From commits-return-35995-apmail-directory-commits-archive=directory.apache.org@directory.apache.org Sat Feb 9 09:22:33 2013 Return-Path: X-Original-To: apmail-directory-commits-archive@www.apache.org Delivered-To: apmail-directory-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 321ADE1C1 for ; Sat, 9 Feb 2013 09:22:33 +0000 (UTC) Received: (qmail 51200 invoked by uid 500); 9 Feb 2013 09:22:30 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 51125 invoked by uid 500); 9 Feb 2013 09:22:30 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 51026 invoked by uid 99); 9 Feb 2013 09:22:28 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 09 Feb 2013 09:22:28 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 09 Feb 2013 09:22:26 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id F1B3E2388B75 for ; Sat, 9 Feb 2013 09:22:07 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r849999 - in /websites/staging/directory/trunk/content: ./ apacheds/kerberos-ug/1.1.4-kdc.html apacheds/kerberos-ug/images/kerberos-auth.graphml apacheds/kerberos-ug/images/kerberos-auth.png Date: Sat, 09 Feb 2013 09:22:07 -0000 To: commits@directory.apache.org From: buildbot@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20130209092207.F1B3E2388B75@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: buildbot Date: Sat Feb 9 09:22:07 2013 New Revision: 849999 Log: Staging update by buildbot for directory Added: websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.1.4-kdc.html websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/kerberos-auth.graphml (with props) websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/kerberos-auth.png (with props) Modified: websites/staging/directory/trunk/content/ (props changed) Propchange: websites/staging/directory/trunk/content/ ------------------------------------------------------------------------------ --- cms:source-revision (original) +++ cms:source-revision Sat Feb 9 09:22:07 2013 @@ -1 +1 @@ -1444341 +1444345 Added: websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.1.4-kdc.html ============================================================================== --- websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.1.4-kdc.html (added) +++ websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.1.4-kdc.html Sat Feb 9 09:22:07 2013 @@ -0,0 +1,187 @@ + + + + + 1.1.4 - KDC (Key Distribution Center) — Apache Directory + + + + + + + + + + + + +
+ +
+
+ + + +
+
+ + + + + +

1.1.4 - KDC (Key Distribution Center)

+

The KDC contains three components : + the Authentication Server + the database (ApacheDS) +* and the Ticket Granting Server

+

The KDC role is to distribute tickets and to authenticate users, based on the informations stored into its database.

+

In some way, the Apache Kerberos Server is a KDC.

+

+We could allow the Kerberos Server to manage more than one KDC, but this is not currently possible. +

+

The KDC is associated with a Realm.

+

The following schema expose the way the KDC works :

+

+KDC usage +

+

In order to use a service, the client will grab a ticket for this service on the KDC. This requires a two steps process, where the client first authenticate, and then get back a ticket to use with the targeted server.

+

In the previous schema, the TGS is a service that will expect a Ticket to be delivered in order to generate new tickets for any other services. It can sound weird that the authentication process does not deliver a Ticket for the targeted server, but there is no reason for the Autehntication Server to be the same server than the Ticket Granting Server.

+ + + + + +
+
+
+ +
+ + \ No newline at end of file Added: websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/kerberos-auth.graphml ============================================================================== Binary file - no diff available. Propchange: websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/kerberos-auth.graphml ------------------------------------------------------------------------------ svn:mime-type = application/xml Added: websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/kerberos-auth.png ============================================================================== Binary file - no diff available. Propchange: websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/kerberos-auth.png ------------------------------------------------------------------------------ svn:mime-type = image/png