You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ka...@apache.org on 2013/02/10 08:48:00 UTC
svn commit: r1444494 - in /directory/site/trunk/content/apacheds/kerberos-ug: 1-kerberos.mdtext 1.1-introduction.mdtext

Author: kayyagari
Date: Sun Feb 10 07:48:00 2013
New Revision: 1444494

URL: http://svn.apache.org/r1444494
Log:
trivial editing

Modified:
    directory/site/trunk/content/apacheds/kerberos-ug/1-kerberos.mdtext
    directory/site/trunk/content/apacheds/kerberos-ug/1.1-introduction.mdtext

Modified: directory/site/trunk/content/apacheds/kerberos-ug/1-kerberos.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/kerberos-ug/1-kerberos.mdtext?rev=1444494&r1=1444493&r2=1444494&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/kerberos-ug/1-kerberos.mdtext (original)
+++ directory/site/trunk/content/apacheds/kerberos-ug/1-kerberos.mdtext Sun Feb 10 07:48:00 2013
@@ -39,16 +39,16 @@ Notice: Licensed to the Apache Software 
 
 # 1 - What is Kerberos ?
 
-**Kerberos** is the result of an effort by the MIT, known as **Project Athena**. It started in May 1983, and resulted in many internal version at the MIT, and finally, **Kerberos V4** was openly released on January 1989. **Kerberos V5* is available since 1993.
+**Kerberos** is the result of an effort by the MIT, known as **Project Athena**. It started in May 1983, and resulted in many internal versions at the MIT, and finally, **Kerberos V4** was openly released in January 1989. **Kerberos V5* is available since 1993.
 
-**Kerberos** is a computer network authentication protocol, which provides a secure, SSO, trusted third-party mutual authentication service.
+**Kerberos** is a computer network authentication protocol, which provides a secure Single Sign On(SSO) based on a trusted third-party mutual authentication service.
 
-* It's secure because the user's password is never transmitted over the wire. **Kerberos** uses **Tickets** which are negociated with the server, with a limited time to live.
+* It is secure because the user's password is never transmitted over the wire. **Kerberos** uses **Tickets** which are negociated with the server, with a limited time to live.
 
-* It a SSO system as a ticket can be used by all the services for its duration. The services can fully trust those tickets.
+* It is a SSO system, a single ticket can be used by all the services till its validity expires.
 
-* It's a trusted third party as all the users and services are managed by the **Kerberos** server. 
+* It acts as a trusted third party cause all the keys of users and services are managed by the **Kerberos** server. 
 
-* It's a mutual authentication system that guarantees not only that the user is who he is pretending to be, but because each user has the guarantee that the services he accesses to are the expected services.
+* It is a mutual authentication system that guarantees not only that the user is who he is pretending to be, but also because each user is guaranteed that the services he has access to are the expected services.
 
-**Kerberos** is widely used in the **Microsoft&trade;** world, as all the authentications on **Microsoft&trade;** are done through this protocol.
+**Kerberos** is widely used in the **Microsoft&trade;** world, as all the authentication mechanisms on **Microsoft&trade;** are done through this protocol.

Modified: directory/site/trunk/content/apacheds/kerberos-ug/1.1-introduction.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/kerberos-ug/1.1-introduction.mdtext?rev=1444494&r1=1444493&r2=1444494&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/kerberos-ug/1.1-introduction.mdtext (original)
+++ directory/site/trunk/content/apacheds/kerberos-ug/1.1-introduction.mdtext Sun Feb 10 07:48:00 2013
@@ -35,37 +35,35 @@ Notice: Licensed to the Apache Software 
 
 # 1.1 - Introduction
 
-The **Kerberos** server is a part of the **Apache Directory Server** : it uses the **LDAP** server as a backend, but has its own network layer. which makes it easy to install, compared to other solutions where you have two components : an LDAP server on one side, and the Kerberos Server on the other.
+The **Kerberos** server is a part of the **Apache Directory Server** : it uses the **LDAP** server as a backend, but has its own network layer. which makes it easy to install, compared to other solutions where you have two components : a backend(typically an LDAP server) on one side, and the Kerberos Server on the other.
 
-We also have a complete configuration GUI in Studio, which allows administrators to tweak their server in a convenient way.
+We also have decent GUI support for editing the configuration in Studio, which allows administrators to tweak their server's functionality in a convenient way.
 
-The Kerberos provider for Apache Directory implements RFC 1510 and RFC 4120 , the Kerberos V5 Network Authentication Service. The purpose of Kerberos is to verify the identities of principals (users or services) on an unprotected network. While generally thought of as a single-sign-on technology, Kerberos' true strength is in authenticating users without ever sending their password over the network. Kerberos is designed for use on open (untrusted) networks and, therefore, operates under the assumption that packets traveling along the network can be read, modified, and inserted at will. This chart provides a good description of the protocol workflow.
+The Kerberos server of Apache Directory implements RFC 1510 and RFC 4120, the Kerberos V5 Network Authentication Service. The purpose of Kerberos is to verify the identities of principals (users or services) on an unprotected network. While generally thought of as a single-sign-on technology, Kerberos's true strength is in authenticating users without ever sending their passwords over the network. Kerberos is designed for use in open (untrusted) networks and, therefore, operates under the assumption that packets traveling along the network can be read, modified, and inserted at will. This chart provides a good description of the protocol workflow.
 
-Kerberos is named for the three-headed dog that guards the gates to Hades. The three heads are the client, the Kerberos server, and the network service being accessed.
+Kerberos is named after the three-headed dog that guards the gates to Hades. The three heads are the client, the Kerberos server, and the network service being accessed.
 
 ## What is it all about ?
 
-The isea is to have a server being able to deliver a user some tickets that can be used by services. Those tickets are trusted for a certain period of time. The most important point is that the service does not have to ask any server to validate those tickets : they are trusted because they have been generated by a trusted server.
+The idea is to have a server being able to deliver a user some tickets that can be used by services. Those tickets are trusted for a certain period of time. The most important point is that the service does not have to ask any server to validate those tickets : they are trusted because they have been generated by a trusted server.
 
-This is a two rounds process :
-1 - The client request a Ticket to the Kerberos server
-2 - The client submit the ticket to the requested service
+This is a two round process :
+1 - The client requests a Ticket to the Kerberos server
+2 - The client submits the ticket to the requested service
 
 The the client is authenticated.
 
-In any case, there is no way to fake an identity or to forge a ticket that can be used, nor one can reuse a Ticket that has already been used.
+In any case, there is no way to fake an identity or to forge a ticket for accessing a service, nor one can reuse a Ticket that has already been used.
 
 ## Apache Kerberos Server
 
-The Apache Directory Kerberos provider is implemented as a protocol-provider plugin. As a plugin, the Kerberos provider leverages **Apache MINA** for front-end services and the **Apache Directory** read-optimized backing store for persistent directory services.
+The Apache Directory Kerberos server uses **Apache MINA** in networking layer and the **Apache Directory** as the backend
+for storing principals and associated keys.
 
-The Kerberos server for Apache Directory, in conjunction with MINA and the Apache Directory store, provides an easy-to-use yet fully-featured network authentication service. As implemented within the Apache Directory, the Kerberos provder will provide:
+The Kerberos server provides:
 
 * Authentication service
 * Ticket-granting service
-* Pre-authentication support
-* DES encryption systems
-* Triple-DES (DES3)
-* UDP and TCP Support (MINA)
-
-
+* Pre-authentication support(PA-ENC-TIMESTAMP)
+* support for des-cbc-md5, des3-cbc-sha1-kd, aes128-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96 and rc4-hmac encryption systems
+* UDP and TCP transports
\ No newline at end of file