Return-Path: X-Original-To: apmail-directory-commits-archive@www.apache.org Delivered-To: apmail-directory-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 1C3BBE067 for ; Mon, 18 Feb 2013 14:20:05 +0000 (UTC) Received: (qmail 46494 invoked by uid 500); 18 Feb 2013 14:20:04 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 46438 invoked by uid 500); 18 Feb 2013 14:20:04 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 46419 invoked by uid 99); 18 Feb 2013 14:20:04 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 18 Feb 2013 14:20:04 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 18 Feb 2013 14:20:01 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 0B6E223889D7 for ; Mon, 18 Feb 2013 14:19:41 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r850965 - in /websites/staging/directory/trunk/content: ./ apacheds/kerberos-ug/ apacheds/kerberos-ug/images/ Date: Mon, 18 Feb 2013 14:19:40 -0000 To: commits@directory.apache.org From: buildbot@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20130218141941.0B6E223889D7@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: buildbot Date: Mon Feb 18 14:19:40 2013 New Revision: 850965 Log: Staging update by buildbot for directory Added: websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/kerberos-authent.png (with props) websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/network-parameters.png (with props) websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/new-connection.png (with props) Modified: websites/staging/directory/trunk/content/ (props changed) websites/staging/directory/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.html websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/kerberos-config.png Propchange: websites/staging/directory/trunk/content/ ------------------------------------------------------------------------------ --- cms:source-revision (original) +++ cms:source-revision Mon Feb 18 14:19:40 2013 @@ -1 +1 @@ -1446725 +1447269 Modified: websites/staging/directory/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.html ============================================================================== --- websites/staging/directory/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.html (original) +++ websites/staging/directory/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.html Mon Feb 18 14:19:40 2013 @@ -279,44 +279,81 @@ userPassword:: e1NTSEF9VnhjYUl4U3JxUnAra

Here is the associated LDIF file :

dn: uid=ldap,ou=services,dc=security,dc=example,dc=com
 objectClass: top
-objectClass: inetOrgPerson
+objectClass: organizationalUnit
 objectClass: krb5KDCEntry
-objectClass: person
+objectClass: uidObject
 objectClass: krb5Principal
-objectClass: organizationalPerson
-cn: LDAP
 krb5KeyVersionNumber: 0
 krb5PrincipalName: ldap/localhost@EXAMPLE.COM
-sn: Service
 uid: ldap
 userPassword: randomKey
+ou: TGT
 
 dn: uid=krbtgt,ou=services,dc=security,dc=example,dc=com
 objectClass: top
-objectClass: inetOrgPerson
+objectClass: organizationalUnit
 objectClass: krb5KDCEntry
-objectClass: person
+objectClass: uidObject
 objectClass: krb5Principal
-objectClass: organizationalPerson
-cn: KDC Service
 krb5KeyVersionNumber: 0
 krb5PrincipalName: krbtgt/EXAMPLE.COM@EXAMPLE.COM
-sn: Service
 uid: krbtgt
 userPassword:: randomkey
+ou: LDAP

Three important things :

-
- the userPassword is 'randomkey'. The key won't be generated based on a know password, they will use a random key.
-- the _krb5PrincipalName_ has one more information, after the '/' character : _EXAMPLE.COM_ for the **krbtgt** service, and **localhost** for the **ldap** service.
+
- the userPassword is 'randomkey'. The key won't be generated based on a know password, they will use a random key.
+- the _krb5PrincipalName_ has one more information, after the / character : _EXAMPLE.COM_ for 
+the **krbtgt** service, and **localhost** for the **ldap** service.
+- the krb5KeyVersionNumber is 0

Again, once those entries have been injected in the LDAP server, the krb5Key attributeTypes will be created

Login using Studio

+

Now that the server is set, and the services and users are stored into it, we can create a new connection using the Kerberos authentication for the created users.

+

Create a new connection

+

On the "Connections" tab, right click and select 'New Connection...'

+

+New Connection +

+

You will now have to set the network parameters, as in the following popup. Typically, set :

+
* The connection name (here, **Kerberos User**)
+* The LDAP server host (**localhost**)
+* The LDAP server port (**10389**)
+* The Provider (pick **Apache Directory LDAP Client API**)
+
+ + +

You can check the connection on cliking the 'check network connection' button, you should get back a popup stating that the connection was established successfully.

+

Here is the screenshot :

+

+Network Parameters +

+

Then click on Next to setup the authentication part. +Select the following parameters and values :

+
* Authentication method : **GSSAPI**
+* Bind DN : the user name (here, **hnelson**)
+* Bind password : here, **secret**
+* Don't change anything in the SASL settings
+* Kerberos settings 
+    * Obtain TGT from KDC
+    * Use following configuration :
+        * Kerberos Realm : **EXAMPLE.COM**
+        * KDC Host : **localhost**
+        * KDC port : ** 60088**
+
+ + +

Here is the resulting screen :

+

+Kerberos authentification +

+

Clinking in the 'Check Authentication' buton should be succesful.

Added: websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/kerberos-authent.png ============================================================================== Binary file - no diff available. Propchange: websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/kerberos-authent.png ------------------------------------------------------------------------------ svn:mime-type = image/png Modified: websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/kerberos-config.png ============================================================================== Binary files - no diff available. Added: websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/network-parameters.png ============================================================================== Binary file - no diff available. Propchange: websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/network-parameters.png ------------------------------------------------------------------------------ svn:mime-type = image/png Added: websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/new-connection.png ============================================================================== Binary file - no diff available. Propchange: websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/new-connection.png ------------------------------------------------------------------------------ svn:mime-type = image/png