directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r850733 - in /websites/staging/directory/trunk/content: ./ apacheds/kerberos-ug/ apacheds/kerberos-ug/images/
Date Fri, 15 Feb 2013 18:43:01 GMT
Author: buildbot
Date: Fri Feb 15 18:43:00 2013
New Revision: 850733

Log:
Staging update by buildbot for directory

Added:
    websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/enable-kerberos.png
  (with props)
    websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/ldap-config.png 
 (with props)
    websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/open-config.png 
 (with props)
Modified:
    websites/staging/directory/trunk/content/   (props changed)
    websites/staging/directory/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.html

Propchange: websites/staging/directory/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Fri Feb 15 18:43:00 2013
@@ -1 +1 @@
-1446711
+1446721

Modified: websites/staging/directory/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.html
(original)
+++ websites/staging/directory/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.html
Fri Feb 15 18:43:00 2013
@@ -149,6 +149,39 @@
 <p><DIV align="center">
 <img alt="authentication" src="images/authentication.png" />
 </DIV></p>
+<p>Once connected, right click on the connection :</p>
+<p><DIV align="center">
+<img alt="Open Configuration" src="images/open-config.png" />
+</DIV></p>
+<p>On the <strong>Overview</strong> tab, check the <strong>Enable
Kerberos Server</strong> box :</p>
+<p><DIV align="center">
+<img alt="Enable Kerberos Server" src="images/enable-kerberos.png" />
+</DIV></p>
+<h3 id="ldap-server-configuration">LDAP Server configuration</h3>
+<p>There are a few parameters that are to be set in the <strong>LDAP</strong>
configuration :</p>
+<div class="codehilite"><pre><span class="o">*</span> <span class="n">The</span>
<span class="n">_SASL</span> <span class="n">host_</span> <span
class="n">must</span> <span class="n">be</span> <span class="n">the</span>
<span class="nb">local</span> <span class="n">server</span> <span
class="n">name</span> <span class="p">(</span><span class="n">here</span><span
class="p">,</span> <span class="n">EXAMPLE</span><span class="o">.</span><span
class="n">COM</span><span class="p">)</span>
+<span class="o">*</span> <span class="n">The</span> <span class="n">_SASL</span>
<span class="n">principal_</span> <span class="n">is</span> <span
class="o">**</span><span class="n">ldap</span><span class="o">/</span><span
class="n">EXAMPLE</span><span class="o">.</span><span class="n">COM</span><span
class="nv">@EXAMPLE</span><span class="o">.</span><span class="n">COM</span><span
class="o">**</span>
+<span class="o">*</span> <span class="n">The</span> <span class="n">_Search</span>
<span class="n">Base</span> <span class="n">DN_</span> <span class="n">should</span>
<span class="n">point</span> <span class="n">to</span> <span class="n">the</span>
<span class="n">place</span> <span class="n">under</span> <span
class="n">which</span> <span class="n">we</span> <span class="n">store</span>
<span class="n">users</span> <span class="ow">and</span> <span
class="n">services</span> <span class="p">(</span><span class="n">_dc</span><span
class="o">=</span><span class="n">security</span><span class="p">,</span><span
class="n">dc</span><span class="o">=</span><span class="n">example</span><span
class="p">,</span><span class="n">dc</span><span class="o">=</span><span
class="n">com_</span><span class="p">)</span>
+</pre></div>
+
+
+<p>Here is a snapshot of this configuration :</p>
+<p><DIV align="center">
+<img alt="LDAP configuration" src="images/ldap-config.png" />
+</DIV></p>
+<h3 id="kerberos-server-configuration">Kerberos Server configuration</h3>
+<h3 id="other-configuration">Other configuration</h3>
+<p>There is one more thing that you need to configure : your domain name (here, <em>EXAMPLE.COM</em>)
has to be reachable on your machine. Either you define in on a <strong>DNS</strong>
server, or you can also add it in your <em>/etc/hosts</em> file.</p>
+<p>Here is a way to add it on a local host :</p>
+<div class="codehilite"><pre><span class="o">...</span>
+<span class="mf">127.0.0.1</span> <span class="n">localhost</span>
<span class="n">EXAMPLE</span><span class="o">.</span><span class="n">COM</span>
+<span class="o">...</span>
+</pre></div>
+
+
+<p><DIV class="warning" markdown="1">
+It's largely preferable to declare the server in a DNS.
+</DIV></p>
 <h2 id="ldap-hierarchy">LDAP Hierarchy</h2>
 <p>We will distinguish between <strong>users</strong> and <strong>services</strong>
:
 <em> Users are human beings, or applications that can log on a service
@@ -204,28 +237,27 @@ userPassword: secret
 The import thing is the <em>krb5PrincipalName</em>, which is the one that will
be used to bind the user. It has a user login (<strong>hnelson</strong>) and a
realm (<strong>EXAMPLE.COM</strong>).
 </DIV></p>
 <p>Once the user has been injected, we can see that the server has created some krb5Key
attributes :</p>
-<div class="codehilite"><pre>
+<div class="codehilite"><pre>dn: uid=hnelson,ou=users,dc=security,dc=example,dc=com
+objectClass: top
+objectClass: krb5KDCEntry
+objectClass: inetOrgPerson
+objectClass: krb5Principal
+objectClass: person
+objectClass: organizationalPerson
+cn: Horatio Nelson
+krb5KeyVersionNumber: 0
+krb5PrincipalName: hnelson@EXAMPLE.COM
+sn: Nelson
+krb5Key:: MBGgAwIBA6EKBAj0pxNkimHOWw==
+krb5Key:: MBmgAwIBEaESBBCtIUs4tp38yqzxXzRtQXuQ
+krb5Key:: MCGgAwIBEKEaBBhXB84pUpIsHIy/Q8I9j4xenoz3XT5KXiU=
+krb5Key:: MBmgAwIBF6ESBBCHjYAUYGzaKWd6RO+hNT/H
+uid: hnelson
+userPassword:: e1NTSEF9VnhjYUl4U3JxUnAraWh1dXo2NEhzN1EwbXE0ZHBBQTNsUHJXMGc9P
+ Q==
 </pre></div>
 
 
-<p>dn: uid=hnelson,ou=users,dc=security,dc=example,dc=com
-    objectClass: top
-    objectClass: krb5KDCEntry
-    objectClass: inetOrgPerson
-    objectClass: krb5Principal
-    objectClass: person
-    objectClass: organizationalPerson
-    cn: Horatio Nelson
-    krb5KeyVersionNumber: 0
-    krb5PrincipalName: hnelson@EXAMPLE.COM
-    sn: Nelson
-    krb5Key:: MBGgAwIBA6EKBAj0pxNkimHOWw==
-    krb5Key:: MBmgAwIBEaESBBCtIUs4tp38yqzxXzRtQXuQ
-    krb5Key:: MCGgAwIBEKEaBBhXB84pUpIsHIy/Q8I9j4xenoz3XT5KXiU=
-    krb5Key:: MBmgAwIBF6ESBBCHjYAUYGzaKWd6RO+hNT/H
-    uid: hnelson
-    userPassword:: e1NTSEF9VnhjYUl4U3JxUnAraWh1dXo2NEhzN1EwbXE0ZHBBQTNsUHJXMGc9P
-     Q== </p>
 <p>Those keys have been computed automatically by the Kerberos server. Every time you
will change the password, the keys will be updated.</p>
 <p>We can add as many users as we want, but keep in mind that the login name should
be the first part of the <strong>krb5PrincipalName</strong> attributeType.</p>
 <h3 id="services">Services</h3>
@@ -266,13 +298,13 @@ userPassword:: randomkey
 
 <p><DIV class="info" markdown="1">
 Three important things :</p>
-<div class="codehilite"><pre><span class="o">*</span> <span class="n">the</span>
<span class="n">userPassword</span> <span class="n">is</span> <span
class="s">&#39;randomkey&#39;</span><span class="o">.</span>
<span class="n">The</span> <span class="n">key</span> <span class="n">won</span><span
class="s">&#39;t be generated based on a know password, they will use a random key.</span>
-<span class="s">* the _krb5PrincipalName_ has one more information, after the &#39;</span><span
class="o">/</span><span class="err">&#39;</span> <span class="n">character</span>
<span class="p">:</span> <span class="n">_EXAMPLE</span><span class="o">.</span><span
class="n">COM_</span> <span class="k">for</span> <span class="n">the</span>
<span class="o">**</span><span class="n">krbtgt</span><span class="o">**</span>
<span class="n">service</span><span class="p">,</span> <span class="ow">and</span>
<span class="o">**</span><span class="n">localhost</span><span
class="o">**</span> <span class="k">for</span> <span class="n">the</span>
<span class="o">**</span><span class="n">ldap</span><span class="o">**</span>
<span class="n">service</span><span class="o">.</span>
+<div class="codehilite"><pre><span class="o">-</span> <span class="n">the</span>
<span class="n">userPassword</span> <span class="n">is</span> <span
class="s">&#39;randomkey&#39;</span><span class="o">.</span>
<span class="n">The</span> <span class="n">key</span> <span class="n">won</span><span
class="s">&#39;t be generated based on a know password, they will use a random key.</span>
+<span class="s">- the _krb5PrincipalName_ has one more information, after the &#39;</span><span
class="o">/</span><span class="err">&#39;</span> <span class="n">character</span>
<span class="p">:</span> <span class="n">_EXAMPLE</span><span class="o">.</span><span
class="n">COM_</span> <span class="k">for</span> <span class="n">the</span>
<span class="o">**</span><span class="n">krbtgt</span><span class="o">**</span>
<span class="n">service</span><span class="p">,</span> <span class="ow">and</span>
<span class="o">**</span><span class="n">localhost</span><span
class="o">**</span> <span class="k">for</span> <span class="n">the</span>
<span class="o">**</span><span class="n">ldap</span><span class="o">**</span>
<span class="n">service</span><span class="o">.</span>
 </pre></div>
 
 
 <p></DIV></p>
-<p>Again, once those entries have been injected in the LDAP server, the krb5Key attributeTypes
will be created</p>
+<p>Again, once those entries have been injected in the LDAP server, the <em>krb5Key</em>
attributeTypes will be created</p>
 <h2></h2>
 
 

Added: websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/enable-kerberos.png
==============================================================================
Binary file - no diff available.

Propchange: websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/enable-kerberos.png
------------------------------------------------------------------------------
    svn:mime-type = image/png

Added: websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/ldap-config.png
==============================================================================
Binary file - no diff available.

Propchange: websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/ldap-config.png
------------------------------------------------------------------------------
    svn:mime-type = image/png

Added: websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/open-config.png
==============================================================================
Binary file - no diff available.

Propchange: websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/open-config.png
------------------------------------------------------------------------------
    svn:mime-type = image/png



Mime
View raw message