directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r1546411 [1/2] - in /directory/site/trunk/content: apacheds/kerberos-ug/4.2-authenticate-studio.mdtext images/banner-ldapcon-2013.png images/browse.graphml
Date Thu, 28 Nov 2013 17:54:23 GMT
Author: elecharny
Date: Thu Nov 28 17:54:23 2013
New Revision: 1546411

URL: http://svn.apache.org/r1546411
Log:
Deleted the LDAP Con banner, fixed some formatng

Added:
    directory/site/trunk/content/images/browse.graphml
Removed:
    directory/site/trunk/content/images/banner-ldapcon-2013.png
Modified:
    directory/site/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.mdtext

Modified: directory/site/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.mdtext?rev=1546411&r1=1546410&r2=1546411&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.mdtext (original)
+++ directory/site/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.mdtext Thu Nov
28 17:54:23 2013
@@ -27,7 +27,7 @@ Notice: Licensed to the Apache Software 
 We will explain how to use the kerberos server to authentify users on a LDAP server. Let's
first define the way we will store data in the LDAP server
 
 <DIV class="info" markdown="1">
-We will suppose that the **Kerberos** server is installed on a server which _hostName_ is
**example.net** and the _realm_ is **EXAMPLE.COM** in the following paragraphes.
+We will suppose that the <strong>Kerberos</strong> server is installed on a server
which <em>hostName</em> is <strong>example.net</strong> and the <em>realm/em>
is <strong>EXAMPLE.COM</strong> in the following paragraphes.
 </DIV>
 
 ## Servers configuration
@@ -36,27 +36,19 @@ We first have to configure the **LDAP** 
 
 If you have installed the **ApacheDS** package, the simplest way is to start the server,
and to connect on it using Studio, using the _uid=admin,ou=system_ user with _secret_ as a
password (this password will have to be changed later !).
 
-<DIV align="center">
 ![Admin Connection](images/admin-connection.png)
-</DIV>
 
 and :
 
-<DIV align="center">
 ![Admin Authentication](images/admin-authentication.png)
-</DIV>
 
 Once connected, right click on the connection :
 
-<DIV align="center">
 ![Open Configuration](images/open-config.png)
-</DIV>
 
 On the **Overview** tab, check the **Enable Kerberos Server** box :
 
-<DIV align="center">
 ![Enable Kerberos Server](images/enable-kerberos.png)
-</DIV>
 
 ### LDAP Server configuration
 
@@ -67,14 +59,12 @@ There are a few parameters that are to b
     * The _Search Base DN_ should point to the place under which we store users and services
(_dc=security,dc=example,dc=com_)
 
 <DIV class="warning" markdown="1">
-The _SASL principal_ instance part (ie, **example.net**) is in lower case, as the hostname
is not case sensitive. Sadly, the _KrbPrincipalName_ attributeType is case sensitive, so if
the left part is not lowercased, the server won't be able to retrieve the information from
the LDAP server.
+The _SASL principal_ instance part (ie, <strong>example.net</strong>) is in lower
case, as the hostname is not case sensitive. Sadly, the <em>KrbPrincipalName</em>
attributeType is case sensitive, so if the left part is not lowercased, the server won't be
able to retrieve the information from the LDAP server.
 </DIV>
 
 Here is a snapshot of this configuration :
 
-<DIV align="center">
 ![LDAP configuration](images/ldap-config.png)
-</DIV>
 
 
 ### Kerberos Server configuration
@@ -86,9 +76,7 @@ Now, you can switch to the Kerberos tab,
 
 Here is a Ssnapshot of this configuration :
 
-<DIV align="center">
 ![Kerberos configuration](images/kerberos-config.png)
-</DIV>
 
 
 Once those modifications have been done, you must restart the server.
@@ -120,9 +108,7 @@ Each user and each service will be decla
 
 We will store those entries in a part of the **DIT** where the kerberos server and the ldap
server will be able to find them. Assuming we have created our own partition named **dc=example,dc=com**,
we will define this hierarchy starting from there :
 
-<DIV align="center">
 ![Authentification hierarchy](images/authent-hierarchy.png)
-</DIV>
 
 This can be injected in the LDAP server using this LDIF :
 
@@ -172,7 +158,7 @@ For our sample test, here is a person we
 This user does not have a password yet.
 
 <DIV class="info" markdown="1">
-The import thing is the _krb5PrincipalName_, which is the one that will be used to bind the
user. It has a user login (**hnelson**) and a realm (**EXAMPLE.COM**).
+The import thing is the <em>krb5PrincipalName</em>, which is the one that will
be used to bind the user. It has a user login (<strong>hnelson</strong>) and a
realm (<strong>EXAMPLE.COM</strong>).
 </DIV>
 
 Once the user has been injected, we can see that the server has created some krb5Key attributes
:
@@ -242,8 +228,8 @@ Here is the associated LDIF file :
 Three important things :
 
 - the userPassword is 'randomkey'. The key will not be generated based on a know password,
they will use a random key.
-- the _krb5PrincipalName_ has one more information, after the / character : _EXAMPLE.COM_
for 
-    the **krbtgt** service, and _example.net_ for the **ldap** service. For the **krbtgt**
principal, the instance is always the realm name. For the **ldap** principal, the instance
is the hostname, in lowercase.
+- the <em>krb5PrincipalName</em> has one more information, after the / character
: _EXAMPLE.COM_ for 
+    the <strong>krbtgt</strong> service, and _example.net_ for the <strong>ldap</strong>
service. For the <strong>krbtgt</strong> principal, the instance is always the
realm name. For the <strong>ldap</strong> principal, the instance is the hostname,
in lowercase.
 - the krb5KeyVersionNumber is 0
 </DIV>
 
@@ -257,9 +243,7 @@ Now that the server is set, and the serv
 
 On the "Connections" tab, right click and select 'New Connection...'
 
-<DIV align="center">
 ![New Connection](images/new-connection.png)
-</DIV>
 
 You will now have to set the network parameters, as in the following popup. Typically, set
:
 
@@ -273,9 +257,7 @@ You can check the connection on cliking 
 Here is the screenshot :
 
 
-<DIV align="center">
 ![Network Parameters](images/network-parameters.png)
-</DIV>
 
 Then click on Next to setup the authentication part.
 Select the following parameters and values :
@@ -293,9 +275,7 @@ Select the following parameters and valu
 
 Here is the resulting screen :
 
-<DIV align="center">
 ![Kerberos authentification](images/kerberos-authent.png)
-</DIV>
 
 Clinking in the 'Check Authentication' buton should be succesfull.
 



Mime
View raw message