Author: buildbot Date: Thu Feb 7 15:28:16 2013 New Revision: 849768 Log: Staging update by buildbot for directory Added: websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.1.1-realms.html websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/ websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/kerberos-realm-config.png (with props) Modified: websites/staging/directory/trunk/content/ (props changed) websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.1-introduction.html Propchange: websites/staging/directory/trunk/content/ ------------------------------------------------------------------------------ --- cms:source-revision (original) +++ cms:source-revision Thu Feb 7 15:28:16 2013 @@ -1 +1 @@ -1443415 +1443554 Modified: websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.1-introduction.html ============================================================================== --- websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.1-introduction.html (original) +++ websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.1-introduction.html Thu Feb 7 15:28:16 2013 @@ -125,12 +125,12 @@
@@ -173,12 +173,12 @@
Added: websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.1.1-realms.html ============================================================================== --- websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.1.1-realms.html (added) +++ websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.1.1-realms.html Thu Feb 7 15:28:16 2013 @@ -0,0 +1,191 @@ + + + + + 1.1.1 - Realms — Apache Directory + + + + + + + + + + + + +
+ +
+
+ + + +
+
+ + + + + +

Realms

+

A Realm is associated with a Kerberos administrative domain. In other words, it covers everything the Kerberos server manage : + Users + Services

+

Note that if a Kerberos Server manage one Realm only, a Realm can be managed by more than one Kerberos server : this is mandatory to avoid created a single point of failure, if the Kerberos server halts for any reason. Usually, the Kerberos servers are sharing the database - or in our case, the database is being replicated between the Kerberos Servers.

+

Realm name

+

In order to distinguish the Realms, we give them a unique name. This name can be anything, but a convention is to use the DNS name of the Kerberos server, and to use uppercase.

+

For instance, say that th Kerberos server is installed on a machine which domain name is apache.org, then we will use APACHE.ORG as the Realm name (but you could have used Apache.org or even MyApacheDomain).

+

+Note that the name is case sensitive. apache.org is a different realm than APACHE.ORG. +

+

The Realm name wil be used all over Kerberos to name Principals and Services

+

Default Realm for ApacheDS Kerberos Server

+

When you set up an ApacheDS Kerberos Server, the Realm name is set to EXAMPLE.COM. This can be changed either through Studio, by accessing the server configuration and changing the 'Primary KDC Realm', as show in this picture :

+

Kerberos Realm Configuration

+

or by modifying the LDIF configuration directly, by modifying the following entry :

+
dn: ads-serverId=kerberosServer,ou=servers,ads-directoryServiceId=default,ou=config
+...
+ads-krbprimaryrealm: EXAMPLE.COM
+...
+
+ + + + + +
+
+
+ +
+ + \ No newline at end of file Added: websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/kerberos-realm-config.png ============================================================================== Binary file - no diff available. Propchange: websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/kerberos-realm-config.png ------------------------------------------------------------------------------ svn:mime-type = image/png