directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject svn commit: r1613025 - in /directory/site/trunk/content/apacheds/kerberos-ug: 1.1.4-kdc.mdtext 1.1.6-as.mdtext 1.1.8-tickets.mdtext 4.2-authenticate-studio.mdtext
Date Thu, 24 Jul 2014 07:20:10 GMT
Author: elecharny
Date: Thu Jul 24 07:20:09 2014
New Revision: 1613025

fixed some other image links


Modified: directory/site/trunk/content/apacheds/kerberos-ug/1.1.4-kdc.mdtext
--- directory/site/trunk/content/apacheds/kerberos-ug/1.1.4-kdc.mdtext (original)
+++ directory/site/trunk/content/apacheds/kerberos-ug/1.1.4-kdc.mdtext Thu Jul 24 07:20:09
@@ -42,7 +42,7 @@ The **KDC** is associated with a **Realm
 The following schema expose the way the **KDC** works :
 <DIV align="center">
-![KDC usage](images/kerberos-auth.png)
+  <img alt="KDC usage" src="images/kerberos-auth.png">
 In order to use a service, the client needs to get a ticket for this service from the **KDC**.
This requires a two step process, where the client first authenticates himself, and then get
back a ticket to use with the targeted server.

Modified: directory/site/trunk/content/apacheds/kerberos-ug/1.1.6-as.mdtext
--- directory/site/trunk/content/apacheds/kerberos-ug/1.1.6-as.mdtext (original)
+++ directory/site/trunk/content/apacheds/kerberos-ug/1.1.6-as.mdtext Thu Jul 24 07:20:09
@@ -38,7 +38,9 @@ As we can see, for the client to get a *
 Here is the standard exchange :
-![Kerberos Authentication with no pre-auth](images/kerberos-as-no-padata.png)
+<DIV align="center">
+  <img alt="Kerberos Authentication with no pre-auth" src="images/kerberos-as-no-padata.png">
 There is still a potential security breach in this scenario : as the server issues a **TGT**
to the client, containing the secret key built using the user's password, it is possible to
decrypt the ticket using a brute force attack (and this is more likely to happen if the password
is weak...)
@@ -54,7 +56,9 @@ Now, let's see how does a client 'proves
 Here is the exchange, when  :
-![Kerberos Authentication with pre-auth](images/kerberos-as-padata.png)
+<DIV align="center">
+  <img alt="Kerberos Authentication with pre-auth" src="images/kerberos-as-padata.png">

Modified: directory/site/trunk/content/apacheds/kerberos-ug/1.1.8-tickets.mdtext
--- directory/site/trunk/content/apacheds/kerberos-ug/1.1.8-tickets.mdtext (original)
+++ directory/site/trunk/content/apacheds/kerberos-ug/1.1.8-tickets.mdtext Thu Jul 24 07:20:09
@@ -35,7 +35,7 @@ It also contains many other fields, like
 Here are the information that can be found in a ticket. Most of them are encrypted using
the service's secret key.
 <DIV align="center">
+  <img alt="Ticket" src="images/ticket.png">
 The blue boxes are optionnal informations.

Modified: directory/site/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.mdtext
--- directory/site/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.mdtext (original)
+++ directory/site/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.mdtext Thu Jul
24 07:20:09 2014
@@ -36,19 +36,27 @@ We first have to configure the **LDAP** 
 If you have installed the **ApacheDS** package, the simplest way is to start the server,
and to connect on it using Studio, using the _uid=admin,ou=system_ user with _secret_ as a
password (this password will have to be changed later !).
-![Admin Connection](images/admin-connection.png)
+<DIV align="center">
+  <img alt="Admin Connection" src="images/admin-connection.png">
 and :
-![Admin Authentication](images/admin-authentication.png)
+<DIV align="center">
+  <img alt="Admin Authentication" src="images/admin-authentication.png">
 Once connected, right click on the connection :
-![Open Configuration](images/open-config.png)
+<DIV align="center">
+  <img alt="Open Configuration" src="images/open-config.png">
 On the **Overview** tab, check the **Enable Kerberos Server** box :
-![Enable Kerberos Server](images/enable-kerberos.png)
+<DIV align="center">
+  <img alt="Enable Kerberos Server" src="images/enable-kerberos.png">
 ### LDAP Server configuration
@@ -64,7 +72,9 @@ The <em>SASL principal</em> instance par
 Here is a snapshot of this configuration :
-![LDAP configuration](images/ldap-config.png)
+<DIV align="center">
+  <img alt="LDAP configuration" src="images/ldap-config.png">
 ### Kerberos Server configuration
@@ -76,7 +86,9 @@ Now, you can switch to the Kerberos tab,
 Here is a Ssnapshot of this configuration :
-![Kerberos configuration](images/kerberos-config.png)
+<DIV align="center">
+  <img alt="Kerberos configuration" src="images/kerberos-config.png">
 Once those modifications have been done, you must restart the server.
@@ -108,7 +120,9 @@ Each user and each service will be decla
 We will store those entries in a part of the **DIT** where the kerberos server and the ldap
server will be able to find them. Assuming we have created our own partition named **dc=example,dc=com**,
we will define this hierarchy starting from there :
-![Authentification hierarchy](images/authent-hierarchy.png)
+<DIV align="center">
+  <img alt="Authentification hierarchy" src="images/authent-hierarchy.png">
 This can be injected in the LDAP server using this LDIF :
@@ -244,7 +258,9 @@ Now that the server is set, and the serv
 On the "Connections" tab, right click and select 'New Connection...'
-![New Connection](images/new-connection.png)
+<DIV align="center">
+  <img alt="New Connection" src="images/new-connection.png">
 You will now have to set the network parameters, as in the following popup. Typically, set
@@ -258,7 +274,9 @@ You can check the connection on cliking 
 Here is the screenshot :
-![Network Parameters](images/network-parameters.png)
+<DIV align="center">
+  <img alt="Network Parameters" src="images/network-parameters.png">
 Then click on Next to setup the authentication part.
 Select the following parameters and values :
@@ -276,7 +294,9 @@ Select the following parameters and valu
 Here is the resulting screen :
-![Kerberos authentification](images/kerberos-authent.png)
+<DIV align="center">
+  <img alt="Kerberos authentification" src="images/kerberos-authent.png">
 Clinking in the 'Check Authentication' button should be succesfull.

View raw message