moe-information.html
+NavUp: 1-kerberos.html
+NavUpText: 1 - What is Kerberos ?
+NavNext: 1.2-more-information.html
 NavNextText: 1.2 - More Information
 Notice: Licensed to the Apache Software Foundation (ASF) under one
     or more contributor license agreements.  See the NOTICE file

Added: directory/site/trunk/content/apacheds/kerberos-ug/1.1.1-realms.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/kerberos-ug/1.1.1-realms.mdtext?rev=1443554&view=auto
==============================================================================
--- directory/site/trunk/content/apacheds/kerberos-ug/1.1.1-realms.mdtext (added)
+++ directory/site/trunk/content/apacheds/kerberos-ug/1.1.1-realms.mdtext Thu Feb  7 15:27:47
2013
@@ -0,0 +1,57 @@
+Title: 1.1.1 - Realms
+NavPrev: 1.1-introduction.html
+NavPrevText: 1.1 - Introduction
+NavUp: 1.1-introduction.html
+NavUpText: 1.1 - Introduction
+NavNext: 1.1.2-principal.html
+NavNextText: 1.1.2 - Principal
+Notice: Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+    .
+    http://www.apache.org/licenses/LICENSE-2.0
+    .
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+
+# Realms
+
+A **Realm** is associated with a Kerberos administrative domain. In other words, it covers
everything the Kerberos server manage :
+* Users
+* Services
+
+Note that if a Kerberos Server manage one **Realm** only, a **Realm** can be managed by more
than one Kerberos server : this is mandatory to avoid created a single point of failure, if
the Kerberos server halts for any reason. Usually, the Kerberos servers are sharing the database
- or in our case, the database is being replicated between the Kerberos Servers.
+
+## Realm name
+
+In order to distinguish the **Realms**, we give them a unique name. This name can be anything,
but a convention is to use the DNS name of the Kerberos server, and to use uppercase.
+
+For instance, say that th Kerberos server is installed on a machine which domain name is
**apache.org**, then we will use **APACHE.ORG** as the **Realm** name (but you could have
used **Apache.org** or even **MyApacheDomain**).
+
+<DIV class="info" markdown="1">
+Note that the name is case sensitive. **apache.org** is a different realm than **APACHE.ORG**.
+</DIV>
+
+The **Realm** name wil be used all over Kerberos to name **Principals** and **Services**
+
+## Default Realm for ApacheDS Kerberos Server
+
+When you set up an **ApacheDS Kerberos Server**, the **Realm** name is set to **EXAMPLE.COM**.
This can be changed either through **Studio**, by accessing the server configuration and changing
the 'Primary KDC Realm', as show in this picture :
+
+![Kerberos Realm Configuration](images/kerberos-realm-config.png)
+
+or by modifying the LDIF configuration directly, by modifying the following entry :
+
+    dn: ads-serverId=kerberosServer,ou=servers,ads-directoryServiceId=default,ou=config
+    ...
+    ads-krbprimaryrealm: EXAMPLE.COM
+    ...
+

Added: directory/site/trunk/content/apacheds/kerberos-ug/images/kerberos-realm-config.png
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/kerberos-ug/images/kerberos-realm-config.png?rev=1443554&view=auto
==============================================================================
Binary file - no diff available.

Propchange: directory/site/trunk/content/apacheds/kerberos-ug/images/kerberos-realm-config.png
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream



Mime
View raw message