[jboss-cvs] JBossAS SVN: r90173 - projects/docs/enterprise/4.3.3/Server_Configuration_Guide/zh-CN.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Sun Jun 14 22:10:49 EDT 2009
Author: xhuang at jboss.com
Date: 2009-06-14 22:10:48 -0400 (Sun, 14 Jun 2009)
New Revision: 90173
Modified:
projects/docs/enterprise/4.3.3/Server_Configuration_Guide/zh-CN/J2EE_Security_On_JBOSS.po
Log:
update
Modified: projects/docs/enterprise/4.3.3/Server_Configuration_Guide/zh-CN/J2EE_Security_On_JBOSS.po
===================================================================
--- projects/docs/enterprise/4.3.3/Server_Configuration_Guide/zh-CN/J2EE_Security_On_JBOSS.po 2009-06-13 11:23:44 UTC (rev 90172)
+++ projects/docs/enterprise/4.3.3/Server_Configuration_Guide/zh-CN/J2EE_Security_On_JBOSS.po 2009-06-15 02:10:48 UTC (rev 90173)
@@ -9,7 +9,7 @@
"Project-Id-Version: J2EE_Security_On_JBOSS\n"
"Report-Msgid-Bugs-To: http://bugs.kde.org\n"
"POT-Creation-Date: 2009-01-20 02:37+0000\n"
-"PO-Revision-Date: 2009-06-12 12:16+1000\n"
+"PO-Revision-Date: 2009-06-15 12:09+1000\n"
"Last-Translator: \n"
"Language-Team: en_US <kde-i18n-doc at kde.org>\n"
"MIME-Version: 1.0\n"
@@ -6689,10 +6689,9 @@
msgstr ""
#. Tag: title
-#: J2EE_Security_On_JBOSS.xml:1669
-#, fuzzy, no-c-format
+#: J2EE_Security_On_JBOSS.xml:1669, no-c-format
msgid "The SRPVerifierStore interface"
-msgstr "服务生命周期接口"
+msgstr ""
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:1670
@@ -6812,15 +6811,14 @@
"method is called by the <literal>SRPService</literal> at that start of a "
"user SRP session to obtain the parameters needed by the SRP algorithm. The "
"elements of the <literal>VerifierInfo</literal> objects are:"
-msgstr ""
+msgstr "<literal>SRPVerifierStore</literal> 实现的主要功能是提供对给定用户名的 <literal>SRPVerifierStore.VerifierInfo</literal> 对象的访问。<literal>getUserVerifier(String)</literal> 方法在用户 SRP 会话开始时由 <literal>SRPService</literal> 调用以获取 SRP 算法所需的参数。<literal>VerifierInfo</literal> 对象的元素是:"
#. Tag: para
-#: J2EE_Security_On_JBOSS.xml:1676
-#, fuzzy, no-c-format
+#: J2EE_Security_On_JBOSS.xml:1676, no-c-format
msgid ""
"<emphasis role=\"bold\">username</emphasis>: The user's name or id used "
"to login."
-msgstr "<emphasis role=\"bold\">name</emphasis>:参数的变量名,这是必须的。"
+msgstr "<emphasis role=\"bold\">username</emphasis>:用户的名称或用于登录的 ID。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1681
@@ -6835,6 +6833,10 @@
"function. The username is converted from a string to a <literal>byte[]</"
"literal> using the UTF-8 encoding."
msgstr ""
+"<emphasis role=\"bold\">verifier</emphasis>:这是用户输入为其标识符证明的密码或 PIN 的单向 hash。 <literal>org."
+"jboss.security.Util</literal> 类有一个 <literal>calculateVerifier</"
+"literal> 方法,它执行这个密码 hash 算法。输出的密码格式 <literal>H(salt | H(username | ':' | password))</literal> 由 RFC2945 定义。这里的 <literal>H</literal> 是 SHA 的安全 hash 功能。用户名通过 UTF-8 编码从字符串转换到 <literal>byte[]</"
+"literal>。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1686
@@ -6845,7 +6847,7 @@
"password database in the event that the database is compromised. It is a "
"value that should be generated from a cryptographically strong random number "
"algorithm when the user's existing clear-text password is hashed."
-msgstr ""
+msgstr "<emphasis role=\"bold\">salt</emphasis>:这是一个随机数字,在数据库被破解时,它可以增加 brute 强制字典攻击难度。当用户现有的明文密码被 hash 编码时,它应该通过强加密随机数字算法产生。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1691
@@ -6856,7 +6858,7 @@
"setting. The <literal>org.jboss.security.srp.SRPConf</literal> utility class "
"provides several settings for g including a good default which can obtained "
"via <literal>SRPConf.getDefaultParams().g()</literal>."
-msgstr ""
+msgstr "<emphasis role=\"bold\">g</emphasis>:SRP 算法的主生成器。它通常是一个众所周知的固定参数而不是根据每个用户进行设置。<literal>org.jboss.security.srp.SRPConf</literal> 工具类为 g 提供了几组设定,其中包括一个可以通过 <literal>SRPConf.getDefaultParams().g()</literal> 获得的缺省设置。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1696
@@ -6867,7 +6869,7 @@
"setting. The <literal>org.jboss.security.srp.SRPConf</literal> utility class "
"provides several settings for <literal>N</literal> including a good default "
"which can obtained via <literal>SRPConf.getDefaultParams().N()</literal>."
-msgstr ""
+msgstr "<emphasis role=\"bold\">N</emphasis>:SRP 算法的 safe-prime 模块。它通常是众所周知的固定参数而不是根据每个用户进行设置。<literal>org.jboss.security.srp.SRPConf</literal> 工具类为 <literal>N</literal> 提供了几组设定,其中包括一个可以通过 <literal>SRPConf.getDefaultParams().N()</literal> 获得的缺省设置。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1701
@@ -6880,7 +6882,7 @@
"<literal>setUserVerifier(String, VerifierInfo)</literal> method is not used "
"by the current SRPSerivce and may be implemented as no-op method, or even "
"one that throws an exception stating that the store is read-only."
-msgstr ""
+msgstr "所以,集成现有的密码库的第一步是创建密码信息的 hash 版本。如果你的密码已经存储为不可逆的 hash 形式,那么这只能根据每个用户来完成,如作为升级过程的一部分。请注意,当前 SRPSerivce 不使用 <literal>setUserVerifier(String, VerifierInfo)</literal> 方法,它可以实现为 no-op 的方法,甚至抛出异常以表明这个库是只读的。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1704
@@ -6895,6 +6897,9 @@
"can be used to integrate existing hardware token based schemes like SafeWord "
"or Radius into the SRP algorithm."
msgstr ""
+"第二步是创建自定义的 <literal>SRPVerifierStore</literal> 接口实现,它知道如何从第一步里创建的库里获取 <literal>VerifierInfo</"
+"literal>。这个接口的 <literal>verifyUserChallenge(String, Object)</literal> 方法只有在客户 <literal>SRPLoginModule</literal> 配置指定了 <literal>hasAuxChallenge</literal> 选项时才被调用。这可用来把现有的基于硬件令牌的模式如 SafeWord "
+"或 Radius 集成到 SRP 算法里。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1707
@@ -6907,13 +6912,13 @@
"the SRP example presented later in this chapter provides a Java properties "
"file based <literal>SRPVerifierStore</literal> implementation. Between the "
"two examples you should have enough to integrate your security store."
-msgstr ""
+msgstr "第三步是创建一个MBean,它使第二步里的 <literal>SRPVerifierStore</literal> 接口实现通过 JNDI 可用,并开放任何可配置的参数。除了缺省的 <literal>org.jboss.security.srp.SRPVerifierStoreService</literal> 例程以外,本章后面的 SRP 例程提供了一个基于 <literal>SRPVerifierStore</literal> 实现的 Java 属性文件。这两个例子应该足够你集成自己的安全库了。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:1714
#, no-c-format
msgid "Inside of the SRP algorithm"
-msgstr ""
+msgstr "SRP 算法内部"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1715
@@ -6925,7 +6930,7 @@
"the complete details and theory behind the algorithm, refer to the SRP "
"references mentioned in a note earlier. There are six steps that are "
"performed to complete authentication:"
-msgstr ""
+msgstr "SRP 算法吸引人的地方就是允许用简单的文本密码而无需安全通讯频道来执行客户和服务器的相互验证。你可能想知道这是怎么完成的。如果你需要这个算法背后的完整细节和理论,你可以查看前面提及的 SRP 参考文档。完成验证需要 6 个步骤:"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1720
@@ -6934,11 +6939,11 @@
"The client side <literal>SRPLoginModule</literal> retrieves the "
"SRPServerInterface instance for the remote authentication server from the "
"naming service."
-msgstr ""
+msgstr "客户端的 <literal>SRPLoginModule</literal> 从命名服务获取远程验证服务器的 SRPServerInterface 实例。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1725
-#, no-c-format
+#, fuzzy, no-c-format
msgid ""
"The client side <literal>SRPLoginModule</literal> next requests the SRP "
"parameters associated with the username attempting the login. There are a "
@@ -6950,6 +6955,8 @@
"<literal>getSRPParameters(username)</literal> call retrieves the SRP "
"parameters for the given username."
msgstr ""
+"然后,客户端的 <literal>SRPLoginModule</literal> 请求和尝试登录的用户相关联的 SRP 参数。SRP 算法涉及大量在用户密码第一次转换为 verifier 形式时必需选择参的数, 。"
+"JBossSX 实现允许用户把这些信息作为交换协议的一部分获取而不是将参数硬编码(这样的安全风险最小)。<literal>getSRPParameters(username)</literal> 调用获取给定用户名的 SRP 参数。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1730
@@ -6965,6 +6972,8 @@
"literal>. The server returns its own random number <literal>B</literal>. "
"This step corresponds to the exchange of public keys."
msgstr ""
+"客户端的 <literal>SRPLoginModule</literal> 通过用登录用户名、明文密码和从第二步里获得的 SRP 参数创建 <literal>SRPClientSession</literal> 对象开始一个 SRP 会话。客户端然后创建一个随机数字 A,它用于构建私有的 SRP 会话密钥。客户端然后调用 <literal>SRPServerInterface.init</literal> 方法初始化 SRP 会话的服务器端并传入用户名和随机数字 <literal>A</"
+"literal>。服务器返回自己的随机数字 <literal>B</literal>。这个步骤对应公共密钥的交换。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1735
@@ -6986,6 +6995,11 @@
"exchange of challenges. At this point the server has verified that the user "
"is who they say they are."
msgstr ""
+"客户端的 <literal>SRPLoginModule</literal> 获取前面的消息交换所生成的私有 SRP 会话密钥。这被存储为登录 <literal>Subject</literal> 里的私有 credential。步骤 4 里的服务器的 challenge 响应 <literal>M2</"
+"literal> 通过 <literal>SRPClientSession."
+"verify</literal> 方法调用来验证。如果成功,客户到服务器和服务器到客户的相互验证就已经完成了。客户端的 <literal>SRPLoginModule</literal> 然后调用 <literal>SRPClientSession.response</"
+"literal> 方法并传入参数 <literal>B</literal> 为服务器创建一个 challenge <literal>M1</"
+"literal>。这个 challenge 通过 <literal>SRPServerInterface.verify</literal> 方法被送往服务器,服务器的响应被存储为 <literal>M2</literal>。这个步骤对应 challenge 的交换。此时,服务器已经验证了用户的身份。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1740
@@ -7001,6 +7015,9 @@
"session. Its interception via a third partly cannot be used to obtain the "
"user's password."
msgstr ""
+"客户端的 <literal>SRPLoginModule</literal> 把登录用户名和 <literal>M1</literal> challenge 保存到 <literal>LoginModule</literal> 的 sharedState 表里。这被标准的 JBoss <literal>ClientLoginModule</literal> 用作 Principal 名和 credential。<literal>M1</"
+"literal> challenge 替代密码作为 J2EE 组件的任何方法调用里的标识符的证明。<literal>M1</literal> "
+"challenge 是一个和 SRP 会话关联的强加密的 hash 值。不能用通过第三方的拦截来获取用户的密码。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1745
@@ -7009,7 +7026,7 @@
"At the end of this authentication protocol, the SRPServerSession has been "
"placed into the SRPService authentication cache for subsequent use by the "
"<literal>SRPCacheLoginModule</literal>."
-msgstr ""
+msgstr "在验证协议的最后,SRPServerSession 已经放入了 SRPService 的验证缓存,之后以供 <literal>SRPCacheLoginModule</literal> 使用。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1750
More information about the jboss-cvs-commits
mailing list