You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2014/07/24 09:20:10 UTC

svn commit: r1613025 - in /directory/site/trunk/content/apacheds/kerberos-ug: 1.1.4-kdc.mdtext 1.1.6-as.mdtext 1.1.8-tickets.mdtext 4.2-authenticate-studio.mdtext

Author: elecharny
Date: Thu Jul 24 07:20:09 2014
New Revision: 1613025

URL: http://svn.apache.org/r1613025
Log:
fixed some other image links

Modified:
    directory/site/trunk/content/apacheds/kerberos-ug/1.1.4-kdc.mdtext
    directory/site/trunk/content/apacheds/kerberos-ug/1.1.6-as.mdtext
    directory/site/trunk/content/apacheds/kerberos-ug/1.1.8-tickets.mdtext
    directory/site/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.mdtext

Modified: directory/site/trunk/content/apacheds/kerberos-ug/1.1.4-kdc.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/kerberos-ug/1.1.4-kdc.mdtext?rev=1613025&r1=1613024&r2=1613025&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/kerberos-ug/1.1.4-kdc.mdtext (original)
+++ directory/site/trunk/content/apacheds/kerberos-ug/1.1.4-kdc.mdtext Thu Jul 24 07:20:09 2014
@@ -42,7 +42,7 @@ The **KDC** is associated with a **Realm
 The following schema expose the way the **KDC** works :
 
 <DIV align="center">
-![KDC usage](images/kerberos-auth.png)
+  <img alt="KDC usage" src="images/kerberos-auth.png">
 </DIV>
 
 In order to use a service, the client needs to get a ticket for this service from the **KDC**. This requires a two step process, where the client first authenticates himself, and then get back a ticket to use with the targeted server.

Modified: directory/site/trunk/content/apacheds/kerberos-ug/1.1.6-as.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/kerberos-ug/1.1.6-as.mdtext?rev=1613025&r1=1613024&r2=1613025&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/kerberos-ug/1.1.6-as.mdtext (original)
+++ directory/site/trunk/content/apacheds/kerberos-ug/1.1.6-as.mdtext Thu Jul 24 07:20:09 2014
@@ -38,7 +38,9 @@ As we can see, for the client to get a *
 
 Here is the standard exchange :
 
-![Kerberos Authentication with no pre-auth](images/kerberos-as-no-padata.png)
+<DIV align="center">
+  <img alt="Kerberos Authentication with no pre-auth" src="images/kerberos-as-no-padata.png">
+</DIV>
 
 There is still a potential security breach in this scenario : as the server issues a **TGT** to the client, containing the secret key built using the user's password, it is possible to decrypt the ticket using a brute force attack (and this is more likely to happen if the password is weak...)
 
@@ -54,7 +56,9 @@ Now, let's see how does a client 'proves
 
 Here is the exchange, when  :
 
-![Kerberos Authentication with pre-auth](images/kerberos-as-padata.png)
+<DIV align="center">
+  <img alt="Kerberos Authentication with pre-auth" src="images/kerberos-as-padata.png">
+</DIV>
 
 
 

Modified: directory/site/trunk/content/apacheds/kerberos-ug/1.1.8-tickets.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/kerberos-ug/1.1.8-tickets.mdtext?rev=1613025&r1=1613024&r2=1613025&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/kerberos-ug/1.1.8-tickets.mdtext (original)
+++ directory/site/trunk/content/apacheds/kerberos-ug/1.1.8-tickets.mdtext Thu Jul 24 07:20:09 2014
@@ -35,7 +35,7 @@ It also contains many other fields, like
 Here are the information that can be found in a ticket. Most of them are encrypted using the service's secret key.
 
 <DIV align="center">
-![Ticket](images/ticket.png)
+  <img alt="Ticket" src="images/ticket.png">
 </DIV>
 
 The blue boxes are optionnal informations.

Modified: directory/site/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.mdtext?rev=1613025&r1=1613024&r2=1613025&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.mdtext (original)
+++ directory/site/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.mdtext Thu Jul 24 07:20:09 2014
@@ -36,19 +36,27 @@ We first have to configure the **LDAP** 
 
 If you have installed the **ApacheDS** package, the simplest way is to start the server, and to connect on it using Studio, using the _uid=admin,ou=system_ user with _secret_ as a password (this password will have to be changed later !).
 
-![Admin Connection](images/admin-connection.png)
+<DIV align="center">
+  <img alt="Admin Connection" src="images/admin-connection.png">
+</DIV>
 
 and :
 
-![Admin Authentication](images/admin-authentication.png)
+<DIV align="center">
+  <img alt="Admin Authentication" src="images/admin-authentication.png">
+</DIV>
 
 Once connected, right click on the connection :
 
-![Open Configuration](images/open-config.png)
+<DIV align="center">
+  <img alt="Open Configuration" src="images/open-config.png">
+</DIV>
 
 On the **Overview** tab, check the **Enable Kerberos Server** box :
 
-![Enable Kerberos Server](images/enable-kerberos.png)
+<DIV align="center">
+  <img alt="Enable Kerberos Server" src="images/enable-kerberos.png">
+</DIV>
 
 ### LDAP Server configuration
 
@@ -64,7 +72,9 @@ The <em>SASL principal</em> instance par
 
 Here is a snapshot of this configuration :
 
-![LDAP configuration](images/ldap-config.png)
+<DIV align="center">
+  <img alt="LDAP configuration" src="images/ldap-config.png">
+</DIV>
 
 
 ### Kerberos Server configuration
@@ -76,7 +86,9 @@ Now, you can switch to the Kerberos tab,
 
 Here is a Ssnapshot of this configuration :
 
-![Kerberos configuration](images/kerberos-config.png)
+<DIV align="center">
+  <img alt="Kerberos configuration" src="images/kerberos-config.png">
+</DIV>
 
 
 Once those modifications have been done, you must restart the server.
@@ -108,7 +120,9 @@ Each user and each service will be decla
 
 We will store those entries in a part of the **DIT** where the kerberos server and the ldap server will be able to find them. Assuming we have created our own partition named **dc=example,dc=com**, we will define this hierarchy starting from there :
 
-![Authentification hierarchy](images/authent-hierarchy.png)
+<DIV align="center">
+  <img alt="Authentification hierarchy" src="images/authent-hierarchy.png">
+</DIV>
 
 This can be injected in the LDAP server using this LDIF :
 
@@ -244,7 +258,9 @@ Now that the server is set, and the serv
 
 On the "Connections" tab, right click and select 'New Connection...'
 
-![New Connection](images/new-connection.png)
+<DIV align="center">
+  <img alt="New Connection" src="images/new-connection.png">
+</DIV>
 
 You will now have to set the network parameters, as in the following popup. Typically, set :
 
@@ -258,7 +274,9 @@ You can check the connection on cliking 
 Here is the screenshot :
 
 
-![Network Parameters](images/network-parameters.png)
+<DIV align="center">
+  <img alt="Network Parameters" src="images/network-parameters.png">
+</DIV>
 
 Then click on Next to setup the authentication part.
 Select the following parameters and values :
@@ -276,7 +294,9 @@ Select the following parameters and valu
 
 Here is the resulting screen :
 
-![Kerberos authentification](images/kerberos-authent.png)
+<DIV align="center">
+  <img alt="Kerberos authentification" src="images/kerberos-authent.png">
+</DIV>
 
 Clinking in the 'Check Authentication' button should be succesfull.