You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by bu...@apache.org on 2013/02/09 08:57:50 UTC
svn commit: r849994 - in /websites/staging/directory/trunk/content: ./
apacheds/kerberos-ug/1.1.1-realms.html
apacheds/kerberos-ug/1.1.2-principals.html
apacheds/kerberos-ug/1.1.3-keys.html
Author: buildbot
Date: Sat Feb 9 07:57:50 2013
New Revision: 849994
Log:
Staging update by buildbot for directory
Modified:
websites/staging/directory/trunk/content/ (props changed)
websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.1.1-realms.html
websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.1.2-principals.html
websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.1.3-keys.html
Propchange: websites/staging/directory/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Sat Feb 9 07:57:50 2013
@@ -1 +1 @@
-1444169
+1444339
Modified: websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.1.1-realms.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.1.1-realms.html (original)
+++ websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.1.1-realms.html Sat Feb 9 07:57:50 2013
@@ -137,7 +137,7 @@
</div>
-<h1 id="realms">Realms</h1>
+<h1 id="111-realms">1.1.1 - Realms</h1>
<p>A <strong>Realm</strong> is associated with a Kerberos administrative domain. In other words, it covers everything the Kerberos server manage :
<em> Users
</em> Services</p>
Modified: websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.1.2-principals.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.1.2-principals.html (original)
+++ websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.1.2-principals.html Sat Feb 9 07:57:50 2013
@@ -137,7 +137,7 @@
</div>
-<h1 id="principals">Principals</h1>
+<h1 id="112-principals">1.1.2 - Principals</h1>
<p>The Kerberos <strong>Principal</strong> is any entity to which the server can assign a <strong>Ticket</strong>. Typically, we can think of three kinds of <strong>Principals</strong> :</p>
<div class="codehilite"><pre><span class="o">*</span> <span class="n">Users</span>
<span class="o">*</span> <span class="n">Services</span>
Modified: websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.1.3-keys.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.1.3-keys.html (original)
+++ websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.1.3-keys.html Sat Feb 9 07:57:50 2013
@@ -137,7 +137,7 @@
</div>
-<h1 id="keys">Keys</h1>
+<h1 id="113-keys">1.1.3 - Keys</h1>
<p>The <strong>Kerberos</strong> server generates keys based on the password we provide. Those keys are stored in the <strong>KDC</strong> and used to encrypt and decrypt the data being exchanged with the client.</p>
<p>The Key is computed using either the user's password or a random value, and is salted with the realm. </p>
<p><DIV class="INFO" markdown="1">
@@ -167,7 +167,7 @@ There is a special case : if the passwor
</DIV></p>
<p><DIV class="INFO" mardown="1">
Note that we will generate more than one key : we generate one key per configured cipher. </p>
-<p>ApacheDS Kerberos server default set of ciphers is :</p>
+<p>ApacheDS Kerberos server supported set of ciphers is :</p>
<div class="codehilite"><pre><span class="o">*</span> <span class="n">DES_CBC_MD5</span>
<span class="o">*</span> <span class="n">DES3_CBC_SHA1_KD</span>
<span class="o">*</span> <span class="n">RC4_HMAC</span>
@@ -176,7 +176,8 @@ Note that we will generate more than one
</pre></div>
-<p></DIV></p>
+<p>The default cipher is DES_CBC_MD5, so if you want to use another one, you must add it to the list of supported EncryptionTypes.
+</DIV></p>
<p><DIV class="WARN" mardown="1">
Note that the key generation is an extremely costly operation. If you have many supported ciphers, you will multiply the time it takes to generate the keys by the number of ciphers. It's smart to limit the configured ciphers to the minimal, accordingly to your needs.</p>
<p>Provisionning thousands of users will inheritently be a slow operation.