directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r1465278 - in /directory/site/trunk/content/apacheds/advanced-ug: 4.1.2-sasl-authn.mdtext 4.1.2.2-sasl-gssapi-authn.mdtext 4.1.2.2-sasl-plain-text-authn.mdtext 4.1.2.7-sasl-ntlm-authn.mdtext
Date Sat, 06 Apr 2013 17:26:23 GMT
Author: elecharny
Date: Sat Apr  6 17:26:23 2013
New Revision: 1465278

URL: http://svn.apache.org/r1465278
Log:
removed the SASL anonymous page, updated the SASL main page

Removed:
    directory/site/trunk/content/apacheds/advanced-ug/4.1.2.2-sasl-plain-text-authn.mdtext
    directory/site/trunk/content/apacheds/advanced-ug/4.1.2.7-sasl-ntlm-authn.mdtext
Modified:
    directory/site/trunk/content/apacheds/advanced-ug/4.1.2-sasl-authn.mdtext
    directory/site/trunk/content/apacheds/advanced-ug/4.1.2.2-sasl-gssapi-authn.mdtext

Modified: directory/site/trunk/content/apacheds/advanced-ug/4.1.2-sasl-authn.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/advanced-ug/4.1.2-sasl-authn.mdtext?rev=1465278&r1=1465277&r2=1465278&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/advanced-ug/4.1.2-sasl-authn.mdtext (original)
+++ directory/site/trunk/content/apacheds/advanced-ug/4.1.2-sasl-authn.mdtext Sat Apr  6 17:26:23
2013
@@ -24,18 +24,49 @@ Notice: Licensed to the Apache Software 
 
 # 4.1.2 - SASL Authentication
 
-**SASL** authentication is based on a standard described in [RFC 4422](http://www.ietf.org/rfc/rfc4422.txt).
**SASL** means **S**imple **A**uthentication and **S**ecurity **L**ayer.
-
-It extends the Simple authentication, by allowing the LDAP server to authenticate the user
by various mechanisms.
-
-The **SASL* Authentication is used when a simple user/password authentication is not enough.
Many other systems exist, and may take many parameters to authenticate a user. With **SASL**,
a challenge/response system is used to get the needed information from the client, up to the
point the authentication is either successful or fails.
-
 ## Chapter content
 
-* [4.1.2.1 - SASL plain text Authentication](4.1.2.1-sasl-plain-text-authn.html)
+* [4.1.2.1 - SASL PLAIN text Authentication](4.1.2.1-sasl-plain-text-authn.html)
 * [4.1.2.2 - SASL GSSAPI Authentication](4.1.2.2-sasl-gssapi-authn.html)
 * [4.1.2.3 - SASL CRAM-MD5 Authentication](4.1.2.3-sasl-cram-md5-authn.html)
 * [4.1.2.4 - SASL DIGEST-MD5 Authentication](4.1.2.4-sasl-digest-md5-authn.html)
 * [4.1.2.5 - SASL EXTERNAL Authentication](4.1.2.5-sasl-external-authn.html)
 * [4.1.2.6 - SASL NTLM Authentication](4.1.2.6-sasl-ntlm-authn.html)
 
+
+## Introduction
+
+**SASL** authentication is based on a standard described in [RFC 4422](http://www.ietf.org/rfc/rfc4422.txt).
**SASL** means **S**imple **A**uthentication and **S**ecurity **L**ayer.
+
+It extends the Simple authentication, by allowing the LDAP server to authenticate the user
by various mechanisms.
+
+The **SASL* Authentication is used when a simple user/password authentication is not enough.
Many other systems exist, and may take many parameters to authenticate a user. With **SASL**,
a challenge/response system is used to get the needed information from the client, up to the
point the authentication is either successful or fails.
+
+As **ApacheDS** is based on Java, we only support the **SASL** mechanisms the JDK support
:
+
+    * PLAIN : cleartext user/password authentication
+    * CRAM-MD5 : IMAP/POP authentication
+    * DIGEST-MD5 : Http Digest authentication
+    * GSSAPI : Kerberos authentication
+    * EXTERNAL : External authentication
+
+It's important to notice that some of those mechanisms are either useless (PLAIN) or obsolete
(DIGEST-MD5).
+
+The SASL specifications are defined by an [IETF Working Group](http://datatracker.ietf.org/wg/sasl/)
which has published the following proposed standards :
+
+    * [RFC 4013](http://www.ietf.org/rfc/rfc4013.txt) : SASLprep: Stringprep Profile for
User Names and Passwords 
+    * [RFC 4422](http://www.ietf.org/rfc/rfc4422.txt) : Simple Authentication and Security
Layer (SASL)
+    * [RFC 4505](http://www.ietf.org/rfc/rfc4505.txt) : Anonymous Simple Authentication and
Security Layer (SASL) Mechanism
+    * [RFC 4616](http://www.ietf.org/rfc/rfc4616.txt) : The PLAIN Simple Authentication and
Security Layer (SASL) Mechanism
+    * [RFC 4752](http://www.ietf.org/rfc/rfc4752.txt) : The Kerberos V5 ("GSSAPI") Simple
Authentication and Security Layer (SASL) Mechanism
+    * [RFC 5801](http://www.ietf.org/rfc/rfc5801.txt) : Using Generic Security Service Application
Program Interface (GSS-API) Mechanisms in Simple Authentication and Security Layer (SASL):
The GS2 Mechanism Family
+    * [RFC 5802](http://www.ietf.org/rfc/rfc5802.txt) : Salted Challenge Response Authentication
Mechanism (SCRAM) SASL and GSS-API Mechanisms
+
+Some other RFCs have been published, for each specific mechanisms, some of them are obsoleted
by more recent RFCs :
+
+    * [RFC 2595](http://www.ietf.org/rfc/rfc2595.txt) : Using TLS with IMAP, POP3 and ACAP
(updated by RFC 4616)
+    * [RFC 2195](http://www.ietf.org/rfc/rfc2195.txt) : IMAP/POP AUTHorize Extension for
Simple Challenge/Response
+    * [RFC 2831](http://www.ietf.org/rfc/rfc2831.txt) : Using Digest Authentication as a
SASL Mechanism (obsoleted by RFC 6631)
+    * [RFC 2222](http://www.ietf.org/rfc/rfc2222.txt) : Simple Authentication and Security
Layer (SASL) (obsoleted by RFC 4422)
+
+

Modified: directory/site/trunk/content/apacheds/advanced-ug/4.1.2.2-sasl-gssapi-authn.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/advanced-ug/4.1.2.2-sasl-gssapi-authn.mdtext?rev=1465278&r1=1465277&r2=1465278&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/advanced-ug/4.1.2.2-sasl-gssapi-authn.mdtext (original)
+++ directory/site/trunk/content/apacheds/advanced-ug/4.1.2.2-sasl-gssapi-authn.mdtext Sat
Apr  6 17:26:23 2013
@@ -23,3 +23,10 @@ Notice: Licensed to the Apache Software 
     under the License.
 
 # 4.1.2.2 - SASL GSSAPI Authentication
+
+This authentication mechanism is specified in the following RFCs :
+
+    * [RFC 2222](http://tools.ietf.org/html/rfc2222)
+    * [RFC ](http://tools.ietf.org/html/rfc)
+    * [RFC 4752](http://tools.ietf.org/html/rfc4752)
+    * 



Mime
View raw message