Author: elecharny Date: Thu Nov 28 18:06:02 2013 New Revision: 1546420 URL: http://svn.apache.org/r1546420 Log: Fixed some formatting Modified: directory/site/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.mdtext Modified: directory/site/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.mdtext URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.mdtext?rev=1546420&r1=1546419&r2=1546420&view=diff ============================================================================== --- directory/site/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.mdtext (original) +++ directory/site/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.mdtext Thu Nov 28 18:06:02 2013 @@ -54,9 +54,9 @@ On the **Overview** tab, check the **Ena There are a few parameters that are to be set in the **LDAP** configuration : - * The SASL host must be the local server name (here, example.net) - * The SASL principal is ldap/example.net@EXAMPLE.COM - * The Search Base DN should point to the place under which we store users and services (dc=security,dc=example,dc=com) + * The SASL host must be the local server name (here, example.net) + * The SASL principal is ldap/example.net@EXAMPLE.COM + * The Search Base DN should point to the place under which we store users and services (dc=security,dc=example,dc=com)
The SASL principal instance part (ie, example.net) is in lower case, as the hostname is not case sensitive. Sadly, the KrbPrincipalName attributeType is case sensitive, so if the left part is not lowercased, the server won't be able to retrieve the information from the LDAP server. @@ -71,8 +71,8 @@ Here is a snapshot of this configuration Now, you can switch to the Kerberos tab, where some more configuration must be set : - * The Primary KDC Realm is EXAMPLE.COM - * The Search Base DN<_em> is the same as for the LDAP server : dc=security,dc=example,dc=com + * The Primary KDC Realm is EXAMPLE.COM + * The Search Base DN is the same as for the LDAP server : dc=security,dc=example,dc=com Here is a Ssnapshot of this configuration : @@ -248,10 +248,10 @@ On the "Connections" tab, right click an You will now have to set the network parameters, as in the following popup. Typically, set : - * The connection name (here, Kerberos User) - * The LDAP server host (example.net) - * The LDAP server port (10389) - * The Provider (pick Apache Directory LDAP Client API) + * The connection name (here, **Kerberos User**) + * The LDAP server host (**example.net**) + * The LDAP server port (**10389**) + * The Provider (pick **Apache Directory LDAP Client API**) You can check the connection on cliking the 'check network connection' button, you should get back a popup stating that the connection was established successfully. @@ -263,20 +263,20 @@ Here is the screenshot : Then click on Next to setup the authentication part. Select the following parameters and values : - * Authentication method : **GSSAPI** - * Bind DN : the user name (here, hnelson) - * Bind password : here, secret + * Authentication method : GSSAPI + * Bind DN : the user name (here, hnelson) + * Bind password : here, secret * Do not change anything in the SASL settings * Kerberos settings * Obtain TGT from KDC * Use following configuration : - * Kerberos Realm : EXAMPLE.COM - * KDC Host : example.net - * KDC port : 60088 + * Kerberos Realm : EXAMPLE.COM + * KDC Host : example.net + * KDC port : 60088 Here is the resulting screen : ![Kerberos authentification](images/kerberos-authent.png) -Clinking in the 'Check Authentication' buton should be succesfull. +Clinking in the 'Check Authentication' button should be succesfull.