You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by er...@apache.org on 2007/05/07 03:39:57 UTC
svn commit: r535704 -
/directory/apacheds/branches/kerberos-encryption-types/server-main/server.xml
Author: erodriguez
Date: Sun May 6 18:39:55 2007
New Revision: 535704
URL: http://svn.apache.org/viewvc?view=rev&rev=535704
Log:
Changes to server-main's server.xml for testing:
o Enabled Kerberos and Change Password protocols.
o Enabled all encryption types: aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1-kd des-cbc-md5
o Inserted KeyDerivationService interceptor.
o Disabled Kerberos-aware LDIF filter since it conflicts with the KeyDerivationService interceptor.
Modified:
directory/apacheds/branches/kerberos-encryption-types/server-main/server.xml
Modified: directory/apacheds/branches/kerberos-encryption-types/server-main/server.xml
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/server-main/server.xml?view=diff&rev=535704&r1=535703&r2=535704
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/server-main/server.xml (original)
+++ directory/apacheds/branches/kerberos-encryption-types/server-main/server.xml Sun May 6 18:39:55 2007
@@ -10,10 +10,11 @@
<prop key="java.naming.security.authentication">simple</prop>
<prop key="java.naming.security.principal">uid=admin,ou=system</prop>
<prop key="java.naming.security.credentials">secret</prop>
- <!--<prop key="kdc.entryBaseDn">ou=users,dc=example,dc=com</prop>-->
- <!--<prop key="kdc.java.naming.security.credentials">secret</prop>-->
- <!--<prop key="changepw.entryBaseDn">ou=users,dc=example,dc=com</prop>-->
- <!--<prop key="changepw.java.naming.security.credentials">secret</prop>-->
+ <prop key="kdc.entryBaseDn">ou=users,dc=example,dc=com</prop>
+ <prop key="kdc.java.naming.security.credentials">secret</prop>
+ <prop key="kdc.encryption.types">aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1-kd des-cbc-md5</prop>
+ <prop key="changepw.entryBaseDn">ou=users,dc=example,dc=com</prop>
+ <prop key="changepw.java.naming.security.credentials">secret</prop>
<!-- Set this key to a space delimited set of attributeType descriptions
and their OID's if you want an attributeType to be handled as
binary content.
@@ -38,19 +39,20 @@
<!-- can point to an absolute path to either using the URL path -->
<!-- notation: i.e. file:///Users/jack/apacheds/ldifs -->
- <!-- Entries will optionally be filtered using LdifLoadFilters in the -->
- <!-- order specified. The included Krb5KdcEntryFilter will filter -->
- <!-- kerberos principals creating keys for them using their -->
- <!-- userPassword attribute if present. -->
-
- <!--<property name="ldifDirectory">
- <value>example.ldif</value>
+ <property name="ldifDirectory">
+ <value>/root/ldif-example/kerberos-example.ldif</value>
</property>
+
+ <!-- Entries will optionally be filtered using LdifLoadFilters in the -->
+ <!-- order specified. The included Krb5KdcEntryFilter will conflict -->
+ <!-- with the KeyDerivationService interceptor, so should not be used. -->
+ <!--
<property name="ldifFilters">
<list>
<bean class="org.apache.directory.server.protocol.shared.store.Krb5KdcEntryFilter"/>
</list>
- </property>-->
+ </property>
+ -->
<!-- the number of milliseconds before issuing a synch (flush to disk) -->
<!-- which writes out dirty pages back to disk. To turn off synchs all -->
@@ -70,8 +72,8 @@
<property name="allowAnonymousAccess" value="false" />
<property name="accessControlEnabled" value="false" />
<property name="enableNtp" value="false" />
- <property name="enableKerberos" value="false" />
- <property name="enableChangePassword" value="false" />
+ <property name="enableKerberos" value="true" />
+ <property name="enableChangePassword" value="true" />
<!--
It's more efficient to keep this feature turned off but you may not like
@@ -148,6 +150,12 @@
<property name="name" value="operationalAttributeService" />
<property name="interceptor">
<bean class="org.apache.directory.server.core.operational.OperationalAttributeService" />
+ </property>
+ </bean>
+ <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+ <property name="name" value="keyDerivationService" />
+ <property name="interceptor">
+ <bean class="org.apache.directory.server.kerberos.shared.interceptors.KeyDerivationService" />
</property>
</bean>
<bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">