directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r850105 - in /websites/staging/directory/trunk/content: ./ apacheds/kerberos-ug/1-kerberos.html apacheds/kerberos-ug/1.1-introduction.html
Date Sun, 10 Feb 2013 07:48:13 GMT
Author: buildbot
Date: Sun Feb 10 07:48:12 2013
New Revision: 850105

Log:
Staging update by buildbot for directory

Modified:
    websites/staging/directory/trunk/content/   (props changed)
    websites/staging/directory/trunk/content/apacheds/kerberos-ug/1-kerberos.html
    websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.1-introduction.html

Propchange: websites/staging/directory/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Sun Feb 10 07:48:12 2013
@@ -1 +1 @@
-1444475
+1444494

Modified: websites/staging/directory/trunk/content/apacheds/kerberos-ug/1-kerberos.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/kerberos-ug/1-kerberos.html (original)
+++ websites/staging/directory/trunk/content/apacheds/kerberos-ug/1-kerberos.html Sun Feb
10 07:48:12 2013
@@ -159,23 +159,23 @@
 </li>
 </ul>
 <h1 id="1-what-is-kerberos">1 - What is Kerberos ?</h1>
-<p><strong>Kerberos</strong> is the result of an effort by the MIT, known
as <strong>Project Athena</strong>. It started in May 1983, and resulted in many
internal version at the MIT, and finally, <strong>Kerberos V4</strong> was openly
released on January 1989. *<em>Kerberos V5</em> is available since 1993.</p>
-<p><strong>Kerberos</strong> is a computer network authentication protocol,
which provides a secure, SSO, trusted third-party mutual authentication service.</p>
+<p><strong>Kerberos</strong> is the result of an effort by the MIT, known
as <strong>Project Athena</strong>. It started in May 1983, and resulted in many
internal versions at the MIT, and finally, <strong>Kerberos V4</strong> was openly
released in January 1989. *<em>Kerberos V5</em> is available since 1993.</p>
+<p><strong>Kerberos</strong> is a computer network authentication protocol,
which provides a secure Single Sign On(SSO) based on a trusted third-party mutual authentication
service.</p>
 <ul>
 <li>
-<p>It's secure because the user's password is never transmitted over the wire. <strong>Kerberos</strong>
uses <strong>Tickets</strong> which are negociated with the server, with a limited
time to live.</p>
+<p>It is secure because the user's password is never transmitted over the wire. <strong>Kerberos</strong>
uses <strong>Tickets</strong> which are negociated with the server, with a limited
time to live.</p>
 </li>
 <li>
-<p>It a SSO system as a ticket can be used by all the services for its duration. The
services can fully trust those tickets.</p>
+<p>It is a SSO system, a single ticket can be used by all the services till its validity
expires.</p>
 </li>
 <li>
-<p>It's a trusted third party as all the users and services are managed by the <strong>Kerberos</strong>
server. </p>
+<p>It acts as a trusted third party cause all the keys of users and services are managed
by the <strong>Kerberos</strong> server. </p>
 </li>
 <li>
-<p>It's a mutual authentication system that guarantees not only that the user is who
he is pretending to be, but because each user has the guarantee that the services he accesses
to are the expected services.</p>
+<p>It is a mutual authentication system that guarantees not only that the user is who
he is pretending to be, but also because each user is guaranteed that the services he has
access to are the expected services.</p>
 </li>
 </ul>
-<p><strong>Kerberos</strong> is widely used in the <strong>Microsoft&trade;</strong>
world, as all the authentications on <strong>Microsoft&trade;</strong> are
done through this protocol.</p>
+<p><strong>Kerberos</strong> is widely used in the <strong>Microsoft&trade;</strong>
world, as all the authentication mechanisms on <strong>Microsoft&trade;</strong>
are done through this protocol.</p>
 
 
     <div class="nav">

Modified: websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.1-introduction.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.1-introduction.html (original)
+++ websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.1-introduction.html Sun
Feb 10 07:48:12 2013
@@ -149,27 +149,27 @@
 <li><a href="1.1.8-tickets.html">1.1.8 - Tickets</a></li>
 </ul>
 <h1 id="11-introduction">1.1 - Introduction</h1>
-<p>The <strong>Kerberos</strong> server is a part of the <strong>Apache
Directory Server</strong> : it uses the <strong>LDAP</strong> server as
a backend, but has its own network layer. which makes it easy to install, compared to other
solutions where you have two components : an LDAP server on one side, and the Kerberos Server
on the other.</p>
-<p>We also have a complete configuration GUI in Studio, which allows administrators
to tweak their server in a convenient way.</p>
-<p>The Kerberos provider for Apache Directory implements RFC 1510 and RFC 4120 , the
Kerberos V5 Network Authentication Service. The purpose of Kerberos is to verify the identities
of principals (users or services) on an unprotected network. While generally thought of as
a single-sign-on technology, Kerberos' true strength is in authenticating users without ever
sending their password over the network. Kerberos is designed for use on open (untrusted)
networks and, therefore, operates under the assumption that packets traveling along the network
can be read, modified, and inserted at will. This chart provides a good description of the
protocol workflow.</p>
-<p>Kerberos is named for the three-headed dog that guards the gates to Hades. The three
heads are the client, the Kerberos server, and the network service being accessed.</p>
+<p>The <strong>Kerberos</strong> server is a part of the <strong>Apache
Directory Server</strong> : it uses the <strong>LDAP</strong> server as
a backend, but has its own network layer. which makes it easy to install, compared to other
solutions where you have two components : a backend(typically an LDAP server) on one side,
and the Kerberos Server on the other.</p>
+<p>We also have decent GUI support for editing the configuration in Studio, which allows
administrators to tweak their server's functionality in a convenient way.</p>
+<p>The Kerberos server of Apache Directory implements RFC 1510 and RFC 4120, the Kerberos
V5 Network Authentication Service. The purpose of Kerberos is to verify the identities of
principals (users or services) on an unprotected network. While generally thought of as a
single-sign-on technology, Kerberos's true strength is in authenticating users without ever
sending their passwords over the network. Kerberos is designed for use in open (untrusted)
networks and, therefore, operates under the assumption that packets traveling along the network
can be read, modified, and inserted at will. This chart provides a good description of the
protocol workflow.</p>
+<p>Kerberos is named after the three-headed dog that guards the gates to Hades. The
three heads are the client, the Kerberos server, and the network service being accessed.</p>
 <h2 id="what-is-it-all-about">What is it all about ?</h2>
-<p>The isea is to have a server being able to deliver a user some tickets that can
be used by services. Those tickets are trusted for a certain period of time. The most important
point is that the service does not have to ask any server to validate those tickets : they
are trusted because they have been generated by a trusted server.</p>
-<p>This is a two rounds process :
-1 - The client request a Ticket to the Kerberos server
-2 - The client submit the ticket to the requested service</p>
+<p>The idea is to have a server being able to deliver a user some tickets that can
be used by services. Those tickets are trusted for a certain period of time. The most important
point is that the service does not have to ask any server to validate those tickets : they
are trusted because they have been generated by a trusted server.</p>
+<p>This is a two round process :
+1 - The client requests a Ticket to the Kerberos server
+2 - The client submits the ticket to the requested service</p>
 <p>The the client is authenticated.</p>
-<p>In any case, there is no way to fake an identity or to forge a ticket that can be
used, nor one can reuse a Ticket that has already been used.</p>
+<p>In any case, there is no way to fake an identity or to forge a ticket for accessing
a service, nor one can reuse a Ticket that has already been used.</p>
 <h2 id="apache-kerberos-server">Apache Kerberos Server</h2>
-<p>The Apache Directory Kerberos provider is implemented as a protocol-provider plugin.
As a plugin, the Kerberos provider leverages <strong>Apache MINA</strong> for
front-end services and the <strong>Apache Directory</strong> read-optimized backing
store for persistent directory services.</p>
-<p>The Kerberos server for Apache Directory, in conjunction with MINA and the Apache
Directory store, provides an easy-to-use yet fully-featured network authentication service.
As implemented within the Apache Directory, the Kerberos provder will provide:</p>
+<p>The Apache Directory Kerberos server uses <strong>Apache MINA</strong>
in networking layer and the <strong>Apache Directory</strong> as the backend
+for storing principals and associated keys.</p>
+<p>The Kerberos server provides:</p>
 <ul>
 <li>Authentication service</li>
 <li>Ticket-granting service</li>
-<li>Pre-authentication support</li>
-<li>DES encryption systems</li>
-<li>Triple-DES (DES3)</li>
-<li>UDP and TCP Support (MINA)</li>
+<li>Pre-authentication support(PA-ENC-TIMESTAMP)</li>
+<li>support for des-cbc-md5, des3-cbc-sha1-kd, aes128-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96
and rc4-hmac encryption systems</li>
+<li>UDP and TCP transports</li>
 </ul>
 
 



Mime
View raw message