Author: buildbot Date: Thu Feb 7 10:37:34 2013 New Revision: 849709 Log: Staging update by buildbot for directory Added: websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.3.3-standards.html Modified: websites/staging/directory/trunk/content/ (props changed) websites/staging/directory/trunk/content/apacheds/kerberos-user-guide.html Propchange: websites/staging/directory/trunk/content/ ------------------------------------------------------------------------------ --- cms:source-revision (original) +++ cms:source-revision Thu Feb 7 10:37:34 2013 @@ -1 +1 @@ -1443113 +1443391 Added: websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.3.3-standards.html ============================================================================== --- websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.3.3-standards.html (added) +++ websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.3.3-standards.html Thu Feb 7 10:37:34 2013 @@ -0,0 +1,207 @@ + + + + + 1.3.3 - Standards — Apache Directory + + + + + + + + + + + + +
+ +
+
+ + + +
+
+ + + + + +

1.3.3 - Standards

+

The Kerberos Protocol is based on public RFCs. There is also a Kerberos woking group at the IETF, you can check this page.

+

Obsoleted RFCs

+
    +
  • RFC 1510 - The Kerberos Network Authentication Service (V5) (Obsoleted by 4120, 6649)
  • +
+

Valid RFS and updates

+
    +
  • RFC 1964 - The Kerberos Version 5 GSS-API Mechanism (updated by 4121, 6649)
  • +
  • RFC 3961 - Encryption and Checksum Specifications for Kerberos 5
  • +
  • RFC 3962 - Advanced Encryption Standard (AES) Encryption for Kerberos 5
  • +
  • RFC 4120 - The Kerberos Network Authentication Service (V5) (Updated by 4537, 5021, 5896, 6111, 6112, 6113, 6649, 6806)
  • +
  • RFC 4121 - The Kerberos Generic Security Service Application Program Interface (GSS-API) Mechanism: Version 2 (Updated by 6112, 6542, 6649)
  • +
  • RFC 4537 - Kerberos Cryptosystem Negotiation Extension
  • +
  • RFC 4556 - Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) (updated by 6612)
  • +
  • RFC 4557 - Online Certificate Status Protocol (OCSP) Support for Public Key Cryptography for Initial Authentication in Kerberos (PKINIT)
  • +
  • RFC 4757 - The RC4-HMAC Kerberos Encryption Types Used by Microsoft Windows (updated by 6649)
  • +
  • RFC 5021 - Extended Kerberos Version 5 Key Distribution Center (KDC) Exchanges over TCP
  • +
  • RFC 5349 - Elliptic Curve Cryptography (ECC) Support for Public Key Cryptography for Initial Authentication in Kerberos (PKINIT)
  • +
  • RFC 5868 - Problem Statement on the Cross-Realm Operation of Kerberos
  • +
  • RFC 5896 - Generic Security Service Application Program Interface (GSS-API): Delegate if Approved by Policy
  • +
  • RFC 6111 - Additional Kerberos Naming Constraints
  • +
  • RFC 6112 - Anonymity Support for Kerberos
  • +
  • RFC 6113 - A Generalized Framework for Kerberos Pre-Authentication
  • +
  • RFC 6251 - Using Kerberos Version 5 over the Transport Layer Security (TLS) Protocol
  • +
  • RFC 6448 - The Unencrypted Form of Kerberos 5 KRB-CRED Message
  • +
  • RFC 6542 - Kerberos Version 5 Generic Security Service Application Program Interface (GSS-API) Channel Binding Hash Agility
  • +
  • RFC 6560 - One-Time Password (OTP) Pre-Authentication
  • +
  • RFC 6649 - Deprecate DES, RC4-HMAC-EXP, and Other Weak Cryptographic Algorithms in Kerberos
  • +
  • RFC 6784 - Kerberos Options for DHCPv6
  • +
  • RFC 6803 - Camellia Encryption for Kerberos 5
  • +
  • RFC 6806 - Kerberos Principal Name Canonicalization and Cross-Realm Referrals
  • +
+

Here are some drafts :

+

draft-ietf-krb-wg-cammac - Kerberos Authorization Data Container Authenticated by Multiple MACs +draft-ietf-krb-wg-kdc-model - An information model for Kerberos version 5 +draft-ietf-krb-wg-pkinit-alg-agility - PKINIT Algorithm Agility

+ + + + + +
+
+
+ +
+ + \ No newline at end of file Modified: websites/staging/directory/trunk/content/apacheds/kerberos-user-guide.html ============================================================================== --- websites/staging/directory/trunk/content/apacheds/kerberos-user-guide.html (original) +++ websites/staging/directory/trunk/content/apacheds/kerberos-user-guide.html Thu Feb 7 10:37:34 2013 @@ -123,26 +123,36 @@

ApacheDS is not only a LDAP server, it also support the Kerberos Protocl, and is a KDC (Key DIstribution Center), containing a TGS (Ticket Granting Server) and a AS (Authentication Server).

This guide will describe how it works.

Table of content

-

' 1. What is Kerberos - * 1.1 - Introduction - * 1.1.1 - Realms - * 1.1.2 - Principal - * 1.1.3 - Keys - * 1.1.4 - KDC (Key Distribution Center) - * 1.1.5 - Database - * 1.1.6 - AS (Authentication Server) - * 1.1.7 - TGS (Ticket Granting Server) - * 1.1.8 - Tickets - * 1.2 - More Information - * 1.3 - Resources - * 1.3.1 - Kerberos Articles - * 1.3.2 - Microsoft compatibility - * 1.3.3 - Standards - 2. Kerberos Configuration - * 2.1 - LDAP server configuration - * 2.2 - Kerberos server configuration - * 2.3 - Kerberos and Unlimited Strength Policy -'

+