directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r888413 - in /websites/staging/directory/trunk/content: ./ apacheds/kerberos-ug/4.2-authenticate-studio.html
Date Thu, 28 Nov 2013 18:02:24 GMT
Author: buildbot
Date: Thu Nov 28 18:02:23 2013
New Revision: 888413

Log:
Staging update by buildbot for directory

Modified:
    websites/staging/directory/trunk/content/   (props changed)
    websites/staging/directory/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.html

Propchange: websites/staging/directory/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Thu Nov 28 18:02:23 2013
@@ -1 +1 @@
-1546411
+1546418

Modified: websites/staging/directory/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.html
(original)
+++ websites/staging/directory/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.html
Thu Nov 28 18:02:23 2013
@@ -161,22 +161,22 @@ We will suppose that the <strong>Kerbero
 <p><img alt="Enable Kerberos Server" src="images/enable-kerberos.png" /></p>
 <h3 id="ldap-server-configuration">LDAP Server configuration</h3>
 <p>There are a few parameters that are to be set in the <strong>LDAP</strong>
configuration :</p>
-<div class="codehilite"><pre><span class="o">*</span> <span class="n">The</span>
<span class="n">_SASL</span> <span class="n">host_</span> <span
class="n">must</span> <span class="n">be</span> <span class="n">the</span>
<span class="n">local</span> <span class="n">server</span> <span
class="n">name</span> <span class="p">(</span><span class="n">here</span><span
class="p">,</span> <span class="n">example</span><span class="p">.</span><span
class="n">net</span><span class="p">)</span>
-<span class="o">*</span> <span class="n">The</span> <span class="n">_SASL</span>
<span class="n">principal_</span> <span class="n">is</span> <span
class="o">**</span><span class="n">ldap</span><span class="o">/</span><span
class="n">example</span><span class="p">.</span><span class="n">net</span><span
class="p">@</span><span class="n">EXAMPLE</span><span class="p">.</span><span
class="n">COM</span><span class="o">**</span>
-<span class="o">*</span> <span class="n">The</span> <span class="n">_Search</span>
<span class="n">Base</span> <span class="n">DN_</span> <span class="n">should</span>
<span class="n">point</span> <span class="n">to</span> <span class="n">the</span>
<span class="n">place</span> <span class="n">under</span> <span
class="n">which</span> <span class="n">we</span> <span class="n">store</span>
<span class="n">users</span> <span class="n">and</span> <span class="n">services</span>
<span class="p">(</span><span class="n">_dc</span><span class="p">=</span><span
class="n">security</span><span class="p">,</span><span class="n">dc</span><span
class="p">=</span><span class="n">example</span><span class="p">,</span><span
class="n">dc</span><span class="p">=</span><span class="n">com_</span><span
class="p">)</span>
+<div class="codehilite"><pre>* The <span class="nt">&lt;em&gt;</span>SASL
host<span class="nt">&lt;/em&gt;</span> must be the local server name
(here, example.net)
+* The <span class="nt">&lt;em&gt;</span>SASL principal<span class="nt">&lt;/em&gt;</span>
is <span class="nt">&lt;strong&gt;</span>ldap/example.net@EXAMPLE.COM<span
class="nt">&lt;/strong&gt;</span>
+* The <span class="nt">&lt;em&gt;</span>Search Base DN<span class="nt">&lt;/em&gt;</span>
should point to the place under which we store users and services (<span class="nt">&lt;em&gt;</span>dc=security,dc=example,dc=com<span
class="nt">&lt;/em&gt;</span>)
 </pre></div>
 
 
 <DIV class="warning" markdown="1">
-The _SASL principal_ instance part (ie, <strong>example.net</strong>) is in lower
case, as the hostname is not case sensitive. Sadly, the <em>KrbPrincipalName</em>
attributeType is case sensitive, so if the left part is not lowercased, the server won't be
able to retrieve the information from the LDAP server.
+The <em>SASL principal</em> instance part (ie, <strong>example.net</strong>)
is in lower case, as the hostname is not case sensitive. Sadly, the <em>KrbPrincipalName</em>
attributeType is case sensitive, so if the left part is not lowercased, the server won't be
able to retrieve the information from the LDAP server.
 </DIV>
 
 <p>Here is a snapshot of this configuration :</p>
 <p><img alt="LDAP configuration" src="images/ldap-config.png" /></p>
 <h3 id="kerberos-server-configuration">Kerberos Server configuration</h3>
 <p>Now, you can switch to the Kerberos tab, where some more configuration must be set
:</p>
-<div class="codehilite"><pre><span class="o">*</span> <span class="n">The</span>
<span class="n">_Primary</span> <span class="n">KDC</span> <span
class="n">Realm_</span> <span class="n">is</span> <span class="n">EXAMPLE</span><span
class="p">.</span><span class="n">COM</span>
-<span class="o">*</span> <span class="n">The</span> <span class="n">_Search</span>
<span class="n">Base</span> <span class="n">DN_</span> <span class="n">is</span>
<span class="n">the</span> <span class="n">same</span> <span class="n">as</span>
<span class="k">for</span> <span class="n">the</span> <span class="n">LDAP</span>
<span class="n">server</span> <span class="p">:</span> <span class="n">_dc</span><span
class="p">=</span><span class="n">security</span><span class="p">,</span><span
class="n">dc</span><span class="p">=</span><span class="n">example</span><span
class="p">,</span><span class="n">dc</span><span class="p">=</span><span
class="n">com_</span>
+<div class="codehilite"><pre>* The <span class="nt">&lt;em&gt;</span>Primary
KDC Realm<span class="nt">&lt;/em&gt;</span> is EXAMPLE.COM
+* The <span class="nt">&lt;em&gt;</span>Search Base DN<span class="nt">&lt;_em&gt;</span>
is the same as for the LDAP server : <span class="nt">&lt;em&gt;</span>dc=security,dc=example,dc=com<span
class="nt">&lt;/em&gt;</span>
 </pre></div>
 
 
@@ -307,11 +307,12 @@ ou: LDAP
 
 <DIV class="info" markdown="1">
 Three important things :
-
-- the userPassword is 'randomkey'. The key will not be generated based on a know password,
they will use a random key.
-- the <em>krb5PrincipalName</em> has one more information, after the / character
: _EXAMPLE.COM_ for 
-    the <strong>krbtgt</strong> service, and _example.net_ for the <strong>ldap</strong>
service. For the <strong>krbtgt</strong> principal, the instance is always the
realm name. For the <strong>ldap</strong> principal, the instance is the hostname,
in lowercase.
-- the krb5KeyVersionNumber is 0
+<ul>
+<li>- the userPassword is 'randomkey'. The key will not be generated based on a know
password, they will use a random key.</li>
+<li>- the <em>krb5PrincipalName</em> has one more information, after the
/ character : <em>EXAMPLE.COM</em> for 
+    the <strong>krbtgt</strong> service, and <em>example.net</em>
for the <strong>ldap</strong> service. For the <strong>krbtgt</strong>
principal, the instance is always the realm name. For the <strong>ldap</strong>
principal, the instance is the hostname, in lowercase.</li>
+<li>- the krb5KeyVersionNumber is 0</li>
+</ul>
 </DIV>
 
 <p>Again, once those entries have been injected in the LDAP server, the <em>krb5Key</em>
attributeTypes will be created</p>
@@ -321,10 +322,10 @@ Three important things :
 <p>On the "Connections" tab, right click and select 'New Connection...'</p>
 <p><img alt="New Connection" src="images/new-connection.png" /></p>
 <p>You will now have to set the network parameters, as in the following popup. Typically,
set :</p>
-<div class="codehilite"><pre><span class="o">*</span> <span class="n">The</span>
<span class="n">connection</span> <span class="n">name</span> <span
class="p">(</span><span class="n">here</span><span class="p">,</span>
<span class="o">**</span><span class="n">Kerberos</span> <span
class="n">User</span><span class="o">**</span><span class="p">)</span>
-<span class="o">*</span> <span class="n">The</span> <span class="n">LDAP</span>
<span class="n">server</span> <span class="n">host</span> <span
class="p">(</span><span class="o">**</span><span class="n">example</span><span
class="p">.</span><span class="n">net</span><span class="o">**</span><span
class="p">)</span>
-<span class="o">*</span> <span class="n">The</span> <span class="n">LDAP</span>
<span class="n">server</span> <span class="n">port</span> <span
class="p">(</span><span class="o">**</span>10389<span class="o">**</span><span
class="p">)</span>
-<span class="o">*</span> <span class="n">The</span> <span class="n">Provider</span>
<span class="p">(</span><span class="n">pick</span> <span class="o">**</span><span
class="n">Apache</span> <span class="n">Directory</span> <span class="n">LDAP</span>
<span class="n">Client</span> <span class="n">API</span><span class="o">**</span><span
class="p">)</span>
+<div class="codehilite"><pre>* The connection name (here, <span class="nt">&lt;strong&gt;</span>Kerberos
User<span class="nt">&lt;/strong&gt;</span>)
+* The LDAP server host (<span class="nt">&lt;strong&gt;</span>example.net<span
class="nt">&lt;/strong&gt;</span>)
+* The LDAP server port (<span class="nt">&lt;strong&gt;</span>10389<span
class="nt">&lt;/strong&gt;</span>)
+* The Provider (pick <span class="nt">&lt;strong&gt;</span>Apache Directory
LDAP Client API<span class="nt">&lt;/strong&gt;</span>)
 </pre></div>
 
 
@@ -333,8 +334,8 @@ Three important things :
 <p><img alt="Network Parameters" src="images/network-parameters.png" /></p>
 <p>Then click on Next to setup the authentication part.
 Select the following parameters and values :</p>
-<div class="codehilite"><pre>* Authentication method : <span class="nt">&lt;b&gt;</span>GSSAPI<span
class="nt">&lt;/b&gt;</span>
-* Bind DN : the user name (here, <span class="nt">&lt;b&gt;</span>hnelson<span
class="nt">&lt;/b&gt;</span>)
+<div class="codehilite"><pre>* Authentication method : **GSSAPI**
+* Bind DN : the user name (here, <span class="nt">&lt;strong&gt;</span>hnelson<span
class="nt">&lt;/b&gt;</span>)
 * Bind password : here, <span class="nt">&lt;b&gt;</span>secret<span
class="nt">&lt;/b&gt;</span>
 * Do not change anything in the SASL settings
 * Kerberos settings 



Mime
View raw message