directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r888411 - in /websites/staging/directory/trunk/content: ./ apacheds/kerberos-ug/4.2-authenticate-studio.html images/banner-ldapcon-2013.png images/browse.graphml
Date Thu, 28 Nov 2013 17:54:37 GMT
Author: buildbot
Date: Thu Nov 28 17:54:37 2013
New Revision: 888411

Log:
Staging update by buildbot for directory

Added:
    websites/staging/directory/trunk/content/images/browse.graphml   (with props)
Removed:
    websites/staging/directory/trunk/content/images/banner-ldapcon-2013.png
Modified:
    websites/staging/directory/trunk/content/   (props changed)
    websites/staging/directory/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.html

Propchange: websites/staging/directory/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Thu Nov 28 17:54:37 2013
@@ -1 +1 @@
-1546410
+1546411

Modified: websites/staging/directory/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.html
(original)
+++ websites/staging/directory/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.html
Thu Nov 28 17:54:37 2013
@@ -146,31 +146,19 @@
 <h1 id="41-authenticate-with-studio">4.1 - Authenticate with Studio</h1>
 <p>We will explain how to use the kerberos server to authentify users on a LDAP server.
Let's first define the way we will store data in the LDAP server</p>
 <DIV class="info" markdown="1">
-We will suppose that the **Kerberos** server is installed on a server which _hostName_ is
**example.net** and the _realm_ is **EXAMPLE.COM** in the following paragraphes.
+We will suppose that the <strong>Kerberos</strong> server is installed on a server
which <em>hostName</em> is <strong>example.net</strong> and the <em>realm/em>
is <strong>EXAMPLE.COM</strong> in the following paragraphes.
 </DIV>
 
 <h2 id="servers-configuration">Servers configuration</h2>
 <p>We first have to configure the <strong>LDAP</strong> and <strong>Kerberos</strong>
server, in order to be able to use the kerberos server to authenticate on the ldap server.</p>
 <p>If you have installed the <strong>ApacheDS</strong> package, the simplest
way is to start the server, and to connect on it using Studio, using the <em>uid=admin,ou=system</em>
user with <em>secret</em> as a password (this password will have to be changed
later !).</p>
-<DIV align="center">
-![Admin Connection](images/admin-connection.png)
-</DIV>
-
+<p><img alt="Admin Connection" src="images/admin-connection.png" /></p>
 <p>and :</p>
-<DIV align="center">
-![Admin Authentication](images/admin-authentication.png)
-</DIV>
-
+<p><img alt="Admin Authentication" src="images/admin-authentication.png" /></p>
 <p>Once connected, right click on the connection :</p>
-<DIV align="center">
-![Open Configuration](images/open-config.png)
-</DIV>
-
+<p><img alt="Open Configuration" src="images/open-config.png" /></p>
 <p>On the <strong>Overview</strong> tab, check the <strong>Enable
Kerberos Server</strong> box :</p>
-<DIV align="center">
-![Enable Kerberos Server](images/enable-kerberos.png)
-</DIV>
-
+<p><img alt="Enable Kerberos Server" src="images/enable-kerberos.png" /></p>
 <h3 id="ldap-server-configuration">LDAP Server configuration</h3>
 <p>There are a few parameters that are to be set in the <strong>LDAP</strong>
configuration :</p>
 <div class="codehilite"><pre><span class="o">*</span> <span class="n">The</span>
<span class="n">_SASL</span> <span class="n">host_</span> <span
class="n">must</span> <span class="n">be</span> <span class="n">the</span>
<span class="n">local</span> <span class="n">server</span> <span
class="n">name</span> <span class="p">(</span><span class="n">here</span><span
class="p">,</span> <span class="n">example</span><span class="p">.</span><span
class="n">net</span><span class="p">)</span>
@@ -180,14 +168,11 @@ We will suppose that the **Kerberos** se
 
 
 <DIV class="warning" markdown="1">
-The _SASL principal_ instance part (ie, **example.net**) is in lower case, as the hostname
is not case sensitive. Sadly, the _KrbPrincipalName_ attributeType is case sensitive, so if
the left part is not lowercased, the server won't be able to retrieve the information from
the LDAP server.
+The _SASL principal_ instance part (ie, <strong>example.net</strong>) is in lower
case, as the hostname is not case sensitive. Sadly, the <em>KrbPrincipalName</em>
attributeType is case sensitive, so if the left part is not lowercased, the server won't be
able to retrieve the information from the LDAP server.
 </DIV>
 
 <p>Here is a snapshot of this configuration :</p>
-<DIV align="center">
-![LDAP configuration](images/ldap-config.png)
-</DIV>
-
+<p><img alt="LDAP configuration" src="images/ldap-config.png" /></p>
 <h3 id="kerberos-server-configuration">Kerberos Server configuration</h3>
 <p>Now, you can switch to the Kerberos tab, where some more configuration must be set
:</p>
 <div class="codehilite"><pre><span class="o">*</span> <span class="n">The</span>
<span class="n">_Primary</span> <span class="n">KDC</span> <span
class="n">Realm_</span> <span class="n">is</span> <span class="n">EXAMPLE</span><span
class="p">.</span><span class="n">COM</span>
@@ -196,10 +181,7 @@ The _SASL principal_ instance part (ie, 
 
 
 <p>Here is a Ssnapshot of this configuration :</p>
-<DIV align="center">
-![Kerberos configuration](images/kerberos-config.png)
-</DIV>
-
+<p><img alt="Kerberos configuration" src="images/kerberos-config.png" /></p>
 <p>Once those modifications have been done, you must restart the server.</p>
 <h3 id="other-configuration">Other configuration</h3>
 <p>There is one more thing that you need to configure : your domain name (here, example.net_)
has to be reachable on your machine. Either you define in on a <strong>DNS</strong>
server, or you can also add it in your <em>/etc/hosts</em> file.</p>
@@ -221,10 +203,7 @@ It's largely preferable to declare the s
 <p>In our case, the ldap server and the <strong>TGS</strong> are services.</p>
 <p>Each user and each service will be declared using an <em>entry</em>
in the ldap server.</p>
 <p>We will store those entries in a part of the <strong>DIT</strong> where
the kerberos server and the ldap server will be able to find them. Assuming we have created
our own partition named <strong>dc=example,dc=com</strong>, we will define this
hierarchy starting from there :</p>
-<DIV align="center">
-![Authentification hierarchy](images/authent-hierarchy.png)
-</DIV>
-
+<p><img alt="Authentification hierarchy" src="images/authent-hierarchy.png" /></p>
 <p>This can be injected in the LDAP server using this LDIF :</p>
 <div class="codehilite"><pre>dn: dc=security,dc=example,dc=com
 objectClass: top
@@ -267,7 +246,7 @@ userPassword: secret
 
 <p>This user does not have a password yet.</p>
 <DIV class="info" markdown="1">
-The import thing is the _krb5PrincipalName_, which is the one that will be used to bind the
user. It has a user login (**hnelson**) and a realm (**EXAMPLE.COM**).
+The import thing is the <em>krb5PrincipalName</em>, which is the one that will
be used to bind the user. It has a user login (<strong>hnelson</strong>) and a
realm (<strong>EXAMPLE.COM</strong>).
 </DIV>
 
 <p>Once the user has been injected, we can see that the server has created some krb5Key
attributes :</p>
@@ -330,8 +309,8 @@ ou: LDAP
 Three important things :
 
 - the userPassword is 'randomkey'. The key will not be generated based on a know password,
they will use a random key.
-- the _krb5PrincipalName_ has one more information, after the / character : _EXAMPLE.COM_
for 
-    the **krbtgt** service, and _example.net_ for the **ldap** service. For the **krbtgt**
principal, the instance is always the realm name. For the **ldap** principal, the instance
is the hostname, in lowercase.
+- the <em>krb5PrincipalName</em> has one more information, after the / character
: _EXAMPLE.COM_ for 
+    the <strong>krbtgt</strong> service, and _example.net_ for the <strong>ldap</strong>
service. For the <strong>krbtgt</strong> principal, the instance is always the
realm name. For the <strong>ldap</strong> principal, the instance is the hostname,
in lowercase.
 - the krb5KeyVersionNumber is 0
 </DIV>
 
@@ -340,10 +319,7 @@ Three important things :
 <p>Now that the server is set, and the services and users are stored into it, we can
create a new connection using the Kerberos authentication for the created users.</p>
 <h3 id="create-a-new-connection">Create a new connection</h3>
 <p>On the "Connections" tab, right click and select 'New Connection...'</p>
-<DIV align="center">
-![New Connection](images/new-connection.png)
-</DIV>
-
+<p><img alt="New Connection" src="images/new-connection.png" /></p>
 <p>You will now have to set the network parameters, as in the following popup. Typically,
set :</p>
 <div class="codehilite"><pre><span class="o">*</span> <span class="n">The</span>
<span class="n">connection</span> <span class="n">name</span> <span
class="p">(</span><span class="n">here</span><span class="p">,</span>
<span class="o">**</span><span class="n">Kerberos</span> <span
class="n">User</span><span class="o">**</span><span class="p">)</span>
 <span class="o">*</span> <span class="n">The</span> <span class="n">LDAP</span>
<span class="n">server</span> <span class="n">host</span> <span
class="p">(</span><span class="o">**</span><span class="n">example</span><span
class="p">.</span><span class="n">net</span><span class="o">**</span><span
class="p">)</span>
@@ -354,10 +330,7 @@ Three important things :
 
 <p>You can check the connection on cliking the 'check network connection' button, you
should get back a popup stating that the connection was established successfully.</p>
 <p>Here is the screenshot :</p>
-<DIV align="center">
-![Network Parameters](images/network-parameters.png)
-</DIV>
-
+<p><img alt="Network Parameters" src="images/network-parameters.png" /></p>
 <p>Then click on Next to setup the authentication part.
 Select the following parameters and values :</p>
 <div class="codehilite"><pre>* Authentication method : <span class="nt">&lt;b&gt;</span>GSSAPI<span
class="nt">&lt;/b&gt;</span>
@@ -374,10 +347,7 @@ Select the following parameters and valu
 
 
 <p>Here is the resulting screen :</p>
-<DIV align="center">
-![Kerberos authentification](images/kerberos-authent.png)
-</DIV>
-
+<p><img alt="Kerberos authentification" src="images/kerberos-authent.png" /></p>
 <p>Clinking in the 'Check Authentication' buton should be succesfull.</p>
 
 

Added: websites/staging/directory/trunk/content/images/browse.graphml
==============================================================================
Binary file - no diff available.

Propchange: websites/staging/directory/trunk/content/images/browse.graphml
------------------------------------------------------------------------------
    svn:mime-type = application/xml



Mime
View raw message