Author: buildbot
Date: Thu Aug 2 10:47:27 2012
New Revision: 827704
Log:
Production update by buildbot for cxf
Modified:
websites/production/cxf/content/cache/docs.pageCache
websites/production/cxf/content/docs/jaxrs-kerberos.html
Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/cxf/content/docs/jaxrs-kerberos.html
==============================================================================
--- websites/production/cxf/content/docs/jaxrs-kerberos.html (original)
+++ websites/production/cxf/content/docs/jaxrs-kerberos.html Thu Aug 2
10:47:27 2012
@@ -135,7 +135,53 @@ The <a shape="rect" class="external-link
<h3><a shape="rect" name="JAXRSKerberos-Unix"></a>Unix</h3>
-<p>TODO</p>
+<p>1. Install the packages</p>
+
+<p>> sudo apt-get install krb5-kdc krb5-admin-server</p>
+
+<p>During the installation enter "localhost" as the host name for Kerberos
servers (unless you have more specific host names to enter) and set a default
realm, example, "MYCOMPANY.COM". Follow the 1.2 step from this <a shape="rect"
class="external-link"
href="http://coheigea.blogspot.com/2011/10/using-kerberos-with-web-services-part-i.html";
rel="nofollow">blog entry</a> to get this default realm set up properly.</p>
+
+<p>2. Create principals</p>
+
+<p>From the step 1.3 at <a shape="rect" class="external-link"
href="http://coheigea.blogspot.com/2011/10/using-kerberos-with-web-services-part-i.html";
rel="nofollow">this blog entry</a>:</p>
+
+<p>2.1 Create master key:<br clear="none">
+> sudo kdb5_util create -s</p>
+
+<p>2.2 Create user and service principals</p>
+
+<p>> sudo kadmin.local </p>
+
+<p>followed by</p>
+
+<p>> addprinc alice<br clear="none">
+> addprinc HTTP/localhost</p>
+
+<p>where 'HTTP/localhost' is the typical service principal name used in the
Negotiate scheme, replace 'localhost' if needed.<br clear="none">
+Add more user and service principals too as required.</p>
+
+<p>3 Start KDC</p>
+
+<p>> sudo krb5kdc</p>
+
+<p>4. Create an optional ticket cache</p>
+
+<p>> klist</p>
+
+<p>returns an empty response</p>
+
+<p>> kinit alice</p>
+
+<p>> klist</p>
+
+<p>confirms a TGT for 'alice' is in the cache.</p>
+
+<p>2.4 Create keytabs</p>
+
+<p>When keytabs are available, the principal password does not have to be
specified in the login configuration.<br clear="none">
+Please follow the step 1.4 from <a shape="rect" class="external-link"
href="http://coheigea.blogspot.com/2011/10/using-kerberos-with-web-services-part-i.html";
rel="nofollow">this blog entry</a>.</p>
+
+<p>Note, creating a keytab actually resets an original principal password,
example, after creating a keytab for 'alice' one would not be able to use the
original password (TODO: apparently this can be restored - find out how). Thus,
if you'd like to experiment with keytabs then you may want to have few user and
service principals created, with only selected principals using keytabs. </p>
<h3><a shape="rect" name="JAXRSKerberos-Windows"></a>Windows</h3>
@@ -195,6 +241,7 @@ Book b = wc.get(Book.class);
</pre>
</div></div>
+<p>In this example, the <a shape="rect" class="external-link"
href="http://svn.apache.org/repos/asf/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/kerberos.cfg";>KerberosClientKeyTab</a>
policy is used which links to the available keytab; otherwise
AuthorizationPolicy 'UserName' and 'Password' properties would most likely have
to be set too (with the possible exceptions on Windows) </p>
<h3><a shape="rect"
name="JAXRSKerberos-Configuringtheserviceprincipalname"></a>Configuring the
service principal name</h3>
@@ -264,6 +311,7 @@ Book b = wc.get(Book.class);
</pre>
</div></div>
+<p>In this example, the <a shape="rect" class="external-link"
href="http://svn.apache.org/repos/asf/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/kerberos.cfg";>KerberosServer</a>
policy is used.</p>
<h1><a shape="rect" name="JAXRSKerberos-CredentialDelegation"></a>Credential
Delegation</h1>
