directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r1446490 - in /directory/site/trunk/content/apacheds/kerberos-ug: 2-kerberos-config.mdtext 3-kerberos-admin.mdtext 4-using-kerberos.mdtext 4.1-authenticate-kinit.mdtext 4.2-authenticate-studio.mdtext
Date Fri, 15 Feb 2013 10:07:50 GMT
Author: elecharny
Date: Fri Feb 15 10:07:49 2013
New Revision: 1446490

URL: http://svn.apache.org/r1446490
Log:
Added some new pages

Added:
    directory/site/trunk/content/apacheds/kerberos-ug/2-kerberos-config.mdtext
    directory/site/trunk/content/apacheds/kerberos-ug/3-kerberos-admin.mdtext
    directory/site/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.mdtext
Modified:
    directory/site/trunk/content/apacheds/kerberos-ug/4-using-kerberos.mdtext
    directory/site/trunk/content/apacheds/kerberos-ug/4.1-authenticate-kinit.mdtext

Added: directory/site/trunk/content/apacheds/kerberos-ug/2-kerberos-config.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/kerberos-ug/2-kerberos-config.mdtext?rev=1446490&view=auto
==============================================================================
--- directory/site/trunk/content/apacheds/kerberos-ug/2-kerberos-config.mdtext (added)
+++ directory/site/trunk/content/apacheds/kerberos-ug/2-kerberos-config.mdtext Fri Feb 15
10:07:49 2013
@@ -0,0 +1,34 @@
+Title: 2 - Kerberos Configuration
+NavPrev: 1-kerberos.html
+NavPrevText: 1 - What is Kerberos ?
+NavUp: ../kerberos-user-guide.html
+NavUpText: Kerberos User Guide
+NavNext: 3-admin.html
+NavNextText: 3 - Kerberos administration
+Notice: Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+    .
+    http://www.apache.org/licenses/LICENSE-2.0
+    .
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+
+## Table of content
+    
+* [2.1 - Installing the server](2.1-installing.html)
+* [2.2 - LDAP server configuration](2.2-ldap-server-config.html)
+* [2.3 - Kerberos server configuration](2.3-kerberos-server-config.html)
+* [2.4 - Kerberos and Unlimited Strength Policy](2.4-kerberos-ulp.html)
+* [2.5 - PKINIT](2.5-pkinit.html)
+* [2.6 - Cross Realm](2.6-cross-realm.html)
+
+# 2 - Kerberos Configuration

Added: directory/site/trunk/content/apacheds/kerberos-ug/3-kerberos-admin.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/kerberos-ug/3-kerberos-admin.mdtext?rev=1446490&view=auto
==============================================================================
--- directory/site/trunk/content/apacheds/kerberos-ug/3-kerberos-admin.mdtext (added)
+++ directory/site/trunk/content/apacheds/kerberos-ug/3-kerberos-admin.mdtext Fri Feb 15 10:07:49
2013
@@ -0,0 +1,34 @@
+Title: 3 - Kerberos administration
+NavPrev: 2-kerberos-config.html
+NavPrevText: 2 - Kerberos Configuration
+NavUp: ../kerberos-user-guide.html
+NavUpText: Kerberos User Guide
+NavNext: 4-using-kerberos.html
+NavNextText: 4 - Using Kerberos
+Notice: Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+    .
+    http://www.apache.org/licenses/LICENSE-2.0
+    .
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+
+## Table of content
+
+* [3.1 - Starting and Stopping the server](3.1-start-stop.html)
+* [3.2 - Managing Clients and Services](3.2-managing-clients-services.html)
+* [3.3 - Changing passwords](3.3-change-password.html)
+* [3.4 - Logs](3.4-logs.html)
+* [3.5 - Replication](3.5-replication.html)
+* [3.6 - Backup/Restore](3.6-backup-restore.html)
+
+# 3 - Kerberos administration

Modified: directory/site/trunk/content/apacheds/kerberos-ug/4-using-kerberos.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/kerberos-ug/4-using-kerberos.mdtext?rev=1446490&r1=1446489&r2=1446490&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/kerberos-ug/4-using-kerberos.mdtext (original)
+++ directory/site/trunk/content/apacheds/kerberos-ug/4-using-kerberos.mdtext Fri Feb 15 10:07:49
2013
@@ -27,7 +27,7 @@ Notice: Licensed to the Apache Software 
 * [4.1 - Authenticate with kinit on Linux](4.1-authenticate-kinit.html)
 * [4.2 - Authenticate with Studio](4.2-authenticate-studio.html)
 
-# 1 - Using Kerberos
+# 4 - Using Kerberos
 
 We will now describe how to use kerberos, namely how to obtain tickets.
 

Modified: directory/site/trunk/content/apacheds/kerberos-ug/4.1-authenticate-kinit.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/kerberos-ug/4.1-authenticate-kinit.mdtext?rev=1446490&r1=1446489&r2=1446490&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/kerberos-ug/4.1-authenticate-kinit.mdtext (original)
+++ directory/site/trunk/content/apacheds/kerberos-ug/4.1-authenticate-kinit.mdtext Fri Feb
15 10:07:49 2013
@@ -2,7 +2,7 @@ Title: 4.1 - Authenticate with kinit on 
 NavPrev: 4-using-kerberos
 NavPrevText: 4 - Using Kerberos
 NavUp: 4-using-kerberos.html
-NavUpText: 1 - Using Kerberos
+NavUpText: 4 - Using Kerberos
 NavNext: 4.2-authenticate-studio.html
 NavNextText: 4.2 - Authenticate with Studio
 Notice: Licensed to the Apache Software Foundation (ASF) under one
@@ -22,4 +22,81 @@ Notice: Licensed to the Apache Software 
     specific language governing permissions and limitations
     under the License.
 
+# 4.1 - Authenticate with kinit on Linux
 
+##Setup
+
+You first have to kake sure **kinit** is installed.
+
+You can check that by typinhg **kinit** in a console :
+
+    :::text
+    $ kinit --version
+    kinit (Heimdal 1.4.1apple1)
+    Copyright 1995-2010 Kungliga Tekniska Högskolan
+    Send bug-reports to heimdal-bugs@h5l.org
+    $
+
+Then, you have to configure the **krb5.conf** file (it can be found in **/etc/krb5.conf**,
if not just add it).
+
+
+A minimal /etc/krb5.conf file looks as follows (make sure the port and host name matches!):
+
+    :::text
+    [libdefaults]
+        default_realm = EXAMPLE.COM
+
+    [realms]
+        EXAMPLE.COM = {
+                kdc = localhost:60088
+        }
+
+    [domain_realm]
+        .example.com = EXAMPLE.COM
+        example.com = EXAMPLE.COM
+      
+
+Check that the **Kerberos** sevrer is started, then try to get a ticket from a user that
exists in the base (here, we use hnelson, which is a user we created for test purposes. His
password is 'secret')
+
+    :::text
+    $ kinit hnelson@EXAMPLE.COM
+    Password for hnelson@EXAMPLE.COM:
+    $
+
+You should not get any error. If you've get some, see later in this chapter.
+
+Now, let's check that we have correctly obtained a ticket. We will use the **klist** tool
for that :
+
+    :::text
+    $ klist -v
+    Credentials cache: API:501:9
+            Principal: hnelson@EXAMPLE.COM
+        Cache version: 0
+
+    Server: krbtgt/EXAMPLE.COM@EXAMPLE.COM
+    Client: hnelson@EXAMPLE.COM
+    Ticket etype: aes128-cts-hmac-sha1-96
+    Ticket length: 256
+    Auth time:  Feb 11 16:11:36 2013
+    End time:   Feb 12 02:11:22 2013
+    Renew till: Feb 18 16:11:36 2013
+    Ticket flags: pre-authent, initial, renewable, forwardable
+    Addresses: addressless
+    $
+
+As we can see, we have obtained a ticket which will expire 6 hours after its creation, which
can be renexed for 7 days, encrypted using AES-128 algorithm, ticket that can be used by the
**TGS**.
+
+All is good !     
+
+## Troubleshooting
+
+So it does not work...
+
+There are many possible reason why you can't get a ticket.
+
+### kinit: krb5_get_init_creds: unable to reach any KDC in realm EXAMPLE.COM
+
+Such a error says that the server is not reachable. Check those points :
+
+* Is the server started ?
+* Is the EXAMPLE.COM domain declared in your DNS (or /etc/hosts file) ?

Added: directory/site/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.mdtext?rev=1446490&view=auto
==============================================================================
--- directory/site/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.mdtext (added)
+++ directory/site/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.mdtext Fri Feb
15 10:07:49 2013
@@ -0,0 +1,25 @@
+Title: 4.2 - Authenticate with Studio
+NavPrev: 4.1-authenticate-kinit.html
+NavPrevText: 4.1 - Authenticate with kinit on Linux
+NavUp: 4-using-kerberos.html
+NavUpText: 4 - Using Kerberos
+NavNext: 5-interoperability.html
+NavNextText: 5 - Interoperability
+Notice: Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+    .
+    http://www.apache.org/licenses/LICENSE-2.0
+    .
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+
+# 4.1 - Authenticate with kinit on Linux



Mime
View raw message