Typos
This commit is contained in:
parent
2f862119f1
commit
1baf861809
|
@ -11,14 +11,14 @@ Presentation
|
|||
------------
|
||||
|
||||
`Kerberos <https://en.wikipedia.org/wiki/Kerberos_(protocol)>`__ is a
|
||||
network authentication protocol used to authenticate users based on
|
||||
network authentication protocol used for authenticating users based on
|
||||
their desktop session.
|
||||
|
||||
LL::NG uses GSSAPI module to validate Kerberos ticket against a local
|
||||
keytab.
|
||||
|
||||
LLNG Configuration
|
||||
------------------
|
||||
LL::NG Configuration
|
||||
--------------------
|
||||
|
||||
In Manager, go in ``General Parameters`` > ``Authentication modules``
|
||||
and choose Kerberos for authentication. Then go to "Kerberos parameters"
|
||||
|
@ -34,13 +34,15 @@ and configure the following parameters:
|
|||
Kerberos code to validate Kerberos ticket
|
||||
- **Remove domain in username**: set to "enabled" to strip username
|
||||
value and remove the '@domain'.
|
||||
- **Allowed domains**: if set, tickets will only be accepted if they come from one of the domains listed here. This is a space-separated list. This feature can be useful when using :doc:`combination<authcombination>` and cross-realm Kerberos trusts.
|
||||
- **Allowed domains**: if set, tickets will only be accepted if they come
|
||||
from one of the domains listed here. This is a space-separated list.
|
||||
This feature can be useful when using :doc:`combination<authcombination>`
|
||||
and cross-realm Kerberos trusts.
|
||||
|
||||
|
||||
.. attention::
|
||||
|
||||
|
||||
|
||||
- Due to a perl GSSAPI issue, you may need to copy the keytab in
|
||||
/etc/krb5.keytab which is the default location hardcoded in the
|
||||
library
|
||||
|
|
|
@ -109,7 +109,7 @@ Connection
|
|||
|
||||
.. attention::
|
||||
|
||||
LemonLDAP::NG need anonymous access to LDAP Directory
|
||||
LL::NG needs anonymous access to LDAP Directory
|
||||
RootDSE in order to check LDAP connection.
|
||||
|
||||
Filters
|
||||
|
|
|
@ -27,7 +27,7 @@ least version 1.0.
|
|||
LL::NG can also act as :doc:`OpenID server<idpopenid>`, that
|
||||
allows one to interconnect two LL::NG systems.
|
||||
|
||||
LL::NG will then display a form with an OpenID input, wher users will
|
||||
LL::NG will then display a form with an OpenID input, where users will
|
||||
type their OpenID login.
|
||||
|
||||
|
||||
|
@ -81,12 +81,12 @@ See also :doc:`exported variables configuration<exportedvars>`.
|
|||
|
||||
.. attention::
|
||||
|
||||
Browser implementations of formAction directive are
|
||||
inconsistent (e.g. Firefox doesn't block the redirects whereas Chrome
|
||||
Browser implementations of formAction directive are inconsistent
|
||||
(e.g. Firefox doesn't block the redirects whereas Chrome
|
||||
does). Administrators may have to modify formAction value with wildcard
|
||||
likes \*.
|
||||
|
||||
In Manager, go in :
|
||||
In Manager, go in:
|
||||
|
||||
``General Parameters`` > ``Advanced Parameters`` > ``Security`` >
|
||||
``Content Security Policy`` > ``Form destination``
|
||||
|
|
|
@ -15,7 +15,7 @@ credentials to another LL::NG portal, like a proxy.
|
|||
|
||||
The difference with :doc:`remote authentication<authremote>` is that the
|
||||
client will never be redirect to the main LL::NG portal. This
|
||||
configuration is usable if you want to expose your internal SSO portal
|
||||
configuration is useful if you want to expose your internal SSO portal
|
||||
to another network (DMZ).
|
||||
|
||||
Configuration
|
||||
|
@ -40,20 +40,22 @@ Then, go in ``Proxy parameters``:
|
|||
same as previous for SOAP, same with "/session/my" for REST)
|
||||
- **Choice parameter** (optional): choice parameter of the internal portal if applicable
|
||||
- **Choice value** (optional): value of the choice parameter of the internal portal
|
||||
- **Cookie name** (optional): internal portal cookie name, if
|
||||
different from external portal
|
||||
- **Cookie name** (optional): internal portal cookie name,
|
||||
if different from external portal
|
||||
- **Impersonation** (optional) : can be enabled if the internal portal provides impersonation
|
||||
|
||||
.. note::
|
||||
|
||||
If the internal portal uses :doc:`Choice Authentication<authchoice>`, you must specify 'Internal portal choice parameter' and 'Internal portal choice value' depending on its configuration.
|
||||
This feature needs at least LL::NG version 2.0.14
|
||||
If the internal portal uses :doc:`Choice Authentication<authchoice>`,
|
||||
you have to specify 'Internal portal choice parameter' and
|
||||
'Internal portal choice value' depending on its configuration.
|
||||
This feature needs at least LL::NG version 2.0.14.
|
||||
|
||||
Internal portal
|
||||
~~~~~~~~~~~~~~~
|
||||
|
||||
The portal must be configured to accept REST or SOAP authentication
|
||||
requests if you chose to use SOAP. See:
|
||||
requests. See:
|
||||
:doc:`REST server plugin<restservices>` or
|
||||
:doc:`SOAP session backend<soapsessionbackend>` *(deprecated)*.
|
||||
|
||||
|
|
|
@ -37,8 +37,8 @@ In Debian/Ubuntu, install the library through apt-get command
|
|||
|
||||
apt-get install libauthen-radius-perl
|
||||
|
||||
Configuration of LemonLDAP::NG
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
Configuration of LL::NG
|
||||
~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
In Manager, go in ``General Parameters`` > ``Authentication modules``
|
||||
and choose Radius for authentication.
|
||||
|
|
Loading…
Reference in New Issue