Return-Path: X-Original-To: apmail-directory-commits-archive@www.apache.org Delivered-To: apmail-directory-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id BAF9FE78E for ; Thu, 7 Feb 2013 10:37:56 +0000 (UTC) Received: (qmail 45576 invoked by uid 500); 7 Feb 2013 10:37:56 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 45518 invoked by uid 500); 7 Feb 2013 10:37:56 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 45509 invoked by uid 99); 7 Feb 2013 10:37:56 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 07 Feb 2013 10:37:56 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 07 Feb 2013 10:37:53 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id E840923889D7 for ; Thu, 7 Feb 2013 10:37:34 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r849709 - in /websites/staging/directory/trunk/content: ./ apacheds/kerberos-ug/1.3.3-standards.html apacheds/kerberos-user-guide.html Date: Thu, 07 Feb 2013 10:37:34 -0000 To: commits@directory.apache.org From: buildbot@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20130207103734.E840923889D7@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: buildbot Date: Thu Feb 7 10:37:34 2013 New Revision: 849709 Log: Staging update by buildbot for directory Added: websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.3.3-standards.html Modified: websites/staging/directory/trunk/content/ (props changed) websites/staging/directory/trunk/content/apacheds/kerberos-user-guide.html Propchange: websites/staging/directory/trunk/content/ ------------------------------------------------------------------------------ --- cms:source-revision (original) +++ cms:source-revision Thu Feb 7 10:37:34 2013 @@ -1 +1 @@ -1443113 +1443391 Added: websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.3.3-standards.html ============================================================================== --- websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.3.3-standards.html (added) +++ websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.3.3-standards.html Thu Feb 7 10:37:34 2013 @@ -0,0 +1,207 @@ + + + + + 1.3.3 - Standards — Apache Directory + + + + + + + + + + + + +
+ +
+
+ + + +
+
+ + +
+
+ + 1.3.2 - Microsoft compatibility + +
+
+ + 1.3 - Resources + +
+
+ + 2 - Kerberos Configuration + +
+
+
+ + +

1.3.3 - Standards

+

The Kerberos Protocol is based on public RFCs. There is also a Kerberos woking group at the IETF, you can check this page.

+

Obsoleted RFCs

+
    +
  • RFC 1510 - The Kerberos Network Authentication Service (V5) (Obsoleted by 4120, 6649)
    • +
+

Valid RFS and updates

+
    +
  • RFC 1964 - The Kerberos Version 5 GSS-API Mechanism (updated by 4121, 6649)
    • +
  • RFC 3961 - Encryption and Checksum Specifications for Kerberos 5
    • +
  • RFC 3962 - Advanced Encryption Standard (AES) Encryption for Kerberos 5
    • +
  • RFC 4120 - The Kerberos Network Authentication Service (V5) (Updated by 4537, 5021, 5896, 6111, 6112, 6113, 6649, 6806)
    • +
  • RFC 4121 - The Kerberos Generic Security Service Application Program Interface (GSS-API) Mechanism: Version 2 (Updated by 6112, 6542, 6649)
    • +
  • RFC 4537 - Kerberos Cryptosystem Negotiation Extension
    • +
  • RFC 4556 - Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) (updated by 6612)
    • +
  • RFC 4557 - Online Certificate Status Protocol (OCSP) Support for Public Key Cryptography for Initial Authentication in Kerberos (PKINIT)
    • +
  • RFC 4757 - The RC4-HMAC Kerberos Encryption Types Used by Microsoft Windows (updated by 6649)
    • +
  • RFC 5021 - Extended Kerberos Version 5 Key Distribution Center (KDC) Exchanges over TCP
    • +
  • RFC 5349 - Elliptic Curve Cryptography (ECC) Support for Public Key Cryptography for Initial Authentication in Kerberos (PKINIT)
    • +
  • RFC 5868 - Problem Statement on the Cross-Realm Operation of Kerberos
    • +
  • RFC 5896 - Generic Security Service Application Program Interface (GSS-API): Delegate if Approved by Policy
    • +
  • RFC 6111 - Additional Kerberos Naming Constraints
    • +
  • RFC 6112 - Anonymity Support for Kerberos
    • +
  • RFC 6113 - A Generalized Framework for Kerberos Pre-Authentication
    • +
  • RFC 6251 - Using Kerberos Version 5 over the Transport Layer Security (TLS) Protocol
    • +
  • RFC 6448 - The Unencrypted Form of Kerberos 5 KRB-CRED Message
    • +
  • RFC 6542 - Kerberos Version 5 Generic Security Service Application Program Interface (GSS-API) Channel Binding Hash Agility
    • +
  • RFC 6560 - One-Time Password (OTP) Pre-Authentication
    • +
  • RFC 6649 - Deprecate DES, RC4-HMAC-EXP, and Other Weak Cryptographic Algorithms in Kerberos
    • +
  • RFC 6784 - Kerberos Options for DHCPv6
    • +
  • RFC 6803 - Camellia Encryption for Kerberos 5
    • +
  • RFC 6806 - Kerberos Principal Name Canonicalization and Cross-Realm Referrals
    • +
+

Here are some drafts :

+

draft-ietf-krb-wg-cammac - Kerberos Authorization Data Container Authenticated by Multiple MACs +draft-ietf-krb-wg-kdc-model - An information model for Kerberos version 5 +draft-ietf-krb-wg-pkinit-alg-agility - PKINIT Algorithm Agility

+ + +
+
+ + 1.3.2 - Microsoft compatibility + +
+
+ + 1.3 - Resources + +
+
+ + 2 - Kerberos Configuration + +
+
+
+ + +
+
+
+ +
+ + \ No newline at end of file Modified: websites/staging/directory/trunk/content/apacheds/kerberos-user-guide.html ============================================================================== --- websites/staging/directory/trunk/content/apacheds/kerberos-user-guide.html (original) +++ websites/staging/directory/trunk/content/apacheds/kerberos-user-guide.html Thu Feb 7 10:37:34 2013 @@ -123,26 +123,36 @@

ApacheDS is not only a LDAP server, it also support the Kerberos Protocl, and is a KDC (Key DIstribution Center), containing a TGS (Ticket Granting Server) and a AS (Authentication Server).

This guide will describe how it works.

Table of content

-

' 1. What is Kerberos - * 1.1 - Introduction - * 1.1.1 - Realms - * 1.1.2 - Principal - * 1.1.3 - Keys - * 1.1.4 - KDC (Key Distribution Center) - * 1.1.5 - Database - * 1.1.6 - AS (Authentication Server) - * 1.1.7 - TGS (Ticket Granting Server) - * 1.1.8 - Tickets - * 1.2 - More Information - * 1.3 - Resources - * 1.3.1 - Kerberos Articles - * 1.3.2 - Microsoft compatibility - * 1.3.3 - Standards - 2. Kerberos Configuration - * 2.1 - LDAP server configuration - * 2.2 - Kerberos server configuration - * 2.3 - Kerberos and Unlimited Strength Policy -'

+