directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r857526 - in /websites/staging/directory/trunk/content: ./ apacheds/advanced-ug/
Date Sat, 06 Apr 2013 17:26:37 GMT
Author: buildbot
Date: Sat Apr  6 17:26:36 2013
New Revision: 857526

Log:
Staging update by buildbot for directory

Removed:
    websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.2-sasl-plain-text-authn.html
    websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.7-sasl-ntlm-authn.html
Modified:
    websites/staging/directory/trunk/content/   (props changed)
    websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2-sasl-authn.html
    websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.2-sasl-gssapi-authn.html

Propchange: websites/staging/directory/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Sat Apr  6 17:26:36 2013
@@ -1 +1 @@
-1465195
+1465278

Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2-sasl-authn.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2-sasl-authn.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2-sasl-authn.html Sat
Apr  6 17:26:36 2013
@@ -138,18 +138,46 @@
 
 
 <h1 id="412-sasl-authentication">4.1.2 - SASL Authentication</h1>
-<p><strong>SASL</strong> authentication is based on a standard described
in <a href="http://www.ietf.org/rfc/rfc4422.txt">RFC 4422</a>. <strong>SASL</strong>
means <strong>S</strong>imple <strong>A</strong>uthentication and
<strong>S</strong>ecurity <strong>L</strong>ayer.</p>
-<p>It extends the Simple authentication, by allowing the LDAP server to authenticate
the user by various mechanisms.</p>
-<p>The <strong>SASL* Authentication is used when a simple user/password authentication
is not enough. Many other systems exist, and may take many parameters to authenticate a user.
With </strong>SASL**, a challenge/response system is used to get the needed information
from the client, up to the point the authentication is either successful or fails.</p>
 <h2 id="chapter-content">Chapter content</h2>
 <ul>
-<li><a href="4.1.2.1-sasl-plain-text-authn.html">4.1.2.1 - SASL plain text Authentication</a></li>
+<li><a href="4.1.2.1-sasl-plain-text-authn.html">4.1.2.1 - SASL PLAIN text Authentication</a></li>
 <li><a href="4.1.2.2-sasl-gssapi-authn.html">4.1.2.2 - SASL GSSAPI Authentication</a></li>
 <li><a href="4.1.2.3-sasl-cram-md5-authn.html">4.1.2.3 - SASL CRAM-MD5 Authentication</a></li>
 <li><a href="4.1.2.4-sasl-digest-md5-authn.html">4.1.2.4 - SASL DIGEST-MD5 Authentication</a></li>
 <li><a href="4.1.2.5-sasl-external-authn.html">4.1.2.5 - SASL EXTERNAL Authentication</a></li>
 <li><a href="4.1.2.6-sasl-ntlm-authn.html">4.1.2.6 - SASL NTLM Authentication</a></li>
 </ul>
+<h2 id="introduction">Introduction</h2>
+<p><strong>SASL</strong> authentication is based on a standard described
in <a href="http://www.ietf.org/rfc/rfc4422.txt">RFC 4422</a>. <strong>SASL</strong>
means <strong>S</strong>imple <strong>A</strong>uthentication and
<strong>S</strong>ecurity <strong>L</strong>ayer.</p>
+<p>It extends the Simple authentication, by allowing the LDAP server to authenticate
the user by various mechanisms.</p>
+<p>The <strong>SASL* Authentication is used when a simple user/password authentication
is not enough. Many other systems exist, and may take many parameters to authenticate a user.
With </strong>SASL**, a challenge/response system is used to get the needed information
from the client, up to the point the authentication is either successful or fails.</p>
+<p>As <strong>ApacheDS</strong> is based on Java, we only support the <strong>SASL</strong>
mechanisms the JDK support :</p>
+<div class="codehilite"><pre><span class="o">*</span> <span class="n">PLAIN</span>
<span class="p">:</span> <span class="n">cleartext</span> <span
class="n">user</span><span class="o">/</span><span class="n">password</span>
<span class="n">authentication</span>
+<span class="o">*</span> <span class="n">CRAM</span><span class="o">-</span><span
class="n">MD5</span> <span class="p">:</span> <span class="n">IMAP</span><span
class="o">/</span><span class="n">POP</span> <span class="n">authentication</span>
+<span class="o">*</span> <span class="n">DIGEST</span><span class="o">-</span><span
class="n">MD5</span> <span class="p">:</span> <span class="n">Http</span>
<span class="n">Digest</span> <span class="n">authentication</span>
+<span class="o">*</span> <span class="n">GSSAPI</span> <span class="p">:</span>
<span class="n">Kerberos</span> <span class="n">authentication</span>
+<span class="o">*</span> <span class="n">EXTERNAL</span> <span
class="p">:</span> <span class="n">External</span> <span class="n">authentication</span>
+</pre></div>
+
+
+<p>It's important to notice that some of those mechanisms are either useless (PLAIN)
or obsolete (DIGEST-MD5).</p>
+<p>The SASL specifications are defined by an <a href="http://datatracker.ietf.org/wg/sasl/">IETF
Working Group</a> which has published the following proposed standards :</p>
+<div class="codehilite"><pre><span class="o">*</span> <span class="p">[</span><span
class="n">RFC</span> <span class="mi">4013</span><span class="p">](</span><span
class="n">http:</span><span class="sr">//</span><span class="n">www</span><span
class="o">.</span><span class="n">ietf</span><span class="o">.</span><span
class="n">org</span><span class="sr">/rfc/</span><span class="n">rfc4013</span><span
class="o">.</span><span class="n">txt</span><span class="p">)</span>
<span class="p">:</span> <span class="n">SASLprep:</span> <span
class="n">Stringprep</span> <span class="n">Profile</span> <span class="k">for</span>
<span class="n">User</span> <span class="n">Names</span> <span
class="ow">and</span> <span class="n">Passwords</span> 
+<span class="o">*</span> <span class="p">[</span><span class="n">RFC</span>
<span class="mi">4422</span><span class="p">](</span><span class="n">http:</span><span
class="sr">//</span><span class="n">www</span><span class="o">.</span><span
class="n">ietf</span><span class="o">.</span><span class="n">org</span><span
class="sr">/rfc/</span><span class="n">rfc4422</span><span class="o">.</span><span
class="n">txt</span><span class="p">)</span> <span class="p">:</span>
<span class="n">Simple</span> <span class="n">Authentication</span>
<span class="ow">and</span> <span class="n">Security</span> <span
class="n">Layer</span> <span class="p">(</span><span class="n">SASL</span><span
class="p">)</span>
+<span class="o">*</span> <span class="p">[</span><span class="n">RFC</span>
<span class="mi">4505</span><span class="p">](</span><span class="n">http:</span><span
class="sr">//</span><span class="n">www</span><span class="o">.</span><span
class="n">ietf</span><span class="o">.</span><span class="n">org</span><span
class="sr">/rfc/</span><span class="n">rfc4505</span><span class="o">.</span><span
class="n">txt</span><span class="p">)</span> <span class="p">:</span>
<span class="n">Anonymous</span> <span class="n">Simple</span> <span
class="n">Authentication</span> <span class="ow">and</span> <span
class="n">Security</span> <span class="n">Layer</span> <span class="p">(</span><span
class="n">SASL</span><span class="p">)</span> <span class="n">Mechanism</span>
+<span class="o">*</span> <span class="p">[</span><span class="n">RFC</span>
<span class="mi">4616</span><span class="p">](</span><span class="n">http:</span><span
class="sr">//</span><span class="n">www</span><span class="o">.</span><span
class="n">ietf</span><span class="o">.</span><span class="n">org</span><span
class="sr">/rfc/</span><span class="n">rfc4616</span><span class="o">.</span><span
class="n">txt</span><span class="p">)</span> <span class="p">:</span>
<span class="n">The</span> <span class="n">PLAIN</span> <span class="n">Simple</span>
<span class="n">Authentication</span> <span class="ow">and</span>
<span class="n">Security</span> <span class="n">Layer</span> <span
class="p">(</span><span class="n">SASL</span><span class="p">)</span>
<span class="n">Mechanism</span>
+<span class="o">*</span> <span class="p">[</span><span class="n">RFC</span>
<span class="mi">4752</span><span class="p">](</span><span class="n">http:</span><span
class="sr">//</span><span class="n">www</span><span class="o">.</span><span
class="n">ietf</span><span class="o">.</span><span class="n">org</span><span
class="sr">/rfc/</span><span class="n">rfc4752</span><span class="o">.</span><span
class="n">txt</span><span class="p">)</span> <span class="p">:</span>
<span class="n">The</span> <span class="n">Kerberos</span> <span
class="n">V5</span> <span class="p">(</span><span class="s">&quot;GSSAPI&quot;</span><span
class="p">)</span> <span class="n">Simple</span> <span class="n">Authentication</span>
<span class="ow">and</span> <span class="n">Security</span> <span
class="n">Layer</span> <span class="p">(</span><span class="n">SASL</span><span
class="p">)</span> <span class="n">Mechanism</span>
+<span class="o">*</span> <span class="p">[</span><span class="n">RFC</span>
<span class="mi">5801</span><span class="p">](</span><span class="n">http:</span><span
class="sr">//</span><span class="n">www</span><span class="o">.</span><span
class="n">ietf</span><span class="o">.</span><span class="n">org</span><span
class="sr">/rfc/</span><span class="n">rfc5801</span><span class="o">.</span><span
class="n">txt</span><span class="p">)</span> <span class="p">:</span>
<span class="n">Using</span> <span class="n">Generic</span> <span
class="n">Security</span> <span class="n">Service</span> <span class="n">Application</span>
<span class="n">Program</span> <span class="n">Interface</span> <span
class="p">(</span><span class="n">GSS</span><span class="o">-</span><span
class="n">API</span><span class="p">)</span> <span class="n">Mechanisms</span>
<span class="n">in</span> <span class="n">Simple</span> <span class="n">Authentication</span>
<span class="ow">and</span> <span class="n">S
 ecurity</span> <span class="n">Layer</span> <span class="p">(</span><span
class="n">SASL</span><span class="p">):</span> <span class="n">The</span>
<span class="n">GS2</span> <span class="n">Mechanism</span> <span
class="n">Family</span>
+<span class="o">*</span> <span class="p">[</span><span class="n">RFC</span>
<span class="mi">5802</span><span class="p">](</span><span class="n">http:</span><span
class="sr">//</span><span class="n">www</span><span class="o">.</span><span
class="n">ietf</span><span class="o">.</span><span class="n">org</span><span
class="sr">/rfc/</span><span class="n">rfc5802</span><span class="o">.</span><span
class="n">txt</span><span class="p">)</span> <span class="p">:</span>
<span class="n">Salted</span> <span class="n">Challenge</span> <span
class="n">Response</span> <span class="n">Authentication</span> <span
class="n">Mechanism</span> <span class="p">(</span><span class="n">SCRAM</span><span
class="p">)</span> <span class="n">SASL</span> <span class="ow">and</span>
<span class="n">GSS</span><span class="o">-</span><span class="n">API</span>
<span class="n">Mechanisms</span>
+</pre></div>
+
+
+<p>Some other RFCs have been published, for each specific mechanisms, some of them
are obsoleted by more recent RFCs :</p>
+<div class="codehilite"><pre><span class="o">*</span> <span class="p">[</span><span
class="n">RFC</span> <span class="mi">2595</span><span class="p">](</span><span
class="n">http:</span><span class="sr">//</span><span class="n">www</span><span
class="o">.</span><span class="n">ietf</span><span class="o">.</span><span
class="n">org</span><span class="sr">/rfc/</span><span class="n">rfc2595</span><span
class="o">.</span><span class="n">txt</span><span class="p">)</span>
<span class="p">:</span> <span class="n">Using</span> <span class="n">TLS</span>
<span class="n">with</span> <span class="n">IMAP</span><span class="p">,</span>
<span class="n">POP3</span> <span class="ow">and</span> <span class="n">ACAP</span>
<span class="p">(</span><span class="n">updated</span> <span class="n">by</span>
<span class="n">RFC</span> <span class="mi">4616</span><span class="p">)</span>
+<span class="o">*</span> <span class="p">[</span><span class="n">RFC</span>
<span class="mi">2195</span><span class="p">](</span><span class="n">http:</span><span
class="sr">//</span><span class="n">www</span><span class="o">.</span><span
class="n">ietf</span><span class="o">.</span><span class="n">org</span><span
class="sr">/rfc/</span><span class="n">rfc2195</span><span class="o">.</span><span
class="n">txt</span><span class="p">)</span> <span class="p">:</span>
<span class="n">IMAP</span><span class="sr">/POP AUTHorize Extension for
Simple Challenge/</span><span class="n">Response</span>
+<span class="o">*</span> <span class="p">[</span><span class="n">RFC</span>
<span class="mi">2831</span><span class="p">](</span><span class="n">http:</span><span
class="sr">//</span><span class="n">www</span><span class="o">.</span><span
class="n">ietf</span><span class="o">.</span><span class="n">org</span><span
class="sr">/rfc/</span><span class="n">rfc2831</span><span class="o">.</span><span
class="n">txt</span><span class="p">)</span> <span class="p">:</span>
<span class="n">Using</span> <span class="n">Digest</span> <span
class="n">Authentication</span> <span class="n">as</span> <span class="n">a</span>
<span class="n">SASL</span> <span class="n">Mechanism</span> <span
class="p">(</span><span class="n">obsoleted</span> <span class="n">by</span>
<span class="n">RFC</span> <span class="mi">6631</span><span class="p">)</span>
+<span class="o">*</span> <span class="p">[</span><span class="n">RFC</span>
<span class="mi">2222</span><span class="p">](</span><span class="n">http:</span><span
class="sr">//</span><span class="n">www</span><span class="o">.</span><span
class="n">ietf</span><span class="o">.</span><span class="n">org</span><span
class="sr">/rfc/</span><span class="n">rfc2222</span><span class="o">.</span><span
class="n">txt</span><span class="p">)</span> <span class="p">:</span>
<span class="n">Simple</span> <span class="n">Authentication</span>
<span class="ow">and</span> <span class="n">Security</span> <span
class="n">Layer</span> <span class="p">(</span><span class="n">SASL</span><span
class="p">)</span> <span class="p">(</span><span class="n">obsoleted</span>
<span class="n">by</span> <span class="n">RFC</span> <span class="mi">4422</span><span
class="p">)</span>
+</pre></div>
 
 
     <div class="nav">

Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.2-sasl-gssapi-authn.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.2-sasl-gssapi-authn.html
(original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.2-sasl-gssapi-authn.html
Sat Apr  6 17:26:36 2013
@@ -138,6 +138,12 @@
 
 
 <h1 id="4122-sasl-gssapi-authentication">4.1.2.2 - SASL GSSAPI Authentication</h1>
+<p>This authentication mechanism is specified in the following RFCs :</p>
+<div class="codehilite"><pre><span class="o">*</span> <span class="p">[</span><span
class="n">RFC</span> <span class="mi">2222</span><span class="p">](</span><span
class="n">http:</span><span class="sr">//</span><span class="n">tools</span><span
class="o">.</span><span class="n">ietf</span><span class="o">.</span><span
class="n">org</span><span class="sr">/html/</span><span class="n">rfc2222</span><span
class="p">)</span>
+<span class="o">*</span> <span class="p">[</span><span class="n">RFC</span>
<span class="p">](</span><span class="n">http:</span><span class="sr">//</span><span
class="n">tools</span><span class="o">.</span><span class="n">ietf</span><span
class="o">.</span><span class="n">org</span><span class="sr">/html/</span><span
class="n">rfc</span><span class="p">)</span>
+<span class="o">*</span> <span class="p">[</span><span class="n">RFC</span>
<span class="mi">4752</span><span class="p">](</span><span class="n">http:</span><span
class="sr">//</span><span class="n">tools</span><span class="o">.</span><span
class="n">ietf</span><span class="o">.</span><span class="n">org</span><span
class="sr">/html/</span><span class="n">rfc4752</span><span class="p">)</span>
+<span class="o">*</span>
+</pre></div>
 
 
     <div class="nav">



Mime
View raw message