You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2013/04/06 19:26:23 UTC
svn commit: r1465278 - in
/directory/site/trunk/content/apacheds/advanced-ug: 4.1.2-sasl-authn.mdtext
4.1.2.2-sasl-gssapi-authn.mdtext 4.1.2.2-sasl-plain-text-authn.mdtext
4.1.2.7-sasl-ntlm-authn.mdtext
Author: elecharny
Date: Sat Apr 6 17:26:23 2013
New Revision: 1465278
URL: http://svn.apache.org/r1465278
Log:
removed the SASL anonymous page, updated the SASL main page
Removed:
directory/site/trunk/content/apacheds/advanced-ug/4.1.2.2-sasl-plain-text-authn.mdtext
directory/site/trunk/content/apacheds/advanced-ug/4.1.2.7-sasl-ntlm-authn.mdtext
Modified:
directory/site/trunk/content/apacheds/advanced-ug/4.1.2-sasl-authn.mdtext
directory/site/trunk/content/apacheds/advanced-ug/4.1.2.2-sasl-gssapi-authn.mdtext
Modified: directory/site/trunk/content/apacheds/advanced-ug/4.1.2-sasl-authn.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/advanced-ug/4.1.2-sasl-authn.mdtext?rev=1465278&r1=1465277&r2=1465278&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/advanced-ug/4.1.2-sasl-authn.mdtext (original)
+++ directory/site/trunk/content/apacheds/advanced-ug/4.1.2-sasl-authn.mdtext Sat Apr 6 17:26:23 2013
@@ -24,18 +24,49 @@ Notice: Licensed to the Apache Software
# 4.1.2 - SASL Authentication
-**SASL** authentication is based on a standard described in [RFC 4422](http://www.ietf.org/rfc/rfc4422.txt). **SASL** means **S**imple **A**uthentication and **S**ecurity **L**ayer.
-
-It extends the Simple authentication, by allowing the LDAP server to authenticate the user by various mechanisms.
-
-The **SASL* Authentication is used when a simple user/password authentication is not enough. Many other systems exist, and may take many parameters to authenticate a user. With **SASL**, a challenge/response system is used to get the needed information from the client, up to the point the authentication is either successful or fails.
-
## Chapter content
-* [4.1.2.1 - SASL plain text Authentication](4.1.2.1-sasl-plain-text-authn.html)
+* [4.1.2.1 - SASL PLAIN text Authentication](4.1.2.1-sasl-plain-text-authn.html)
* [4.1.2.2 - SASL GSSAPI Authentication](4.1.2.2-sasl-gssapi-authn.html)
* [4.1.2.3 - SASL CRAM-MD5 Authentication](4.1.2.3-sasl-cram-md5-authn.html)
* [4.1.2.4 - SASL DIGEST-MD5 Authentication](4.1.2.4-sasl-digest-md5-authn.html)
* [4.1.2.5 - SASL EXTERNAL Authentication](4.1.2.5-sasl-external-authn.html)
* [4.1.2.6 - SASL NTLM Authentication](4.1.2.6-sasl-ntlm-authn.html)
+
+## Introduction
+
+**SASL** authentication is based on a standard described in [RFC 4422](http://www.ietf.org/rfc/rfc4422.txt). **SASL** means **S**imple **A**uthentication and **S**ecurity **L**ayer.
+
+It extends the Simple authentication, by allowing the LDAP server to authenticate the user by various mechanisms.
+
+The **SASL* Authentication is used when a simple user/password authentication is not enough. Many other systems exist, and may take many parameters to authenticate a user. With **SASL**, a challenge/response system is used to get the needed information from the client, up to the point the authentication is either successful or fails.
+
+As **ApacheDS** is based on Java, we only support the **SASL** mechanisms the JDK support :
+
+ * PLAIN : cleartext user/password authentication
+ * CRAM-MD5 : IMAP/POP authentication
+ * DIGEST-MD5 : Http Digest authentication
+ * GSSAPI : Kerberos authentication
+ * EXTERNAL : External authentication
+
+It's important to notice that some of those mechanisms are either useless (PLAIN) or obsolete (DIGEST-MD5).
+
+The SASL specifications are defined by an [IETF Working Group](http://datatracker.ietf.org/wg/sasl/) which has published the following proposed standards :
+
+ * [RFC 4013](http://www.ietf.org/rfc/rfc4013.txt) : SASLprep: Stringprep Profile for User Names and Passwords
+ * [RFC 4422](http://www.ietf.org/rfc/rfc4422.txt) : Simple Authentication and Security Layer (SASL)
+ * [RFC 4505](http://www.ietf.org/rfc/rfc4505.txt) : Anonymous Simple Authentication and Security Layer (SASL) Mechanism
+ * [RFC 4616](http://www.ietf.org/rfc/rfc4616.txt) : The PLAIN Simple Authentication and Security Layer (SASL) Mechanism
+ * [RFC 4752](http://www.ietf.org/rfc/rfc4752.txt) : The Kerberos V5 ("GSSAPI") Simple Authentication and Security Layer (SASL) Mechanism
+ * [RFC 5801](http://www.ietf.org/rfc/rfc5801.txt) : Using Generic Security Service Application Program Interface (GSS-API) Mechanisms in Simple Authentication and Security Layer (SASL): The GS2 Mechanism Family
+ * [RFC 5802](http://www.ietf.org/rfc/rfc5802.txt) : Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms
+
+Some other RFCs have been published, for each specific mechanisms, some of them are obsoleted by more recent RFCs :
+
+ * [RFC 2595](http://www.ietf.org/rfc/rfc2595.txt) : Using TLS with IMAP, POP3 and ACAP (updated by RFC 4616)
+ * [RFC 2195](http://www.ietf.org/rfc/rfc2195.txt) : IMAP/POP AUTHorize Extension for Simple Challenge/Response
+ * [RFC 2831](http://www.ietf.org/rfc/rfc2831.txt) : Using Digest Authentication as a SASL Mechanism (obsoleted by RFC 6631)
+ * [RFC 2222](http://www.ietf.org/rfc/rfc2222.txt) : Simple Authentication and Security Layer (SASL) (obsoleted by RFC 4422)
+
+
Modified: directory/site/trunk/content/apacheds/advanced-ug/4.1.2.2-sasl-gssapi-authn.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/advanced-ug/4.1.2.2-sasl-gssapi-authn.mdtext?rev=1465278&r1=1465277&r2=1465278&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/advanced-ug/4.1.2.2-sasl-gssapi-authn.mdtext (original)
+++ directory/site/trunk/content/apacheds/advanced-ug/4.1.2.2-sasl-gssapi-authn.mdtext Sat Apr 6 17:26:23 2013
@@ -23,3 +23,10 @@ Notice: Licensed to the Apache Software
under the License.
# 4.1.2.2 - SASL GSSAPI Authentication
+
+This authentication mechanism is specified in the following RFCs :
+
+ * [RFC 2222](http://tools.ietf.org/html/rfc2222)
+ * [RFC ](http://tools.ietf.org/html/rfc)
+ * [RFC 4752](http://tools.ietf.org/html/rfc4752)
+ *