You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by bu...@apache.org on 2013/02/18 15:19:40 UTC
svn commit: r850965 - in /websites/staging/directory/trunk/content: ./
apacheds/kerberos-ug/ apacheds/kerberos-ug/images/
Author: buildbot
Date: Mon Feb 18 14:19:40 2013
New Revision: 850965
Log:
Staging update by buildbot for directory
Added:
websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/kerberos-authent.png (with props)
websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/network-parameters.png (with props)
websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/new-connection.png (with props)
Modified:
websites/staging/directory/trunk/content/ (props changed)
websites/staging/directory/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.html
websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/kerberos-config.png
Propchange: websites/staging/directory/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Mon Feb 18 14:19:40 2013
@@ -1 +1 @@
-1446725
+1447269
Modified: websites/staging/directory/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.html (original)
+++ websites/staging/directory/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.html Mon Feb 18 14:19:40 2013
@@ -279,44 +279,81 @@ userPassword:: e1NTSEF9VnhjYUl4U3JxUnAra
<p>Here is the associated LDIF file :</p>
<div class="codehilite"><pre>dn: uid=ldap,ou=services,dc=security,dc=example,dc=com
objectClass: top
-objectClass: inetOrgPerson
+objectClass: organizationalUnit
objectClass: krb5KDCEntry
-objectClass: person
+objectClass: uidObject
objectClass: krb5Principal
-objectClass: organizationalPerson
-cn: LDAP
krb5KeyVersionNumber: 0
krb5PrincipalName: ldap/localhost@EXAMPLE.COM
-sn: Service
uid: ldap
userPassword: randomKey
+ou: TGT
dn: uid=krbtgt,ou=services,dc=security,dc=example,dc=com
objectClass: top
-objectClass: inetOrgPerson
+objectClass: organizationalUnit
objectClass: krb5KDCEntry
-objectClass: person
+objectClass: uidObject
objectClass: krb5Principal
-objectClass: organizationalPerson
-cn: KDC Service
krb5KeyVersionNumber: 0
krb5PrincipalName: krbtgt/EXAMPLE.COM@EXAMPLE.COM
-sn: Service
uid: krbtgt
userPassword:: randomkey
+ou: LDAP
</pre></div>
<p><DIV class="info" markdown="1">
Three important things :</p>
-<div class="codehilite"><pre><span class="o">-</span> <span class="n">the</span> <span class="n">userPassword</span> <span class="n">is</span> <span class="s">'randomkey'</span><span class="o">.</span> <span class="n">The</span> <span class="n">key</span> <span class="n">won</span><span class="s">'t be generated based on a know password, they will use a random key.</span>
-<span class="s">- the _krb5PrincipalName_ has one more information, after the '</span><span class="o">/</span><span class="err">'</span> <span class="n">character</span> <span class="p">:</span> <span class="n">_EXAMPLE</span><span class="o">.</span><span class="n">COM_</span> <span class="k">for</span> <span class="n">the</span> <span class="o">**</span><span class="n">krbtgt</span><span class="o">**</span> <span class="n">service</span><span class="p">,</span> <span class="ow">and</span> <span class="o">**</span><span class="n">localhost</span><span class="o">**</span> <span class="k">for</span> <span class="n">the</span> <span class="o">**</span><span class="n">ldap</span><span class="o">**</span> <span class="n">service</span><span class="o">.</span>
+<div class="codehilite"><pre><span class="o">-</span> <span class="n">the</span> <span class="n">userPassword</span> <span class="n">is</span> <span class="s">'randomkey'</span><span class="o">.</span> <span class="n">The</span> <span class="n">key</span> <span class="n">won</span><span class="err">'</span><span class="n">t</span> <span class="n">be</span> <span class="n">generated</span> <span class="n">based</span> <span class="n">on</span> <span class="n">a</span> <span class="n">know</span> <span class="n">password</span><span class="p">,</span> <span class="n">they</span> <span class="n">will</span> <span class="k">use</span> <span class="n">a</span> <span class="n">random</span> <span class="n">key</span><span class="o">.</span>
+<span class="o">-</span> <span class="n">the</span> <span class="n">_krb5PrincipalName_</span> <span class="n">has</span> <span class="n">one</span> <span class="n">more</span> <span class="n">information</span><span class="p">,</span> <span class="n">after</span> <span class="n">the</span> <span class="o">/</span> <span class="n">character</span> <span class="p">:</span> <span class="n">_EXAMPLE</span><span class="o">.</span><span class="n">COM_</span> <span class="k">for</span>
+<span class="n">the</span> <span class="o">**</span><span class="n">krbtgt</span><span class="o">**</span> <span class="n">service</span><span class="p">,</span> <span class="ow">and</span> <span class="o">**</span><span class="n">localhost</span><span class="o">**</span> <span class="k">for</span> <span class="n">the</span> <span class="o">**</span><span class="n">ldap</span><span class="o">**</span> <span class="n">service</span><span class="o">.</span>
+<span class="o">-</span> <span class="n">the</span> <span class="n">krb5KeyVersionNumber</span> <span class="n">is</span> <span class="mi">0</span>
</pre></div>
<p></DIV></p>
<p>Again, once those entries have been injected in the LDAP server, the <em>krb5Key</em> attributeTypes will be created</p>
<h2 id="login-using-studio">Login using Studio</h2>
+<p>Now that the server is set, and the services and users are stored into it, we can create a new connection using the Kerberos authentication for the created users.</p>
+<h3 id="create-a-new-connection">Create a new connection</h3>
+<p>On the "Connections" tab, right click and select 'New Connection...'</p>
+<p><DIV align="center">
+<img alt="New Connection" src="images/new-connection.png" />
+</DIV></p>
+<p>You will now have to set the network parameters, as in the following popup. Typically, set :</p>
+<div class="codehilite"><pre><span class="o">*</span> <span class="n">The</span> <span class="n">connection</span> <span class="n">name</span> <span class="p">(</span><span class="n">here</span><span class="p">,</span> <span class="o">**</span><span class="n">Kerberos</span> <span class="n">User</span><span class="o">**</span><span class="p">)</span>
+<span class="o">*</span> <span class="n">The</span> <span class="n">LDAP</span> <span class="n">server</span> <span class="n">host</span> <span class="p">(</span><span class="o">**</span><span class="n">localhost</span><span class="o">**</span><span class="p">)</span>
+<span class="o">*</span> <span class="n">The</span> <span class="n">LDAP</span> <span class="n">server</span> <span class="n">port</span> <span class="p">(</span><span class="o">**</span><span class="mi">10389</span><span class="o">**</span><span class="p">)</span>
+<span class="o">*</span> <span class="n">The</span> <span class="n">Provider</span> <span class="p">(</span><span class="n">pick</span> <span class="o">**</span><span class="n">Apache</span> <span class="n">Directory</span> <span class="n">LDAP</span> <span class="n">Client</span> <span class="n">API</span><span class="o">**</span><span class="p">)</span>
+</pre></div>
+
+
+<p>You can check the connection on cliking the 'check network connection' button, you should get back a popup stating that the connection was established successfully.</p>
+<p>Here is the screenshot :</p>
+<p><DIV align="center">
+<img alt="Network Parameters" src="images/network-parameters.png" />
+</DIV></p>
+<p>Then click on Next to setup the authentication part.
+Select the following parameters and values :</p>
+<div class="codehilite"><pre><span class="o">*</span> <span class="n">Authentication</span> <span class="n">method</span> <span class="p">:</span> <span class="o">**</span><span class="n">GSSAPI</span><span class="o">**</span>
+<span class="o">*</span> <span class="n">Bind</span> <span class="n">DN</span> <span class="p">:</span> <span class="n">the</span> <span class="n">user</span> <span class="n">name</span> <span class="p">(</span><span class="n">here</span><span class="p">,</span> <span class="o">**</span><span class="n">hnelson</span><span class="o">**</span><span class="p">)</span>
+<span class="o">*</span> <span class="n">Bind</span> <span class="n">password</span> <span class="p">:</span> <span class="n">here</span><span class="p">,</span> <span class="o">**</span><span class="n">secret</span><span class="o">**</span>
+<span class="o">*</span> <span class="n">Don</span><span class="err">'</span><span class="n">t</span> <span class="n">change</span> <span class="n">anything</span> <span class="n">in</span> <span class="n">the</span> <span class="n">SASL</span> <span class="n">settings</span>
+<span class="o">*</span> <span class="n">Kerberos</span> <span class="n">settings</span>
+ <span class="o">*</span> <span class="n">Obtain</span> <span class="n">TGT</span> <span class="n">from</span> <span class="n">KDC</span>
+ <span class="o">*</span> <span class="n">Use</span> <span class="n">following</span> <span class="n">configuration</span> <span class="p">:</span>
+ <span class="o">*</span> <span class="n">Kerberos</span> <span class="n">Realm</span> <span class="p">:</span> <span class="o">**</span><span class="n">EXAMPLE</span><span class="o">.</span><span class="n">COM</span><span class="o">**</span>
+ <span class="o">*</span> <span class="n">KDC</span> <span class="n">Host</span> <span class="p">:</span> <span class="o">**</span><span class="n">localhost</span><span class="o">**</span>
+ <span class="o">*</span> <span class="n">KDC</span> <span class="n">port</span> <span class="p">:</span> <span class="o">**</span> <span class="mi">60088</span><span class="o">**</span>
+</pre></div>
+
+
+<p>Here is the resulting screen :</p>
+<p><DIV align="center">
+<img alt="Kerberos authentification" src="images/kerberos-authent.png" />
+</DIV></p>
+<p>Clinking in the 'Check Authentication' buton should be succesful.</p>
<div class="nav">
Added: websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/kerberos-authent.png
==============================================================================
Binary file - no diff available.
Propchange: websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/kerberos-authent.png
------------------------------------------------------------------------------
svn:mime-type = image/png
Modified: websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/kerberos-config.png
==============================================================================
Binary files - no diff available.
Added: websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/network-parameters.png
==============================================================================
Binary file - no diff available.
Propchange: websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/network-parameters.png
------------------------------------------------------------------------------
svn:mime-type = image/png
Added: websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/new-connection.png
==============================================================================
Binary file - no diff available.
Propchange: websites/staging/directory/trunk/content/apacheds/kerberos-ug/images/new-connection.png
------------------------------------------------------------------------------
svn:mime-type = image/png