[jboss-cvs] JBossAS SVN: r76190 - in projects/security/security-negotiation/trunk/docs/userguide/en: images and 1 other directories.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Thu Jul 24 12:40:09 EDT 2008 

Author: darran.lofthouse at jboss.com
Date: 2008-07-24 12:40:09 -0400 (Thu, 24 Jul 2008)
New Revision: 76190

Added:
   projects/security/security-negotiation/trunk/docs/userguide/en/images/ipa-add-service-principal.png
   projects/security/security-negotiation/trunk/docs/userguide/en/images/ipa-getkeytab.png
   projects/security/security-negotiation/trunk/docs/userguide/en/images/ipa-view-service-principal.png
Modified:
   projects/security/security-negotiation/trunk/docs/userguide/en/master.xml
   projects/security/security-negotiation/trunk/docs/userguide/en/modules/free_ipa.xml
   projects/security/security-negotiation/trunk/docs/userguide/en/modules/general_installation.xml
Log:
[SECURITY-263] Documentation using JBoss Negotiation with FreeIPA.

Added: projects/security/security-negotiation/trunk/docs/userguide/en/images/ipa-add-service-principal.png
===================================================================
(Binary files differ)


Property changes on: projects/security/security-negotiation/trunk/docs/userguide/en/images/ipa-add-service-principal.png
___________________________________________________________________
Name: svn:mime-type
   + application/octet-stream

Added: projects/security/security-negotiation/trunk/docs/userguide/en/images/ipa-getkeytab.png
===================================================================
(Binary files differ)


Property changes on: projects/security/security-negotiation/trunk/docs/userguide/en/images/ipa-getkeytab.png
___________________________________________________________________
Name: svn:mime-type
   + application/octet-stream

Added: projects/security/security-negotiation/trunk/docs/userguide/en/images/ipa-view-service-principal.png
===================================================================
(Binary files differ)


Property changes on: projects/security/security-negotiation/trunk/docs/userguide/en/images/ipa-view-service-principal.png
___________________________________________________________________
Name: svn:mime-type
   + application/octet-stream

Modified: projects/security/security-negotiation/trunk/docs/userguide/en/master.xml
===================================================================
--- projects/security/security-negotiation/trunk/docs/userguide/en/master.xml	2008-07-24 16:17:05 UTC (rev 76189)
+++ projects/security/security-negotiation/trunk/docs/userguide/en/master.xml	2008-07-24 16:40:09 UTC (rev 76190)
@@ -95,12 +95,10 @@
   <xi:include href="modules/mit_kdc.xml"
     xmlns:xi="http://www.w3.org/2001/XInclude" xpointer="element(/1)" />
   -->
-
-  <!--
+  
   <xi:include href="modules/free_ipa.xml"
     xmlns:xi="http://www.w3.org/2001/XInclude" xpointer="element(/1)" />
-  -->
-  
+    
   <xi:include href="modules/internet_explorer.xml"
     xmlns:xi="http://www.w3.org/2001/XInclude" xpointer="element(/1)" />
 

Modified: projects/security/security-negotiation/trunk/docs/userguide/en/modules/free_ipa.xml
===================================================================
--- projects/security/security-negotiation/trunk/docs/userguide/en/modules/free_ipa.xml	2008-07-24 16:17:05 UTC (rev 76189)
+++ projects/security/security-negotiation/trunk/docs/userguide/en/modules/free_ipa.xml	2008-07-24 16:40:09 UTC (rev 76190)
@@ -5,8 +5,164 @@
   <title>Free IPA</title>
 
   <section>
-    <title></title>
+    <title>Free IPA</title>
 
-    <para>Using JBoss Negotiation with Free IPA</para>
+    <section>
+      <title>Introduction</title>
+
+      <para>
+        This chapter describes the steps required to configure the
+        authenticator which are specific to Windows, these instructions
+        are prepared using Fedora 9 with Free IPA version 1.1.
+      </para>
+    </section>
+
+    <section>
+      <title>Pre-Requisits</title>
+
+      <para>
+        These instructions assume that you already have FreeIPA
+        installed and correctly configured along with client already
+        able to obtain Kerberos tickets.
+      </para>
+
+      <para>
+        For documentation on how to install and configure FreeIPA please
+        see
+        <ulink url="http://www.freeipa.org/">
+          http://www.freeipa.org/
+        </ulink>
+        .
+      </para>
+
+      <para>
+        Also due to the supported encryption types of FreeIPA the JBoss
+        application server is required to be running on a Java 6 JVM
+        with unlimited cryptography enabled.
+      </para>
+    </section>
+
+    <section>
+      <title>Service Principal Creation</title>
+
+      <para>
+        In this example the test server is going to be accessible using
+        the 'test_server.jboss.org' domain, the first step is to create
+        the service principal which will represent this host.
+      </para>
+
+      <para>
+        Full information on service principal creation is available
+        within the FreeIPA documentation
+        <ulink
+          url="http://freeipa.org/page/AdministratorsGuide#Managing_Service_Principals">
+          http://freeipa.org/page/AdministratorsGuide#Managing_Service_Principals
+        </ulink>
+      </para>
+
+      <para>
+        The easiest way to create a service principal is to make use of
+        the FreeIPA WebUI when connected as an administrator and use the
+        'Add Service Principal' link.
+      </para>
+
+      <figure id="ipa-add-service-principal">
+        <title>Add Service Principal</title>
+        <mediaobject>
+          <imageobject>
+            <imagedata align="center"
+              fileref="images/ipa-add-service-principal.png" />
+          </imageobject>
+        </mediaobject>
+      </figure>
+
+      <para>
+        Set the hostname to the hostname of your server, in this case it
+        is 'test_server.jboss.org', set the service type to HTTP and
+        select 'Add Principal'.
+      </para>
+
+      <figure id="ipa-view-service-principal">
+        <title>View Service Principal</title>
+        <mediaobject>
+          <imageobject>
+            <imagedata align="center"
+              fileref="images/ipa-view-service-principal.png" />
+          </imageobject>
+        </mediaobject>
+      </figure>
+
+      <note>
+        <para>
+          Creating the service principal requires the host name to be
+          mapped using DNS, if this check fails you can instead create
+          the principal using the following command from the command
+          line
+          <code>
+            ipa-addservice HTTP/test_server.jboss.org at JBOSS.ORG --force
+          </code>
+        </para>
+      </note>
+    </section>
+
+    <section>
+      <title>Export Keytab</title>
+
+      <caution>
+        <para>
+          The steps to obtain the keytab reset the secret associated
+          with the principal rendering all previosuly created keytabs
+          for the principal invalid.
+        </para>
+      </caution>
+
+      <para>
+        Before exporting the keytab you will need to have used the kinit
+        tool to obtain a Kerberos ticket-granting ticket for an
+        administrator e.g.
+        <code>kinit admin</code>
+      </para>
+
+      <para>
+        The command to obtain the keytab is
+        <code>ipa-getkeytab</code>
+        with the following options: -
+      </para>
+
+      <itemizedlist spacing="compact">
+        <listitem>
+          <para>-s The IPA server to obtain the keytab from.</para>
+        </listitem>
+
+        <listitem>
+          <para>-p The principal to export.</para>
+        </listitem>
+
+        <listitem>
+          <para>-k The name of the file to dump the keytab to.</para>
+        </listitem>
+      </itemizedlist>
+
+
+      <figure id="ipa-getkeytab">
+        <title>Get Keytab</title>
+        <mediaobject>
+          <imageobject>
+            <imagedata align="center"
+              fileref="images/ipa-getkeytab.png" />
+          </imageobject>
+        </mediaobject>
+      </figure>
+
+      <para>
+        From this point on the server should be configured as described
+        in
+        <xref linkend="general_installation" />
+        and tested using the Negotiation Toolkit as described in
+        <xref linkend="negotiation_toolkit" />
+        .
+      </para>
+    </section>
+
   </section>
 </chapter>
\ No newline at end of file

Modified: projects/security/security-negotiation/trunk/docs/userguide/en/modules/general_installation.xml
===================================================================
--- projects/security/security-negotiation/trunk/docs/userguide/en/modules/general_installation.xml	2008-07-24 16:17:05 UTC (rev 76189)
+++ projects/security/security-negotiation/trunk/docs/userguide/en/modules/general_installation.xml	2008-07-24 16:40:09 UTC (rev 76190)
@@ -78,8 +78,10 @@
 
 
       <tip>
-        Ensure that there is no white space around the classname as this
-        can cause the deployment to fail.
+        <para>
+          Ensure that there is no white space around the classname as
+          this can cause the deployment to fail.
+        </para>
       </tip>
 
 
@@ -449,7 +451,7 @@
 
   </section>
 
-  <section>
+  <section id="negotiation_toolkit">
     <title>Negotiation Toolkit</title>
 
     <para>
@@ -500,7 +502,7 @@
         <title>Negotiation Toolkit Front Page</title>
         <mediaobject>
           <imageobject>
-            <imagedata align="center"
+            <imagedata align="center
               fileref="images/negotiation-toolkit.png" />
           </imageobject>
         </mediaobject>

More information about the jboss-cvs-commits mailing list