Author: buildbot Date: Thu Feb 7 11:15:26 2013 New Revision: 849719 Log: Staging update by buildbot for directory Added: websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.1-introduction.html Modified: websites/staging/directory/trunk/content/ (props changed) Propchange: websites/staging/directory/trunk/content/ ------------------------------------------------------------------------------ --- cms:source-revision (original) +++ cms:source-revision Thu Feb 7 11:15:26 2013 @@ -1 +1 @@ -1443408 +1443413 Added: websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.1-introduction.html ============================================================================== --- websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.1-introduction.html (added) +++ websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.1-introduction.html Thu Feb 7 11:15:26 2013 @@ -0,0 +1,196 @@ + + + + + 1.1 - Introduction — Apache Directory + + + + + + + + + + + + +
+ +
+
+ + + +
+
+ + + + + +

Table of content

+ +

1.1 - Introduction

+

The Kerberos server is one part of the Apache Directory Server : it uses the LDAP server as a backend, but has its own separate network layer. It makes it easy to install, compared to other solutions where you have two components : a LDAP server o one side, and the Kerberos Server on the other.

+

We also have a complete configuration GUI in Studio, which allows administrators to tweak their server in a convenient way.

+

The Kerberos provider for Apache Directory implements RFC 1510 and RFC 4120 , the Kerberos V5 Network Authentication Service. The purpose of Kerberos is to verify the identities of principals (users or services) on an unprotected network. While generally thought of as a single-sign-on technology, Kerberos' true strength is in authenticating users without ever sending their password over the network. Kerberos is designed for use on open (untrusted) networks and, therefore, operates under the assumption that packets traveling along the network can be read, modified, and inserted at will. This chart provides a good description of the protocol workflow.

+

Kerberos is named for the three-headed dog that guards the gates to Hades. The three heads are the client, the Kerberos server, and the network service being accessed.

+

The Apache Directory Kerberos provider is implemented as a protocol-provider plugin. As a plugin, the Kerberos provider leverages Apache MINA for front-end services and the Apache Directory read-optimized backing store for persistent directory services.

+

The Kerberos server for Apache Directory, in conjunction with MINA and the Apache Directory store, provides an easy-to-use yet fully-featured network authentication service. As implemented within the Apache Directory, the Kerberos provder will provide:

+
    +
  • Authentication service
  • +
  • Ticket-granting service
  • +
  • Pre-authentication support
  • +
  • DES encryption systems
  • +
  • Triple-DES (DES3)
  • +
  • UDP and TCP Support (MINA)
  • +
+ + + + + +
+
+
+ +
+ + \ No newline at end of file