Return-Path: X-Original-To: apmail-directory-commits-archive@www.apache.org Delivered-To: apmail-directory-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id AAEE1E064 for ; Mon, 18 Feb 2013 14:20:00 +0000 (UTC) Received: (qmail 46304 invoked by uid 500); 18 Feb 2013 14:20:00 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 46162 invoked by uid 500); 18 Feb 2013 14:19:56 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 46133 invoked by uid 99); 18 Feb 2013 14:19:55 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 18 Feb 2013 14:19:55 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 18 Feb 2013 14:19:52 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 19411238890B; Mon, 18 Feb 2013 14:19:33 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1447269 - in /directory/site/trunk/content/apacheds/kerberos-ug: 4.2-authenticate-studio.mdtext images/kerberos-authent.png images/kerberos-config.png images/network-parameters.png images/new-connection.png Date: Mon, 18 Feb 2013 14:19:33 -0000 To: commits@directory.apache.org From: elecharny@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20130218141933.19411238890B@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: elecharny Date: Mon Feb 18 14:19:32 2013 New Revision: 1447269 URL: http://svn.apache.org/r1447269 Log: Added some images and doc Added: directory/site/trunk/content/apacheds/kerberos-ug/images/kerberos-authent.png (with props) directory/site/trunk/content/apacheds/kerberos-ug/images/network-parameters.png (with props) directory/site/trunk/content/apacheds/kerberos-ug/images/new-connection.png (with props) Modified: directory/site/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.mdtext directory/site/trunk/content/apacheds/kerberos-ug/images/kerberos-config.png Modified: directory/site/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.mdtext URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.mdtext?rev=1447269&r1=1447268&r2=1447269&view=diff ============================================================================== --- directory/site/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.mdtext (original) +++ directory/site/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.mdtext Mon Feb 18 14:19:32 2013 @@ -208,39 +208,86 @@ Here is the associated LDIF file : :::text dn: uid=ldap,ou=services,dc=security,dc=example,dc=com objectClass: top - objectClass: inetOrgPerson + objectClass: organizationalUnit objectClass: krb5KDCEntry - objectClass: person + objectClass: uidObject objectClass: krb5Principal - objectClass: organizationalPerson - cn: LDAP krb5KeyVersionNumber: 0 krb5PrincipalName: ldap/localhost@EXAMPLE.COM - sn: Service uid: ldap userPassword: randomKey + ou: TGT dn: uid=krbtgt,ou=services,dc=security,dc=example,dc=com objectClass: top - objectClass: inetOrgPerson + objectClass: organizationalUnit objectClass: krb5KDCEntry - objectClass: person + objectClass: uidObject objectClass: krb5Principal - objectClass: organizationalPerson - cn: KDC Service krb5KeyVersionNumber: 0 krb5PrincipalName: krbtgt/EXAMPLE.COM@EXAMPLE.COM - sn: Service uid: krbtgt userPassword:: randomkey + ou: LDAP
Three important things : - the userPassword is 'randomkey'. The key won't be generated based on a know password, they will use a random key. - - the _krb5PrincipalName_ has one more information, after the '/' character : _EXAMPLE.COM_ for the **krbtgt** service, and **localhost** for the **ldap** service. + - the _krb5PrincipalName_ has one more information, after the / character : _EXAMPLE.COM_ for + the **krbtgt** service, and **localhost** for the **ldap** service. + - the krb5KeyVersionNumber is 0
Again, once those entries have been injected in the LDAP server, the _krb5Key_ attributeTypes will be created ## Login using Studio + +Now that the server is set, and the services and users are stored into it, we can create a new connection using the Kerberos authentication for the created users. + +### Create a new connection + +On the "Connections" tab, right click and select 'New Connection...' + +
+![New Connection](images/new-connection.png) +
+ +You will now have to set the network parameters, as in the following popup. Typically, set : + + * The connection name (here, **Kerberos User**) + * The LDAP server host (**localhost**) + * The LDAP server port (**10389**) + * The Provider (pick **Apache Directory LDAP Client API**) + +You can check the connection on cliking the 'check network connection' button, you should get back a popup stating that the connection was established successfully. + +Here is the screenshot : + + +
+![Network Parameters](images/network-parameters.png) +
+ +Then click on Next to setup the authentication part. +Select the following parameters and values : + + * Authentication method : **GSSAPI** + * Bind DN : the user name (here, **hnelson**) + * Bind password : here, **secret** + * Don't change anything in the SASL settings + * Kerberos settings + * Obtain TGT from KDC + * Use following configuration : + * Kerberos Realm : **EXAMPLE.COM** + * KDC Host : **localhost** + * KDC port : ** 60088** + +Here is the resulting screen : + +
+![Kerberos authentification](images/kerberos-authent.png) +
+ +Clinking in the 'Check Authentication' buton should be succesful. + Added: directory/site/trunk/content/apacheds/kerberos-ug/images/kerberos-authent.png URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/kerberos-ug/images/kerberos-authent.png?rev=1447269&view=auto ============================================================================== Binary file - no diff available. Propchange: directory/site/trunk/content/apacheds/kerberos-ug/images/kerberos-authent.png ------------------------------------------------------------------------------ svn:mime-type = application/octet-stream Modified: directory/site/trunk/content/apacheds/kerberos-ug/images/kerberos-config.png URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/kerberos-ug/images/kerberos-config.png?rev=1447269&r1=1447268&r2=1447269&view=diff ============================================================================== Binary files - no diff available. Added: directory/site/trunk/content/apacheds/kerberos-ug/images/network-parameters.png URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/kerberos-ug/images/network-parameters.png?rev=1447269&view=auto ============================================================================== Binary file - no diff available. Propchange: directory/site/trunk/content/apacheds/kerberos-ug/images/network-parameters.png ------------------------------------------------------------------------------ svn:mime-type = application/octet-stream Added: directory/site/trunk/content/apacheds/kerberos-ug/images/new-connection.png URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/kerberos-ug/images/new-connection.png?rev=1447269&view=auto ============================================================================== Binary file - no diff available. Propchange: directory/site/trunk/content/apacheds/kerberos-ug/images/new-connection.png ------------------------------------------------------------------------------ svn:mime-type = application/octet-stream