11�� ȣȭ ��

Directory Server�� Ʈ��ũ�� ϰ� �ŷ�� ִ� ��; f��ϱ� '�� ; f��մϴ�. LDAPS�� SSL(Secure Sockets Layer)�� ߰�� Ǵ� ǥ�� LDAP �w��ݷ�, ��͸� ��ȣȭ�ϰ� �� Ͽ�(�� ) ��մϴ�.

Directory Server�� Start TLS(Start Transport Layer Security) Ȯ�� ۾�; ��ϹǷ� ��x�� ȣȭ�� : LDAP ��ῡ�� TLS�� ֽ4ϴ�.

Directory Server�� SASL(Simple Authentication and Security Layer); �� GSSAPI(Generic Security Services API)�� մϴ�. Solaris � üf�� Kerveros �� 5 �� w��; �� ֽ4ϴ�. �� ̵� �� Ŀ��ν� ��ڸ� ��丮 ��̵�� մϴ�.

�߰� �� d�� ؼ�� = 'ġ�� NSS % ��Ʈ�� v�Ͻʽÿ�.

Directory Server�� SSL �Ұ�

LDAP Ŭ��̾�Ʈ�� ; ��ϵ��

Directory Server�� SSL �Ұ�

SSL(Secure Sockets Layer): Directory Server�� Ŭ��̾�Ʈ �� ȣȭ�� Ű� ��(�� ); f��մϴ�. LDAP�� DSML-over-HTTP �w�� ο� �� SSL; Ȱ��ȭ�Ͽ� �� ῡ ��; f�� ֽ4ϴ�. �� f �� b�̾� ��; ��Ͽ� �� ſ� SSL; �� ֽ4ϴ�.

SSL; �ܼ� ��(��ε� DN�� й�ȣ)�� Բ� ��ϸ� �� ۵Ǵ� �� Ͱ� ��ȣȭ�ǹǷ� ��м�� Ἲ�� ˴ϴ�. �� 8��, Ŭ��̾�Ʈ�� Ͽ� Directory Server �Ǵ� SASL(Simple Authentication and Security Layer); �� Ÿ�� ֽ4ϴ�. �� Ŭ��̾�Ʈ�� Ī�� ϵ�� Ű ��ȣȭ�� մϴ�.

Directory Server�� Ʈ�� SSL ��Ű� ��SSL ��; ��ÿ� ��մϴ�. ��Ȼ�� /�� ; �� Ʈ�� f�� ֽ4ϴ�. Ŭ��̾�Ʈ ��: �� ϸ�, �ʼ� �Ǵ� �� 8�� Ǿ� �� ; ��d�� ֽ4ϴ�.

SSL; ��ϸ� �Ϲ� LDAP ��ῡ ��; f��ϴ� Start TLS Ȯ�� ۾� ��˴ϴ�. Ŭ��̾�Ʈ�� SSL ��Ʈ�� ε�� Ŀ� TLS(Transport Layer Security) �w��; ��Ͽ� SSL ��; �� ֽ4ϴ�. Start TLS �۾�: Ŭ��̾�Ʈ�� /��; ��̸� ��Ʈ �Ҵ�; ��ϰ� �մϴ�.

SSL�� f��ϴ� ��ȣȭ ��: �Ӽ� ��ȣȭ�� ˴ϴ�. SSL; �� b�̾ �Ӽ� ��ȣȭ�� Ͽ� ��丮�� ͸� ��ȣ�� ֽ4ϴ�. �ڼ�� : �Ӽ� �� ȣȭ�� v�Ͻʽÿ�.

Ŭ��̾�Ʈ�� SSL �� 뿡 �� 丮 ��뿡 �� ׼�� f� ��Ͽ� ��; ��ȭ�� ֽ4ϴ�. Ưd �� ʿ�� ׼�� f�� (ACI); d�� 8��, �� ä��; ��ؼ�� Ͱ� ��۵˴ϴ�. �ڼ�� : ��ε� ��Ģ; ��v�Ͻʽÿ�.

SSL Ȱ��ȭ �ܰ� ��

�� Directory Server�� ġ�ϰ� Directory Server�� Ʈ��Ʈ�ϵ�� մϴ�. �� =�� : �۾�� Ե˴ϴ�.

�ʿ�� ̽� �ۼ�

�� û; ��Ͽ� �� f�� 8��

�� ġ

�� ߱�� Ʈ��Ʈ

LDAP �� DSML �۾�; '�� Ʈ�� Ͽ� ��丮�� SSL; Ȱ��ȭ�ϰ� ��մϴ�. Directory Server �ֿܼ�� SSL; ��Ͽ� �� ׼��ϵ�� ֽ4ϴ�.

�� 8��, ��= Ŭ��̾�Ʈ �� ߿�� ϳ� �̻�; �� մϴ�.

�� ⺻ ��

SASL; �� DIGEST_MD5 ��

Kerberos V5 �� ; ��ϴ� SASL; �� GSSAPI ��

�� ܰ踦 �Ϸ�� =�� 8�� ; ��Ͽ� Ŭ��̾�Ʈ�� Directory Server�� ſ� SSL; ��ϵ�� մϴ�. ldapsearch �� ldapmodify�� : �� v�Ͻʽÿ�.

��; �� Ϸx� certutil �� Ͽ� '�� ܰ� �� Ϻθ� �� ֽ4ϴ�. �� SUNWtlsu ��Ű�� ԵǾ� �ֽ4ϴ�.

�� ġ

�� ͺ��̽�� ۼ��ϰ�, Directory Server��  ��ġ�ϸ�, Directory Server�� (CA)�� Ʈ��Ʈ�ϵ�� ϴ� �� մϴ�.

�� ͺ��̽� �ۼ�

�� ó= SSL; �� ġ ��й�ȣ�� d�ؾ� �մϴ�. �ܺ� �ϵ�� ġ�� ʴ� �� Ʒ� ��Ͽ� �� Ű ��ͺ��̽�� ġ�� ˴ϴ�.

ServerRoot/alias/slapd-serverID-cert8.db
ServerRoot/alias/slapd-serverID-key3.db

serverID�� 빮�ڰ� ��ԵǾ� ��8�� Ʒ�� Ͽ� �� ͺ��̽�� ۼ��ؾ� �մϴ�.

�ܼ� ��

�ֿܼ�� ȭ ��ڸ� ó= ��ϸ� �� ͺ��̽� �� ڵ�8�� ۼ��˴ϴ�.

Directory Server �ܼ�� ֻ�' �½�ũ �ǿ�� ư; ��ϴ�. �Ǵ� �½�ũ ��; ǥ��ϰ� �ܼ� > �� ޴�� ׸�; ��մϴ�.

�� Ű ��ͺ��̽�� ڵ�8�� ۼ��ϸ�, �� ġ ��й�ȣ�� d�϶�� ޽�� ǥ�õ˴ϴ�. �� й�ȣ�� Ű�� ȣ�մϴ�. ��й�ȣ�� Է��Ͽ� Ȯ�� = Ȯ��; ��ϴ�.

��

��ٿ�� ͺ��̽� ��; �ۼ��ϴ� �� ; ã; �� ֵ�� Ʒ� �� f�� ̸� b�ξ ��ؾ� �մϴ�.

�� ȣ��Ʈ �ý��ۿ�� Ʒ� ��; ��Ͽ� �� ͺ��̽�� ۼ��մϴ�.

certutil -N -d ServerRoot/alias -P slapd-LCserverID-

��⼭ LCserverID�� ҹ��ڷ� ��d�� ̸��Դϴ�.

�� Ű�� ȣ�� й�ȣ�� Է��϶�� ޽�� ǥ�õ˴ϴ�.

�� û ��

PEM ��8�� PKCS #10 �� û; ��Ϸx� �Ʒ� �� ϳ�� մϴ�. PEM: RFC 1421�� 1424 (http://www.ietf.org/rfc/rfc1421.txt)�� d�� Privacy Enhanced Mail ��8��, base64 ��ڵ�� û; US-ASCII ��ڷ� ��Ÿ�� ˴ϴ�. ��û ��: �Ʒ� �� ǥ�õ˴ϴ�.

-----BEGIN NEW CERTIFICATE REQUEST-----
MIIBrjCCARcCAQAwbjELMAkGA1UBhMCVXMxEzARBgNVBAgTCkNBElGT1JOSUExLD
AqBgVBAoTI25ldHNjYXBlIGNvb11bmljYXRpb25zIGNvcnBvcmF0aWuMRwwGgYDV
QQDExNtZWxsb24umV0c2NhcGUuY29tMIGfMA0GCSqGSIb3DQEBAUAA4GNADCBiQK
BgCwAbskGh6SKYOgHy+UCSLnm3ok3X3u83Us7u0EfgSLR0f+K41eNqqWRftGR83e
mqPLDOf0ZLTLjVGJaHJn4l1gG+JDf/n/zMyahxtV7+T8GOFFigFfuxJaxMjr2j7I
vELlxQ4IfZgwqCm4qQecv3G+N9YdbjveMVXW0v4XwIDAQABAAwDQYJKoZIhvcNAQ
EEBQADgYEAZyZAm8UmP9PQYwNy4Pmypk79t2nvzKbwKVb97G+MT/gw1pLRsuBoKi
nMfLgKp1Q38K5Py2VGW1E47/rhm3yVQrIiwV+Z8Lcc=
-----END NEW CERTIFICATE REQUEST-----

�ܼ� ��

Directory Server �ܼ�� ֻ�' �½�ũ �ǿ�� ư; ��ϴ�. �Ǵ� �½�ũ ��; ǥ��ϰ� �ܼ� > �� ޴�� ׸�; ��մϴ�.

�� ȭ ��ڰ� ǥ�õ˴ϴ�.

�� ; ��ϰ� ��û ��ư; ��ϴ�.

�� û ��簡 ǥ�õ˴ϴ�.

�� CA�� b �� ֵ�� ϴ� �÷�� ; ��ġ�� ֽ4ϴ�. �׷�� 8�� û; �� ̳� % ��Ʈ�� Ͽ� ��8�� û�ؾ� �մϴ�. ��=; �� մϴ�.

�� ؽ�Ʈ �ʵ忡 ��=�� : ��û�� d�� Է��մϴ�.

�� ̸�. DNS vȸ �� Ǵ� Directory Server�� ü ȣ��Ʈ �̸�; �Է��մϴ�(��: east.example.com).

v��. ȸ�糪 �� ̸�; �Է��մϴ�. ��κ�� CA�� 纻�� : �� Ͽ� �� d�� Ȯ��ϵ�� û�մϴ�.

v�� '. (�� ) ȸ�� μ� �Ǵ� ��θ� �� Ÿ�� ̸�; �Է��մϴ�.

��/��/��. (�� ) ȸ�簡 �ִ� ��/��/�� ̸�; �Է��մϴ�.

��/��. �� �� ȸ�簡 �ִ� ��/�� ü �̸�; �Է��մϴ�.

��. �� ڷ� �� ISO �� ̸� �� ��մϴ�. �̱�� ڵ�� US�Դϴ�. Directory Server Administration Reference�� ISO �� ڵ� �� ֽ4ϴ�.

��=; �� մϴ�.

�� ġ ��й�ȣ�� Է��ϰ� ��=; ��ϴ�. �� й�ȣ�� ͺ��̽� �ۼ�� d�� й�ȣ�Դϴ�.

Ŭ�� Ǵ� ��Ͽ� ��; ��Ͽ� �� ϴ� �� û d�� մϴ�.

�ϷḦ �� û ��縦 �ݽ4ϴ�.

��

�Ʒ� ��; ��Ͽ� �� û; �ۼ��մϴ�.

certutil -R \
-s "cn=serverName,ou=division,o=company,l=city,st=state,c=country" \
-a -d ServerRoot/alias -P slapd-serverID-

-s �ɼ�: ��û�� DN; ��d�մϴ�. ��ü�� : �� dȮ�ϰ� �ĺ��ϱ� '�� Ӽ�; �� ʿ�� մϴ�. �� Ӽ�� ڼ�� : '�� ܰ� 4�� v�Ͻʽÿ�.

certutil ��κ�� Ű ��ͺ��̽� ��й�ȣ�� Է��϶�� ޽�� ǥ�õ˴ϴ�. �� й�ȣ�� ͺ��̽� �ۼ�� d�� й�ȣ�Դϴ�. �׷� �Ŀ� �� PEM ��ڵ�� ؽ�Ʈ ��8�� PKCS #10 �� û; ��մϴ�.

�� ġ

�� û; �� 8�� մϴ�. �� , �� Ϸ� �� û; �� ϴ� ��쵵 �ְ� CA % ��Ʈ�� û; �Է�� ִ� ��쵵 �ֽ4ϴ�.

��û; �� Ŀ�� CA�� û�� 4�8�� ٷ~� �մϴ�. ��û�� 4� �ð�: ��쿡 �� ޶��ϴ�. �� , ȸ�� CA�� Ϸ糪 ��Ʋ�̸� ��û�� 4�; ��; �� ֽ4ϴ�. ȸ�� ܺ�� CA�� ϸ� ��û�� 4�; ��; �� ְ� �ɸ� �� ֽ4ϴ�.

CA�κ�� : �4� d�� ݵ�� ؽ�Ʈ ��Ͽ� ��ؾ� �մϴ�. PEM �� PKCS #11 �� Ʒ� �� ǥ�õ˴ϴ�.

�� ͵� �� ҿ� �� ξ�� մϴ�. �ý��ۿ� �� Ͱ� �սǵ� �� ; ��Ͽ� �� ٽ� ��ġ�� ֽ4ϴ�.

�ܼ� ��

Directory Server �ܼ�� ֻ�' �½�ũ �ǿ�� ư; ��ϴ�. �Ǵ� �½�ũ ��; ǥ��ϰ� �ܼ� > �� ޴�� ׸�; ��մϴ�.

�� â�� ǥ�õ˴ϴ�.

"�� " ��; ��ϰ� "��ġ"�� ϴ�.

�� ġ ��簡 ǥ�õ˴ϴ�.

��= �� 'ġ �ɼ� �߿�� ϳ�� մϴ�.

ǥ�õ� �� d�� ùٸ�� Ȯ��ϰ� ��=; ��ϴ�.

�� ̸�; ��d�ϰ� ��=; ��ϴ�. �� ̸�� ̺? ǥ�õ˴ϴ�.

�� Ű�� ȣ�ϴ� ��й�ȣ�� Է��Ͽ� �� Ȯ��մϴ�. �� й�ȣ�� ͺ��̽� �ۼ�� ܰ� 2�� Է�� й�ȣ�� ƾ� �մϴ�. �۾�� ϷḦ ��ϴ�.

�� Ͽ� �� ǥ�õ˴ϴ�. ��f �� SSL; �� ֽ4ϴ�.

��

�Ʒ� ��; ��Ͽ� �� ͺ��̽�� ġ�մϴ�.

certutil -A -n "certificateName" -t "u,," -a -i certFile \
-d ServerRoot/alias -P slapd-serverID-

��⼭ certificateName: �� ĺ��ϱ� '�� ̸��̰�, certFile: PEM ��8�� PKCS #11 �� Ե� �ؽ�Ʈ ��Դϴ�. -t "u,," �ɼ�: �� SSL ��ſ� �� ; ��Ÿ�4ϴ�.

�� 8��, �Ʒ�� certutil ��; ��Ͽ� ��ġ�� Ȯ�� ֽ4ϴ�.

certutil -L -d ServerRoot/alias -P slapd-serverID-

u,, Ʈ��Ʈ �Ӽ�; ��ϸ� �� ŵ˴ϴ�.

�� Ʈ��Ʈ

Directory Server�� ; Ʈ��Ʈ�ϵ�� Ϸx� �� ͺ��̽�� ġ�ؾ� �մϴ�. �� wμ�� ϴ� �� ޶��ϴ�. �� ڵ�8�� ٿ�ε�� ִ� % ��Ʈ�� f��ϴ� �ΰ� CA�� ְ�, ��û �� Ϸ� �� ִ� CA�� ֽ4ϴ�.

�ܼ� ��

CA �� 8�� ġ ��縦 ��Ͽ� Directory Server�� ; Ʈ��Ʈ�ϵ�� ֽ4ϴ�.

Directory Server �ܼ�� ֻ�' �½�ũ �ǿ�� ư; ��ϴ�. �Ǵ� �½�ũ ��; ǥ��ϰ� �ܼ� > �� ޴�� ׸�; ��մϴ�.

�� â�� ǥ�õ˴ϴ�.

CA �� ; ��ϰ� ��ġ�� ϴ�.

�� ġ ��簡 ǥ�õ˴ϴ�.

CA �� Ͽ� �� f�� ʵ忡 �� θ� �Է��մϴ�. �� ; �� CA �� : �� ü�� Ͽ� f�� ؽ�Ʈ �ʵ忡 �ٿ��ֽ4ϴ�. ��=; ��ϴ�.

ǥ�õ� �� d�� ´�� Ȯ��ϰ� ��=; ��ϴ�.

�� ̸�; ��d�ϰ� ��=; ��ϴ�.

�� CA�� Ʈ��Ʈ�ϴ� ��; ��մϴ�. ��= �� ϳ� �Ǵ� �� θ� �� ֽ4ϴ�.

Ŭ��̾�Ʈ�� (Ŭ��̾�Ʈ ��). LDAP Ŭ��̾�Ʈ�� CA�� ߱�� f��Ͽ� �� Ŭ��̾�Ʈ ��; ��ϴ� �� Ȯ�ζ�; ��մϴ�.

�ٸ� �� (�� ). �� CA�� ߱�� ִ� �ٸ� �� SSL; �� f �� Ǵ� �� Ƽ�÷�� ; �� Ȯ�ζ�; ��մϴ�.

�ϷḦ �� 縦 �ݽ4ϴ�.

��

�Ʒ� ��; ��Ͽ� Ʈ��Ʈ�� ִ� CA �� ġ�� ֽ4ϴ�.

certutil -A -n "CAcertificateName" -t "trust,," -a -i certFile \
-d ServerRoot/alias -P slapd-serverID-

��⼭ CAcertificateName: Ʈ��Ʈ�� ִ� CA�� ĺ��ϱ� '�� ڰ� ��d�� ̸��̰� certFile: PEM ��ڵ�� ؽ�Ʈ �� PKCS #11 CA �� Ե� �ؽ�Ʈ ��̸�, trust�� = �ڵ� �� ϳ��Դϴ�.

T - �� CA�� Ŭ��̾�Ʈ �� ߱��ϵ�� Ʈ��Ʈ�Ǿ�4ϴ�. LDAP Ŭ��̾�Ʈ�� CA�� ߱�� f��Ͽ� �� Ŭ��̾�Ʈ ��; ��ϴ� �� ڵ带 ��մϴ�.

C - �� CA�� ߱��ϵ�� Ʈ��Ʈ�Ǿ�4ϴ�. �� CA�� ߱�� ִ� �ٸ� �� SSL; �� f �� Ǵ� �� Ƽ�÷�� ; �� ڵ带 ��մϴ�.

CT - �� CA�� Ŭ��̾�Ʈ �� ߱��ϵ�� Ʈ��Ʈ�Ǿ�4ϴ�. '�� 찡 �� Ǹ� �� ڵ带 ��մϴ�.

�� 8��, �Ʒ�� certutil ��; ��Ͽ� ��ġ�� Ȯ�� ֽ4ϴ�.

certutil -L -d ServerRoot/alias -P slapd-serverID-

u,, Ʈ��Ʈ �Ӽ�; ��ϸ� �� ŵǰ� CT,, �Ӽ�; ��ϸ� Ʈ��Ʈ�� ִ� CA �� ŵ˴ϴ�.

SSL Ȱ��ȭ

�� ġ�� CA �� Ʈ��Ʈ�� Ϸ�Ǹ� SSL; Ȱ��ȭ�� ֽ4ϴ�. ��ü�� SSL; ��Ͽ� �� ϴ� �� }4ϴ�. �Ͻ��8�� SSL; ��Ȱ��ȭ�� м�, �� Ǵ� �� Ἲ�� ʿ�� ۾�; ó��ϱ� �� SSL; �ٽ� Ȱ��ȭ�ؾ� �մϴ�.

SSL; Ȱ��ȭ�Ϸx� �� ġ�� ó�� ͺ��̽�� ۼ��ϰ� ��  ��ġ�� Ŀ� CA �� Ʈ��Ʈ�ؾ� �մϴ�.

�׷� ��=, �Ʒ� �� Directory Server�� SSL ��; Ȱ��ȭ�ϰ� ��ȣȭ ü�踦 ��մϴ�.

Directory Server �ܼ�� ֻ�' �� ǿ�� ̸�� Ե� ��Ʈ ��带 �� = �8�� â�� ȣȭ ��; ��մϴ�.

�� ȣȭ ��d�� ǿ� ǥ�õ˴ϴ�.

"�� SSL ��" Ȯ�ζ�; ��Ͽ� ��ȣȭ�� ϵ�� d�մϴ�.

"�� ȣ �йи�" Ȯ�ζ�; ��մϴ�.

��Ӵٿ� �޴�� մϴ�.

��ȣ ��d; �� ȣ �⺻ ��d ��ȭ ��ڿ�� ȣ�� մϴ�. Ưd ��ȣ�� ڼ�� : ��ȣȭ ��ȣ ��; ��v�Ͻʽÿ�.

Ŭ��̾�Ʈ �� ⺻ ��d; ��d�մϴ�.

Ŭ��̾�Ʈ �� . �� ɼ�; ��ϸ� �� Ŭ��̾�Ʈ�� ϰ� �ش� �� ; �ź��մϴ�.

Ŭ��̾�Ʈ �� . �� ɼ�� ⺻ ��d�Դϴ�. �� ɼ�; ��ϸ� Ŭ��̾�Ʈ ��û�� ˴ϴ�. �� ڼ�� : Ŭ��̾�Ʈ �� ; ��v�Ͻʽÿ�.



��	��f �� ; ��ϴ� �� Һ�� Ŭ��̾�Ʈ ��; ��ϰų� �ʿ�� ϵ�� ؾ� �մϴ�.

Ŭ��̾�Ʈ �� ʿ�. �� ɼ�; ��ϸ� Ŭ��̾�Ʈ�� û�� 4�� ; �� Ŭ��̾�Ʈ �� źε˴ϴ�.



��	�� ܼ�� SSL; �� Directory Server�� ϴ� �� "Ŭ��̾�Ʈ �� ʿ�"�� ϸ� Ŭ��̾�Ʈ �� ֿܼ� �� Ȱ��ȭ�˴ϴ�. ��ٿ�� Ӽ�; ��d�Ϸx� Ŭ��̾�Ʈ �� ; ��v�Ͻʽÿ�.

�� 8��, �ܼ�� SSL; �� Directory Server�� ϵ�� d�Ϸx� "�� ֿܼ� SSL ��"; ��մϴ�.

�۾�� ; ��ϴ�.

�� 8��, �� LDAP �� DSML-over-HTTP �w�� SSL ��ſ� �� Ʈ�� d�մϴ�. �ڼ�� : Directory Server�� Ʈ ��ȣ ��; ��v�Ͻʽÿ�.

�� Ʈ�� : SSL; ��ؾ� �մϴ�. SSL; Ȱ��ȭ�ϸ� �� Ʈ �� ο� �� Ŭ��̾�Ʈ�� Start TLS �۾�; ��Ͽ� �񺸾� ��Ʈ�� SSL ��ȣȭ�� ֽ4ϴ�.

Directory Server�� ٽ� ��մϴ�.

�ڼ�� : SSL; Ȱ��ȭ�Ͽ� �� ; ��v�Ͻʽÿ�.

��ȣȭ ��ȣ ��

��ȣ�� ͸� ��ȣȭ�ϰ� ��ȣ�� ص��ϴ� �� ϴ� �˰?��Դϴ�. �Ϲ��8�� ȣ�� ȣȭ �߿� ��ϴ� ��Ʈ �� ;�� ���ϰų� ��մϴ�. SSL ��ȣ�� ޽�� /��8�ε� �ĺ�� ֽ4ϴ�. �޽�� : �� Ἲ; ��ϴ� üũ��; ��ϴ� �� ˰?��Դϴ�. ��ȣ �˰?�� a�� ڼ�� : Administration Server Administration Guide�� v�Ͻʽÿ�.

Ŭ��̾�Ʈ�� SSL ��; ��Ϸx� Ŭ��̾�Ʈ �� d�� ȣȭ�� ȣ�� ؾ� �մϴ�. �� ȣȭ �wμ�� Ŭ��̾�Ʈ�� Ǵ� �� ȣ�� ϰ� ��ؾ� �մϴ�.

Directory Server�� =�� : SSL 3.0 �� TLS�� ȣ�� f��մϴ�.

ǥ 11-1 Directory Server�� f��ϴ� ��ȣ
��ȣ �̸�	��
None	��ȣȭ ��=. MD5 �޽�� (rsa_null_md5)
RC4(128��Ʈ)	128��Ʈ ��ȣȭ �� MD5 �޽�� ; ��ϴ� RC4 ��ȣ(rsa_rc4_128_md5)
RC4(Export)	40��Ʈ ��ȣȭ �� MD5 �޽�� ; ��ϴ� RC4 ��ȣ(rsa_rc4_40_md5)
RC2(Export)	40��Ʈ ��ȣȭ �� MD5 �޽�� ; ��ϴ� RC2 ��ȣ(rsa_rc2_40_md5)
DES �Ǵ� Export DES	56��Ʈ ��ȣȭ �� SHA �޽�� ; ��ϴ� DES(rsa_des_sha)
DES(FIPS)	56��Ʈ ��ȣȭ �� SHA �޽�� ; ��ϴ� FIPS DES. �� ȣ�� ȣȭ �� ; '�� ̱� d�� ǥ�� FIPS 140-1(rsa_fips_des_sha); �ؼ��մϴ�.
Triple-DES	168��Ʈ ��ȣȭ �� SHA �޽�� ; ��ϴ� Triple DES(rsa_3des_sha)
Triple-DES(FIPS)	168��Ʈ ��ȣȭ �� SHA �޽�� ; ��ϴ� FIPS Triple DES. �� ȣ�� ȣȭ �� ; '�� ̱� d�� ǥ�� FIPS 140-1(rsa_fips_3des_sha); �ؼ��մϴ�.
Fortezza	80��Ʈ ��ȣȭ �� SHA �޽�� ; ��ϴ� Fortezza ��ȣ
RC4(Export)	128��Ʈ ��ȣȭ �� SHA �޽�� ; ��ϴ� Fortezza RC4 ��ȣ
��=(Fortezza)	��ȣȭ ��=, Fortezza SHA �޽��

�� ֿܼ�� SSL; ��Ϸx� �ּ�� = ��ȣ �� ϳ�� ؾ� �մϴ�.

40��Ʈ ��ȣȭ �� MD5 �޽�� ; ��ϴ� RC4 ��ȣ

��ȣȭ ��=, MD5 �޽�� (�� =)

56��Ʈ ��ȣȭ �� SHA �޽�� ; ��ϴ� DES

128��Ʈ ��ȣȭ �� MD5 �޽�� ; ��ϴ� RC4 ��ȣ

168��Ʈ ��ȣȭ �� SHA �޽�� ; ��ϴ� Triple DES

Directory Server �ܼ�� ֻ�' �� ǿ�� ̸�� Ե� ��Ʈ ��带 �� = �8�� â�� ȣȭ ��; ��մϴ�.

�� ȣȭ ��d�� ǿ� ǥ�õ˴ϴ�. SSL Ȱ��ȭ�� ó�� SSL; Ȱ��ȭ�ؾ� �մϴ�.

��ȣ ��d; ��ϴ�.

��ȣ �⺻ ��d ��ȭ ��ڰ� ǥ�õ˴ϴ�.

��ȣ �⺻ ��d ��ȭ ��ڿ�� ̸� �� ִ� Ȯ�ζ�; ��ϰų� �� Ͽ� �� ȣ�� d�մϴ�.

��Ȼ� Ưd ��ȣ�� ʴ� ��찡 �ƴϸ� none, MD5�� f�� ȣ�� ؾ� �մϴ�.



��	��ȣȭ ��=, MD5 �޽�� ȣ �ɼ�: �� ʽÿ�. �� Ŭ��̾�Ʈ�� ٸ� ��ȣ�� ; �� ɼ�; ��մϴ�. �� ȣȭ�� 8�Ƿ� �� ʽ4ϴ�.

��ȣ �⺻ ��d ��ȭ ��ڿ�� Ȯ��; �� = ��ȣȭ �ǿ�� ; ��ϴ�.

Ŭ��̾�Ʈ ��

Directory Server�� Ŭ��̾�Ʈ �� �ʿ��ϰ� �� ܼ�� SSL; ��Ͽ� ��ϵ�� 쿡�� ̻� �� ܼ�; ��Ͽ� Sun Java System �� 4ϴ�. �� ش� �� /ƿ��Ƽ�� ؾ� �մϴ�.

�� ܼ�; �� ֵ�� 丮 ��; ��Ϸx� ��= �ܰ迡 �� Ŭ��̾�Ʈ ��; �ʼ��� ƴ� �� 8�� d�ؾ� �մϴ�.

�Ʒ� ��; ��Ͽ� cn=encryption,cn=config �׸�; ��d�մϴ�.

ldapmodify -h host -p port -D "cn=Directory Manager" -w password
dn: cn=encryption,cn=config
changetype: modify
replace: nsSSLClientAuth
nsSSLClientAuth: allowed
^D

��ٿ�� ó�� Directory Server�� ٽ� ��մϴ�.

��f �� ܼ�; �� ֽ4ϴ�.

Ŭ��̾�Ʈ ��

Ŭ��̾�Ʈ ��: �� Ŭ��̾�Ʈ ��̵� Ȯ��ϴ� ��Դϴ�. Ŭ��̾�Ʈ�� f�� ϰų� DIGEST-MD5 ��: SASL �� ; �� Ŭ��̾�Ʈ ��; ��ϰ�(DN�� й�ȣ�� f��Ͽ�) �� ֽ4ϴ�. Solaris � üf�� Directory Server�� SASL; �� GSSAPI ��; ��ϹǷ� Kerberos V5�� Ŭ��̾�Ʈ ��; �� ֽ4ϴ�.

�� ÿ�� SSL �w��; �� : Ŭ��̾�Ʈ �� Ͽ� �ĺ�� ׸�; ã�4ϴ�. �� : ��: �� ̹� ��d�Ǿ� �ִ� �� x�ϱ� �� EXTERNAL�̶�? �մϴ�. (�� ܺ� ��; IP �� w��(ipsec)�� Բ� �� ֽ4ϴ�.)

DIGEST-MD5�� SASL ��


��	��̵� ��: �� b�̾ �� ʽ4ϴ�.

DIGEST-MD5 ��: Ŭ��̾�Ʈ�� ؽ� ��; �� й�ȣ�� ؽÿ� ��Ͽ� Ŭ��̾�Ʈ�� մϴ�. �� : �� й�ȣ�� о�� ϱ� �� DIGEST-MD5�� ; ��8�t� ��ڴ� ��丮�� {CLEAR} ��й�ȣ�� ־�� մϴ�. ��丮�� {CLEAR} ��й�ȣ�� ϴ� �� 6��, "�׼�� f�� "�� ϴ� ��ó��, ��й�ȣ�� ׼�� ACI�� ϰ� f�ѵǵ�� ؾ� �մϴ�. �Ӽ� �� ȣȭ�� ϴ� ��ó�� ش� b�̾ �Ӽ� ��ȣȭ�� Ͽ� {CLEAR} ��й�ȣ�� ȣ�� ȭ�� ֽ4ϴ�.

DIGEST-MD5 ��

�Ʒ� �� Directory Server�� DIGEST-MD5�� ϵ�� ϴ� ��
�� մϴ�.

�ܼ��̳� ldapsearch ��; ��Ͽ� DIGEST-MD5�� Ʈ �׸�� supportedSASLMechanisms �Ӽ� �� Ȯ��մϴ�. �� Ʒ� ��: �� Ȱ��ȭ�Ǿ� �ִ� SASL ��; ��ݴϴ�.

ldapsearch -h host -p port -D "cn=Directory Manager" -w password \
-s base -b "" "(objectclass=*)" supportedSASLMechanisms

dn:
supportedSASLMechanisms: EXTERNAL
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: GSSAPI
^D

DIGEST-MD5�� Ȱ��ȭ�Ǿ� �� 8�� Ʒ�� ldapmodify ��; ��Ͽ� Ȱ��ȭ�մϴ�.

ldapmodify -h host -p port -D "cn=Directory Manager" -w password
dn: cn=SASL, cn=security, cn=config
changetype: modify
add: dsSaslPluginsEnable
dsSaslPluginsEnable: DIGEST-MD5
-
replace: dsSaslPluginsPath
dsSaslPluginsPath: ServerRoot/lib/sasl
^D

DIGEST-MD5 ��̵� �� ó�� DIGEST-MD5�� ⺻ ��̵� ��; ��ϰų� ��ο� ��̵� ��; �ۼ��մϴ�.

DIGEST-MD5�� Ͽ� SSL; �� ׼��ϴ� �� й�ȣ�� {CLEAR}�� Ǿ� �ִ�� Ȯ��մϴ�. ��й�ȣ �� ü�踦 ��ϴ� ��: 7��, "�� d �� й�ȣ ��"�� v�Ͻʽÿ�.

SASL �� ׸��̳� DIGEST-MD5 ��̵� �� ׸� �� ϳ�� d�� Directory Server�� ٽ� ��մϴ�.

DIGEST-MD5 ��̵� ��

SASL �� ̵� ��: SASL ��̵�� ڰ� ��; ��丮�� ִ� �� ׸�� ġ��ŵ�ϴ�. �� ڼ�� : ��̵� ��; ��v�Ͻʽÿ�. �� ߿� SASL ��̵� �ش��ϴ� DN; ã; �� 8�� : ��մϴ�.

SASL ��̵�� / ��8�� ڸ� ��Ÿ�� �� ��ڿ��Դϴ�. DIGEST-MD5�� , dn: b�ξ�� LDAP DN �Ǵ� u: b�ξ� �ڿ� Ŭ��̾�Ʈ�� d�� ؽ�Ʈ�� ִ� ��ڸ� Ŭ��̾�Ʈ�� ۼ��ϴ� �� }4ϴ�. Ŭ��̾�Ʈ�� ڴ� �� ߿� ${Principal} �ڸ� ǥ��ڿ�� ֽ4ϴ�.

DIGEST-MD5�� ⺻ ��̵� ��: �� Ʒ� �׸񿡼� ��d�մϴ�.

dn: cn=default,cn=DIGEST-MD5,cn=identity mapping,cn=config
objectClass: top
objectClass: nsContainer
objectClass: dsIdentityMapping
objectClass: dsPatternMatching
cn: default
dsMatching-pattern: ${Principal}
dsMatching-regexp: dn:(.*)
dsMappedDN: $1

�� ̵� ��ο�� dn �ʵ忡 ��x ��丮 �� DN�� ԵǾ� �ִٰ� ��d�մϴ�.

�⺻ �� ׸�; ��ϰų� cn=DIGEST-MD5,cn=identity mapping,
cn=config�� ׸�; �ۼ��մϴ�. ��̵� �� ׸�� Ӽ� d�ǿ� ��ؼ�� ̵� ��; ��v�Ͻʽÿ�. DIGEST-MD5 �� Ʒ� ��Ͽ� ��ԵǾ� �ֽ4ϴ�.

ServerRoot/slapd-serverID/ldif/identityMapping_Examples.ldif

�� d�� ̸�� ƴ� �� ؽ�Ʈ �ʵ忡 ��ϴ� ��̵�� ̸�� ԵǾ� �ִٰ� ��d�մϴ�. �Ʒ� ��: �� �� d�ǵǴ�� ݴϴ�.

ldapmodify -a -h host -p port -D "cn=Directory Manager" -w password
dn: cn=unqualified-username,cn=DIGEST-MD5,cn=identity mapping,
cn=config
objectclass: dsIdentityMapping
objectclass: dsPatternMatching
objectclass: nsContainer
objectclass: top
cn: unqualified-username
dsMatching-pattern: ${Principal}
dsMatching-regexp: u:(.*)@(.*)\.com
dsSearchBaseDN: dc=$2
dsSearchFilter: (uid=$1)

Directory Server�� ٽ� ��Ͽ� �� ; ��մϴ�.

GSSAPI�� SASL ��(Solaris�� ش�)

SASL; �� GSSAPI(Generic Security Services API)�� ϸ� Kerberos V5�� : Ÿ�� ý��; �� Ŭ��̾�Ʈ�� ֽ4ϴ�. GSSAPI ��̺귯�� Solaris SPARC �� ÷�� ֽ4ϴ�. SEAM(Sun Enterprise Authentication Mechanism) 1.0.1 �� Kerberos V5 ��; ��ġ�ϴ� �� }4ϴ�.

�� API�� Ͽ� �� ̵� ��մϴ�. �׷� �Ŀ� SASL �� GSSAPI �� Ģ; ��Ͽ� �� /��Ǵ� �� ۾�� ε� DN8�� d�� DN; ��4ϴ�.

Ŀ��ν� �ý��

fv��ü�� ħ�� Ŀ��ν� ��Ʈ�� ��մϴ�. SEAM 1.0.1 �� ϴ� �� Ʒ� �ܰ赵 ��ؾ� �մϴ�.

/etc/krb5�� ִ� ��; ��մϴ�.

��ڿ� ��񽺸� �� Ŀ��ν� ��ͺ��̽�� ۼ�� =, ��⿡ LDAP �� ڸ� �ۼ��մϴ�. LDAP �� ڴ� ��=�� 4ϴ�.

ldap/serverFQDN@REALM

��⼭ serverFQDN: Directory Server�� d��ȭ�� ̸��Դϴ�.

Ŀ��ν� �� wμ�� մϴ�.

DNS�� ȣ��Ʈ �ý��ۿ� ��ؾ� �մϴ�.

GSSAPI ��

�Ʒ� �� Solaris �÷�� Directory Server�� GSSAPI�� ϵ�� ϴ� �� մϴ�.

GSSAPI ��̵� �� ó�� GSSAPI�� ⺻ ��̵� ��ΰ� �� d�� ; �ۼ��մϴ�.

LDAP �� Ű �� Ű�� Ű ��; �ۼ��մϴ�.

Ű ��: Directory Server ��ڸ� ��; �� ־�� մϴ�.

�� ̸�; �⺻ /etc/krb5/krb5.keytab�� ٸ�� d�Ͻʽÿ�.

start-slapd ��ũ��Ʈ�� ȯ�� KRB5_KTNAME; ��d�Ͽ� �⺻�� ο� Ű ��; ��ϵ�� մϴ�.

SASL �� ׸��̳� GSSAPI ��̵� �� ׸� �� ϳ�� d�� Directory Server�� ٽ� ��մϴ�.

DNS�� ȣ��Ʈ �ý��ۿ� ��ؾ� �մϴ�.

GSSAPI ��̵� ��

SASL ��̵�� / ��8�� ڸ� ��Ÿ�� �� ��ڿ��Դϴ�. GSSAPI�� ϴ� Ŀ��ν�� ڴ� uid[/instance][@realm] �� ̵�� Ÿ��ϴ�. ��⼭ uid�� instance �ĺ��ڰ� �� 8�� Ե� �� 8�� ĺ�� ڿ� �� realm�� ɴϴ�. realm�� Ϲ��8�� ̸�� Ե˴ϴ�. �� , ��=: �� /ȿ�� Դϴ�.

ó=�� 丮�� GSSAPI �� d�ǵǾ� �� ʽ4ϴ�. Ŭ��̾�Ʈ�� ڸ� d��ϴ� �� ⺻ �� ʿ�� d�� ; �� d��ؾ� �մϴ�.

cn=GSSAPI, cn=identity mapping, cn=config�� ׸�; �ۼ��մϴ�. ��̵� �� ׸�� Ӽ� d�ǿ� ��ؼ�� ̵� ��; ��v�Ͻʽÿ�.

GSSAPI �� Ʒ� ��Ͽ� ��ԵǾ� �ֽ4ϴ�.

ServerRoot/slapd-serverID/ldif/identityMapping_Examples.ldif

�� Ͽ� f�� ⺻ GSSAPI ��ο�� ڿ� �� ̵� ��ԵǾ� ��8��, �� ̵�� 丮�� d �б⿡ �ִ� ��ڸ� ��d�Ѵٰ� ��d�մϴ�.

dn: cn=default,cn=GSSAPI,cn=identity mapping,cn=config
objectclass: dsIdentityMapping
objectclass: nsContainer
objectclass: top
cn: default
dsMappedDN: uid=${Principal},ou=people,dc=example,dc=com

�� ٸ� �� ˷�� d�� ڿ� �� ̵� ��d�ϴ� ��; ��ݴϴ�.

dn: cn=same_realm,cn=GSSAPI,cn=identity mapping,cn=config
objectclass: dsIdentityMapping
objectclass: dsPatternMatching
objectclass: nsContainer
objectclass: top
cn: same_realm
dsMatching-pattern: ${Principal}
dsMatching-regexp: (.*)@EXAMPLE.COM
dsMappedDN: uid=$1,ou=people,dc=EXAMPLE,dc=COM

Directory Server�� ٽ� ��Ͽ� ��ο� ��; ��մϴ�.

��̵� ��

Directory Server�� ٸ� �w�� ڰ� ��; ��丮�� DN8�� ؾ� �ϴ� �� Ŀ�� ֽ4ϴ�. DSML-over-HTTP �w��ݰ� DIGEST-MD5 �� GSSAPI SASL �� ̷�� 쿡 �ش��մϴ�. �� ̵� ��; ��Ͽ� Ŭ��̾�Ʈ�� f�� w��ݺ� �ڰ� ��? �� ε� DN; ��d�մϴ�.

��̵� �� ߿�� cn=identity mapping, cn=config �� б�� ׸�� ˴ϴ�. �� б⿡�� ̵� ��; ��ؾ� �ϴ� �� w�� ̳ʰ� ��ԵǾ� �ֽ4ϴ�.

cn=HTTP-BASIC, cn=identity mapping, cn=config - DSML-over-HTTP ��ῡ �� ԵǾ� �ֽ4ϴ�.

cn=DIGEST-MD5, cn=identity mapping, cn=config - DIGEST-MD5 SASL ��; ��ϴ� Ŭ��̾�Ʈ �� ԵǾ� �ֽ4ϴ�.

cn=GSSAPI, cn=identity mapping, cn=config - GSSAPI SASL ��; ��ϴ� Ŭ��̾�Ʈ �� Եǵ�� ۼ��ؾ� �մϴ�.

�� ׸�: ��丮 �˻�� ϱ� '�� w��ݺ� �ڰ� �� Ҹ� ��ϴ� ��; d��մϴ�. �˻� �� ׸�� ȯ�Ǹ� �� ̸�, �� /��Ǵ� �� ׸�; �� ۾�� ε� DN8�� մϴ�. �˻� �� 0 �Ǵ� �� ̻�� ׸�� ȯ�Ǹ� �� ϰ� �ٸ� �� ˴ϴ�.

�� б⸶�� ش� �w�� ⺻ ��ΰ� �� d�� ԵǾ�� մϴ�. �⺻ ��ο�� cn=default RDN�� ְ�, �� d�� ο�� ̸� ��d �Ӽ�8�� cn; ��ϴ� �ٸ� RDN�� ; �� ֽ4ϴ�. �� d�� ϳ�� d�� d�� 򰡵˴ϴ�. �� d�� ϸ� ��8�� ⺻ �� ˴ϴ�. �⺻ ��ε� ��ϸ� Ŭ��̾�Ʈ ��: ��մϴ�.

�� ׸񿡴� top, Container �� dsIdentityMapping ��ü Ŭ�� ־�� ϸ�, �� ׸񿡴� ��=�� : �Ӽ�� Ե� �� ֽ4ϴ�.

dsMappedDN: DN - ��丮�� DN; d��ϴ� ��ͷ� ��ڿ��Դϴ�. ��; �� DN�� 8�� ش� DN�� ε忡 ��˴ϴ�. �ش� DN�� ; �� ˻�; �� ٸ� �Ӽ�; d�� ֽ4ϴ�.

dsSearchBaseDN: DN - �˻�� ⺻ DN�Դϴ�. �� Ӽ�; ��d�� 8�� ο�� ü ��丮 Ʈ�� Ʈ b�̾�(�� ̸� ��d ��ؽ�Ʈ ��. ��, cn=config, cn=monitor �� cn=schema f��)�� ˻��ϰ� �˴ϴ�.

dsSearchScope: base|one|sub - �˻� �⺻ �׸� ��ü, �⺻ �׸� �Ʒ�� ϳ�� ' ��, �⺻ �׸� �Ʒ�� ü ��' Ʈ�� ϳ�� ˻� ��'�Դϴ�. �� Ӽ�; ��d�� 8�� ˻�� ⺻ ��'�� ü ��' Ʈ��Դϴ�.

dsSearchFilter: filterString - �� ˻�; �� ڿ��Դϴ�. LDAP �˻� ��ʹ� RFC 2254(http://www.ietf.org/rfc/rfc2254.txt)�� d�ǵǾ� �ֽ4ϴ�.

�� ׸񿡴� dsPatternMatching ��ü Ŭ�� ԵǾ� ��=�� : �Ӽ�� ; �� ֽ4ϴ�.

dsMatching-pattern: patternString - �� ġ�� ڿ�; ��d�մϴ�.

dsMatching-regexp: regularExpression - �� ڿ�� d�� ǥ��; ��d�մϴ�.

dsSearchScope�� f�� '�� Ӽ� �� ${keyword} �� ڸ� ǥ��ڰ� ��Ե� �� ֽ4ϴ�. ��⼭ keyword�� w��ݺ� �ڰ� ��? �ִ� �� ̸��Դϴ�. �� ߿� �ڸ� ǥ��ڴ� Ŭ��̾�Ʈ�� f�� f ��8�� ü�˴ϴ�.

�� ڸ� ǥ��ڰ� ��ü�� Ŀ� d�ǵ� �� ġ�� ˴ϴ�. ��ġ�ϴ� ��: d�� ǥ��İ� �񱳵˴ϴ�. d�� ǥ�� ڿ�� ġ�� 8�� : ��մϴ�. ��ġ�ϸ� ��ȣ �ȿ� �ִ� d�� ǥ�� v�ǿ� ��ġ�ϴ� ��; ��ȣ�� Ű�� ٸ� �Ӽ� �� ڸ� ǥ��ڷ� �� ֽ4ϴ�. �� , SASL�� Ʒ� ��; d�� ֽ4ϴ�.

dsMatching-pattern: ${Principal}
dsMatching-regexp: (.*)@(.*)\.(.*)
dsMappedDN: uid=$1,ou=people,dc=$2,dc=$3

Ŭ��̾�Ʈ�� bjensen@example.com ��ڷ� ��ϸ� �� : uid=bjensen,
ou=people,dc=example,dc=com ��ε� DN; d��մϴ�. ��丮�� DN�� 8�� Ͽ� Ŭ��̾�Ʈ �� ̷��, �� /��Ǵ� �� ۾�: �� ε� DN; ��մϴ�.

dsMatching-pattern: Posix regexec(3C) �� regcomp(3C) �Լ� ȣ��; ��Ͽ� dsMatching-regexp�� 񱳵˴ϴ�. Directory Server�� Ȯ�� d�� ǥ��; ��ϸ�, �� ҹ��ڸ� �� ʽ4ϴ�. �ڼ�� : Directory Server Man Page Reference�� ̷�� Լ� �� ? �� v�Ͻʽÿ�.

�ڸ� ǥ��ڸ� �� ִ� �Ӽ� �� ڸ� ǥ��ڷ� �� : $, { �� } ��ڴ� �ٸ� �ڸ� ǥ��ڸ� �� ʾƵ� �ݵ�� ڵ��ؾ� �մϴ�. ��, �� $�� \24��, {�� \7B��, }�� \7D�� ڵ��ؾ� �մϴ�.

�ڸ� ǥ��ڿ� ��ü�� ϸ� �w��ݺ� �ڰ� ��?�� ̸�� ٸ� ��; ��ϴ� ��; �ۼ��ϰ� �� ; ��Ͽ� ��ε� DN; d��ϰų� ��丮�� ش� DN; �˻�� ֽ4ϴ�. ��丮 Ŭ��̾�Ʈ�� f�� ڰ� ��; ��ϴ� ��; d��ϰ� Ưd ��丮 ��v�� ̸� ��ؾ� �մϴ�.


��	f�� d�ǵ�� : ��; �ۼ��ϸ� ��ȿ� ��a�� ֽ4ϴ�. �� , �� ġ�� ʰ� �ϵ� �ڵ�� DN�� ϸ� �׻� �� ϱ� �� 丮 ��ڰ� �ƴ� Ŭ��̾�Ʈ�� ֽ4ϴ�. ��ġ�� '�ϰ� �� '�� : �� ; �ۼ��ϴ� �ͺ�� پ�� Ŭ��̾�Ʈ �ڰ� �� ; ó��ϴ� �� ; d��ϴ� �� մϴ�. �׻� Ŭ��̾�Ʈ �ڰ� ��? �� Ŭ��̾�Ʈ ��; Ưd ��ڿ�� ؾ� �մϴ�.

LDAP Ŭ��̾�Ʈ�� ; ��ϵ��

��= �� Directory Server�� ; ��Ϸt� LDAP Ŭ��̾�Ʈ�� SSL; �� ϴ� �� մϴ�. SSL ��ῡ�� ش� �� Ŭ��̾�Ʈ�� 4ϴ�. Ŭ��̾�Ʈ�� Ʈ��Ʈ�Ͽ� �� ؾ� �մϴ�. �׷� �Ŀ� Ŭ��̾�Ʈ�� SASL ��(DIGEST-MD5 �Ǵ� Kerberos V5�� ϴ� GSSAPI) �� ϳ�� d�� ڽ�� Ŭ��̾�Ʈ �� ϳ�� 8�� ֽ4ϴ�.

��= �� SSL; ��ϴ� LDAP Ŭ��̾�Ʈ�� ldapsearch �� մϴ�. Directory Server�� Բ� f�� ldapmodify, ldapdelete �� ldapcompare �� 8�� ˴ϴ�. �̷�� 丮 �׼�� Directory SDK for C�� ; �ΰ� ��8��, Directory Server Resource Kit Tools Reference�� ڼ�� մϴ�.

�ٸ� LDAP Ŭ��̾�Ʈ�� SSL ��; ��Ϸx� �?� �wα׷�� Բ� f�� ?�� v�Ͻʽÿ�.

Ŭ��̾�Ʈ��

Ŭ��̾�Ʈ�� SSL ��; �� f�� Ʈ��Ʈ�ؾ� �մϴ�. �̷�� Ϸx� Ŭ��̾�Ʈ�� =�� : �۾�; ��ؾ� �մϴ�.


��	�Ϻ� Ŭ��̾�Ʈ �?� �wα׷�: SSL�� ϰ� �� Ʈ��Ʈ�� ִ� �� ִ�� Ȯ�� 8�Ƿ� SSL �w��; ��Ͽ� �� ȣȭ�� f�� м��̳� ��Ī�� ȣ�� 4ϴ�.

�� ͺ��̽�� ۼ��մϴ�.

�� ߱��ϴ� �� (CA); Ʈ��Ʈ�մϴ�.

LDAP Ŭ��̾�Ʈ�� SSL �ɼ�; ��d�մϴ�.

Mozilla�� SSL; ��Ͽ� HTTP �w��; �� % �� ϴ� Ŭ��̾�Ʈ �?� �wα׷��Դϴ�. Mozilla�� Ͽ� LDAP Ŭ��̾�Ʈ�� ֽ4ϴ�. �Ǵ� certutil �� Ͽ� �� ͺ��̽�� ֽ4ϴ�.

Mozilla�� Ŭ��̾�Ʈ ��

�Ʒ� �� Mozilla�� Ͽ� Ŭ��̾�Ʈ �ý��ۿ�� ͺ��̽�� ϴ� �� մϴ�.

Mozilla�� ۰� ��ÿ� �� ͺ��̽�� ִ�� Ȯ��ϸ�, �ʿ�� ͺ��̽�� ۼ��մϴ�. �� ͺ��̽�� .mozilla/username/string.slt/cert8.db�� ٸ� Mozilla �⺻ ��d�� Բ� ��Ͽ� ��˴ϴ�.

�� Mozilla�� ۼ�� ͺ��̽�� ã�� Ŭ��̾�Ʈ �?� �wα׷�� θ� �� Ӵϴ�.

Mozilla�� Ͽ� �׼�� Directory Server �� ߱�� % ��Ʈ�� Ž��մϴ�. Mozilla�� ڵ�8�� ˻��ϸ�, Ʈ��Ʈ ��θ� �� ޽�� ǥ��մϴ�.

�� , ��ο�8�� Sun Java System Certificate Server�� ϴ� �� https://hostname:444 �� URL; �湮�մϴ�.

�� Ʈ��Ʈ�϶�� ޽�� Mozilla�� ǥ�õǸ� �� Ʈ��Ʈ�մϴ�. �� ; '�� CA �� Ʈ��Ʈ�ؾ� �մϴ�.

CA % ��Ʈ�� ܰ踦 �� 쵵 �ֽ4ϴ�. CA �� Ʈ��Ʈ�϶�� ޽�� Mozilla�� ڵ�8�� ǥ�õ�� 8�� Ʒ� �� Ͽ� �� 8�� Ʈ��Ʈ�մϴ�.

��; �� Ŭ��̾�Ʈ ��

��; �� Ϸx� certutil �� մϴ�. �� SUNWtlsu ��Ű�� ԵǾ� �ֽ4ϴ�.

�Ʒ� ��; ��Ͽ� Ŭ��̾�Ʈ ȣ��Ʈ �ý��ۿ� �� ͺ��̽�� ۼ��մϴ�.

certutil -N -d path -P prefix

�� ȣ�ϴ� ��й�ȣ�� Է��϶�� ޽�� ڿ�� ǥ�� = path/prefixcert8.db �� path/prefixkey3.db ��; ��մϴ�.

LDAP Ŭ��̾�Ʈ �?� �wα׷� ��ڴ� �ڽŵ鸸 �׼�� ִ� 'ġ(��: Ȩ ��丮�� ȣ�� ' ��丮)�� 8�� ͺ��̽�� ۼ��ؾ� �մϴ�.

�׼��Ϸt� Directory Server�� ߱�� Ͽ� CA �� û�մϴ�. �� ; ��ų� �ش� % ��Ʈ�� ׼��Ͽ� PEM ��ڵ�� ؽ�Ʈ �� PKCS #11 �� ; �� ֽ4ϴ�. �� Ͽ� ��մϴ�.

�� , ��ο�8�� Sun Java System Certificate Server�� ϴ� �� https://hostname:444 �� URL; �湮�մϴ�. �ֻ�' �˻� �ǿ�� CA �� ü�� n�1⸦ ��ϰ� ��ڵ�� մϴ�.

�Ǵ�, �� CA�� Ŭ��̾�Ʈ �� Ʈ��Ʈ �� : CA �� ٽ� �� ֽ4ϴ�.

SSL ��ῡ �� ߱��ϱ� '�� CA �� Ʈ��Ʈ�� ִ� CA�� n�ɴϴ�. �Ʒ� ��; ��մϴ�.

certutil -A -n "certificateName" -t "C,," -a -i certFile -d path -P prefix

��⼭ certificateName: �� ĺ��ϱ� '�� ڰ� ��d�� ̸��̰� certFile: PEM ��ڵ�� ؽ�Ʈ �� PKCS #11 CA �� ִ� �ؽ�Ʈ ��̸�, path�� prefix�� ܰ� 1�� 4ϴ�.

LDAP Ŭ��̾�Ʈ �?� �wα׷�� ڴ� CA �� ڽ�� ͺ��̽�� n�;� �ϸ� �� ڰ� certFile�� ִ� �� n�� ֽ4ϴ�.

�� SSL �ɼ� ��d

ldapsearch �� Ͽ� SSL�� ; ��Ϸx� ��ڴ� �� ͺ��̽� ��θ� ��d�ϸ� �˴ϴ�. �� Ʈ�� SSL ��; �� ü �� 4ϴ�. �׷� �Ŀ� ldapsearch �� ͺ��̽�� ߱�� CA�� Ʈ��Ʈ�� ִ� CA �� ã�4ϴ�.

�Ʒ� ��: Mozilla�� ͺ��̽�� ۼ�� ڰ� �ڽ�� ͺ��̽�� d�ϴ� ��; ��ݴϴ�.

ldapsearch -h host -p securePort \
           -D "uid=bjensen,dc=example,dc=com" -w bindPassword \
           -Z -P .mozilla/bjensen/string.slt/cert8.db \
           -b "dc=example,dc=com" "(givenname=Richard)"

Ŭ��̾�Ʈ��

Ŭ��̾�Ʈ �� ⺻ ��: �� Ͽ� Directory Server�� ڸ� ��ϰ� �ĺ��ϴ� ��Դϴ�. �� Ŭ��̾�Ʈ ��; ��Ϸx� ��=�� : �۾�; �ؾ� �մϴ�.

�� 丮 ��ڿ� �� Ŭ��̾�Ʈ �?� �wα׷�� ׼�� ִ� 'ġ�� ġ�մϴ�.

�� 纻; ��Ͽ� �� 丮 �׸�; ��մϴ�. ��; ��ϴ� �� Ŭ��̾�Ʈ �?� �wα׷�� f�� 纻�� Ͽ� ��ڸ� dȮ�ϰ� �ĺ��մϴ�.

Administration Server Administration Guide�� Ǿ� �ִ� �� ; '�� Ͻʽÿ�.

�� LDAP Ŭ��̾�Ʈ�� SSL �ɼ�; ��d�մϴ�.

�� certutil �� Ͽ� ��; �� ؾ� �մϴ�. �� SUNWtlsu ��Ű�� ԵǾ� �ֽ4ϴ�.

�� ġ

�� ; ��Ͽ� ��丮�� ׼��Ϸt� �� ڴ� Ŭ��̾�Ʈ �� û�Ͽ� ��ġ�ؾ� �մϴ�. �� Ŭ��̾�Ʈ�� ó�� ڰ� �̹� �� ͺ��̽�� ߴٰ� ��d�մϴ�.

�Ʒ� ��; ��Ͽ� �� û; �ۼ��մϴ�.

certutil -R \
-s "cn=Babs Jensen,ou=Sales,o=example.com,l=city,st=state,c=country"\
-a -d path -P prefix

-s �ɼ�: ��û�� DN; ��d�մϴ�. ��ü�� : �� /�ڸ� dȮ�ϰ� �ĺ��ϱ� '�� Ӽ�; �� ʿ�� մϴ�. �ܰ� 9�� ; �� DN�� 丮 DN�� ε˴ϴ�.

path �� prefix�� Ű ��ͺ��̽�� ã�4ϴ�. certutil �� ڿ�� Ű ��ͺ��̽� ��й�ȣ�� Է��϶�� ޽�� ǥ�� = PEM ��ڵ�� ؽ�Ʈ ��8�� PKCS #10 �� û; ��մϴ�.

�ش� �� ڵ�� û; ��Ͽ� ��Ͽ� �� 8�� 4ϴ�. �� , �� Ϸ� �� û; �� ϴ� ��쵵 �ְ� CA % ��Ʈ�� û; �Է�� ִ� ��쵵 �ֽ4ϴ�.

CA�� 4�; �� PEM ��ڵ�� ؽ�Ʈ�� ٿ�ε��ϰų� �ؽ�Ʈ ��Ͽ� ��մϴ�.

�Ʒ� ��; ��Ͽ� �� ͺ��̽�� ġ�մϴ�.

certutil -A -n "certificateName" -t "u,," -a -i certFile -d path -P prefix

��⼭ certificateName: �� ĺ��ϱ� '�� ڰ� ��d�� ̸��̰� certFile: PEM �� PKCS #11 CA �� ִ� �ؽ�Ʈ ��̸�, path�� prefix�� ܰ� 1�� 4ϴ�.

�Ǵ� Mozilla�� ͺ��̽�� ϴ� �� CA % ��Ʈ�� ִ� ��ũ�� Ͽ� �� b ��ġ�� ֽ4ϴ�. �� ũ�� = Mozilla�� f��ϴ� ��ȭ ��ڿ� �� ܰ躰�� մϴ�.

�Ʒ� ��; ��Ͽ� �� 纻; �ۼ��մϴ�.

certutil -L -n "certificateName" -d path -r > userCert.bin

��⼭ certificateName: ��ġ�� d�� ̸��̰� path�� ͺ��̽�� 'ġ�̸�, userCert.bin: �� Ե� �� ̸��Դϴ�.

Directory Server�� Ŭ��̾�Ʈ �� /�� 丮 �׸� userCertificate �Ӽ�; �߰��մϴ�.

�ܼ�; �� ߰��Ϸx� ��=; ��մϴ�.

Directory Server �ܼ�� ֻ�' ��丮 �� 丮 Ʈ�� ׸�; ã�� 콺 �8�� ư8�� ˾� �޴�� Ϲ� �� ;>��մϴ�.

�Ϲ� ��⿡�� Ӽ� �߰�� ϴ�.

�˾� ��ȭ ��ڿ�� userCertificate �Ӽ�; ��ϰ� ��' /�� Ӵٿ� ��Ͽ�� binary�� մϴ�. binary ��' /��; ��d�� 8�� մϴ�.

�Ϲ� ��⿡�� userCertificate �ʵ带 ã�4ϴ�. �ش� �� d ��ư; �� Ӽ�� ; ��d�մϴ�.

�� d ��ȭ ��ڿ� �ܰ� 6�� ۼ�� userCert.bin �� ̸�; �Է��ϰų� ã�ƺ��⸦ �� ش� ��; ã�4ϴ�.

�� d ��ȭ ��ڿ�� Ȯ��; �� = �Ϲ� ��⿡�� ; ��ϴ�.

��ٿ�� ߰��Ϸx� �Ʒ� �� ldapmodify ��; ��մϴ�. �� : SSL; ��Ͽ� �� ; �� 4ϴ�.

ldapmodify -h host -p securePort \
-D "uid=bjensen,dc=example,dc=com" -w bindPassword \
-Z -P .mozilla/bjensen/string.slt/cert8.db
version: 1
dn: uid=bjensen,dc=example,dc=com
changetype: modify
add: userCertificate
userCertificate;binary: < file:///path/userCert.bin

binary ��' /��; �� 8�� մϴ�. < �յ�� : �߿��ϹǷ� ǥ�õ� �� dȮ�ϰ� ��ؾ� �մϴ�. < ��; ��Ͽ� �� ̸�; ��d�Ϸx� LDIF ��ɹ�; version: 1�� ؾ� �մϴ�. ldapmodify�� ɹ�; ó�� Ӽ�; ��d�� ü ��뿡�� : ��8�� d�մϴ�.

�ʿ�� ߱�� CA �� Directory Server�� ġ�Ͽ� Ʈ��Ʈ�մϴ�. Ŭ��̾�Ʈ ��; ��Ϸx� �� CA�� Ʈ��Ʈ�ؾ� �մϴ�. �� Ʈ��Ʈ�� v�Ͻʽÿ�.

Administration Server Administration Guide�� Ǿ� �ִ� �� ; '�� Directory Server�� մϴ�. �� LDAP Ŭ��̾�Ʈ�� f�� ش� �� DN�� ֵ�� certmap.conf ��; ��մϴ�.

certmap.conf �� verifyCert �Ű� �� on8�� d�Ǿ� �ִ�� Ȯ��մϴ�. �̷�� ϸ� �� ׸� �� ִ�� Ȯ��Ͽ� ��ڸ� ��մϴ�.

�� Ŭ��̾�Ʈ �� SSL �ɼ� ��d

ldapsearch �� Ͽ� SSL�� Ŭ��̾�Ʈ ��; ��Ϸt� �� ڴ� �ڽ�� ϴ� �� ɼ�; ��d�ؾ� �մϴ�. �� Ʈ�� SSL ��; ��d�ϸ� �� = �� 4ϴ�.

�Ʒ� ��: ��ڰ� Mozilla�� ۼ�� ڽ�� ͺ��̽�� ׼��ϴ� �ɼ�; ��d�ϴ� ��; ��ݴϴ�.

ldapsearch -h host -p securePort \
           -Z -P .mozilla/bjensen/string.slt/cert8.db \
           -N "certificateName" \
           -K .mozilla/bjensen/string.slt/key3.db -W keyPassword \
           -b "dc=example,dc=com" "(givenname=Richard)"

-Z �ɼ�: �� ; ��Ÿ�� certificateName: �� d�ϸ�, -K �� -W �ɼ�: Ŭ��̾�Ʈ �?� �wα׷�� ׼��Ͽ� �� ֵ�� մϴ�. -D �� -w �ɼ�; ��d�� 8�� ; �� ε� DN�� d�˴ϴ�.

Ŭ��̾�Ʈ�� SASL DIGEST-MD5 ��

Ŭ��̾�Ʈ�� DIGEST-MD5 ��; ��ϴ� ��쿡�� ġ�� ʿ䰡 ��4ϴ�. �� ȣȭ�� SSL ��; ��Ϸx� Ŭ��̾�Ʈ�� ó�� Ʈ��Ʈ�ؾ� �մϴ�.

�� d

��: �� ̵� ��ϴ� �̸� ��; d��մϴ�. DIGEST-MD5 �� Ưd �� ؾ� �մϴ�.

Directory Server�� ý�� d��ȭ�� ȣ��Ʈ �̸�; DIGEST-MD5�� ⺻ ��8�� ϸ�, nsslapd-localhost �� Ӽ�� ִ� ȣ��Ʈ �̸�� ҹ�� ; ��մϴ�.

ȯ�� d

UNIX ȯ�濡�� LDAP �� DIGEST-MD5 ��̺귯�� ã8�x� SASL_PATH ȯ�� d�ؾ� �մϴ�. DIGEST-MD5 ��̺귯�� SASL �÷�� ο� �� 8�� ε�Ǵ� ��/ ��̺귯��̹Ƿ� Korn �� ó�� SASL_PATH �� =�� d�ؾ� �մϴ�.

�� ο�� Directory Server�� LDAP �� ȣ��Ʈ�� ġ�Ǿ� �ִٰ� ��d�մϴ�.

ldapsearch ��

SSL; �� ʰ� DIGEST-MD5 Ŭ��̾�Ʈ ��; �� ֽ4ϴ�. �Ʒ� �� ⺻ DIGEST-MD5 ��̵� ��; ��Ͽ� ��ε� DN; ��d�մϴ�.

ldapsearch -h host -p nonSecurePort -D "" -w bindPassword \
           -o mech=DIGEST-MD5 [-o realm="hostFQDN"] \
           -o authid="dn:uid=bjensen,dc=example,dc=com" \
           -o authzid="dn:uid=bjensen,dc=example,dc=com" \
           -b "dc=example,dc=com" "(givenname=Richard)"

' �� -o(�ҹ�� o) �ɼ�; ��Ͽ� SASL �ɼ�; ��d�մϴ�. Realm: �� d�� ȣ��Ʈ �ý�� d��ȭ�� ̸�; f��ؾ� �մϴ�. �wϽ� �۾�� authzid�� ʴ� ��쿡�� authid�� authzid�� ־�� ϸ� �� ; ��n�� մϴ�.

authid ��: ��̵� ��ο� ��Ǵ� ��Դϴ�. authid�� dn: b�ξ ��ǰ� �ڿ� ��丮�� /ȿ�� DN�� 0ų� u: b�ξ ��ǰ� �ڿ� Ŭ��̾�Ʈ�� d�Ǵ� ��ڿ�� 4� �� }4ϴ�. �̷�� ϸ� DIGEST-MD5 ��̵� �� ; �� ֽ4ϴ�.

�Ϲ��8�� SSL ��; ��Ͽ� �� Ʈ�� ȣȭ�� f��ϰ� DIGEST-MD5�� Ͽ� Ŭ��̾�Ʈ ��; f��մϴ�. �Ʒ� �� SSL; �� ۾�; ��մϴ�.

ldapsearch -h host -p securePort \
           -Z -P .mozilla/bjensen/string.slt/cert8.db \
           -N "certificateName" -W keyPassword \
           -o mech=DIGEST-MD5 [-o realm="hostFQDN"] \
           -o authid="dn:uid=bjensen,dc=example,dc=com" \
           -o authzid="dn:uid=bjensen,dc=example,dc=com" \
           -b "dc=example,dc=com" "(givenname=Richard)"

�� -N �� -W �ɼ�: ldapsearch ��ɿ� �ʿ��ϸ� Ŭ��̾�Ʈ �� ʽ4ϴ�. ��, �� authid �� ڿ� �� ٽ� DIGEST-MD5 ��̵� ��; ��մϴ�.

Ŭ��̾�Ʈ�� Ŀ��ν� SASL GSSAPI ��

Ŭ��̾�Ʈ�� GSSAPI ��; ��ϴ� �� ġ�� ʿ�� Kerberos V5 �� ý��; ��ؾ� �մϴ�. �� ȣȭ�� SSL ��; ��Ϸx� Ŭ��̾�Ʈ�� ó�� Ʈ��Ʈ�ؾ� �մϴ�.

Ŭ��̾�Ʈ ȣ��Ʈ�� Kerberos V5 ��

LDAP Ŭ��̾�Ʈ�� ȣ��Ʈ �ý��ۿ� Kerberos V5�� ؾ� �մϴ�.

��ġ ��ħ�� Kerberos V5�� ġ�մϴ�. Sun Enterprise Authentication Mechanism(SEAM) 1.0.1 Ŭ��̾�Ʈ ��Ʈ�� ��ġ�� ; ��մϴ�.

Ŀ��ν� ��Ʈ�� ��մϴ�. SEAM; ��ϸ�/etc/krb5�� ִ� ��; ��Ͽ� kdc �� d�ϰ�, �⺻ �� Ŀ��ν� �ý��ۿ� �ʿ�� Ÿ ��; d�� ֽ4ϴ�.

�ʿ�� /etc/gss/mech ��; ��d�Ͽ� kerberos_v5�� ù ��° ��8�� ǥ��մϴ�.

Ŀ��ν� �� SASL �ɼ� ��d

GSSAPI�� ϴ� Ŭ��̾�Ʈ �?� �wα׷�; ��ϱ� �� Ʒ� ��; ��Ͽ� Ŀ��ν� �� ý��; ��ڷ� �ʱ�ȭ�ؾ� �մϴ�.

kinit userPrincipal

userPrincipal: �� SASL ��̵��Դϴ�(��: bjensen@EXAMPLE.COM).

Ŀ��ν�� ϵ�� SASL �ɼ�; ��d�մϴ�.

UNIX ȯ�濡�� dȮ�� ̺귯�� ã8�x� SASL_PATH ȯ�� ServerRoot/lib/sasl8�� d�ؾ� �մϴ�. Korn �� =�� 4ϴ�.

export SASL_PATH=ServerRoot/lib/sasl

�� ο�� Directory Server�� LDAP �� ȣ��Ʈ�� ġ�Ǿ� �ִٰ� ��d�մϴ�.

�Ʒ�� ldapsearch �� -o(�ҹ�� o) �ɼ�; ��Ͽ� Ŀ��ν� ��뿡 �� SASL �ɼ�; ��d�ϴ� ��; ��ݴϴ�.

ldapsearch -h host -p Port \
           -o mech=GSSAPI \
           -o authid="bjensen@EXAMPLE.COM" \
           -o authzid="bjensen@EXAMPLE.COM"] \
           -b "dc=example,dc=com" "(givenname=Richard)"

authid�� kinit ��8�� ʱ�ȭ�� Ŀ��ν� ĳ�ÿ� �ֱ� �� ֽ4ϴ�. authid�� ִ� ��, �wϽ� �۾� �� authzid�� ʴ� ��쿡�� authid�� authzid ��: �� ; ��n�� մϴ�. authid ��: ��̵� ��ο� ��Ǵ� ��Դϴ�. ��ڴ� ��; ��ϴ� �� ڿ�� մϴ�. �ڼ�� : GSSAPI ��̵� ��; ��v�Ͻʽÿ�.

SASL�� ִ� GSSAPI�� Ͽ� Ŀ��ν� �� : ��

Directory Server�� Ŀ��ν� ��: �� ۾�� ֽ4ϴ�. ��8�� Ŀ��ν� ��?�� v�Ͻʽÿ�.

�Ʒ�� Ͽ� � �ܰ踦 �� Դϴ�. �׷�� ̷�� f�õ� ��̹Ƿ� �� ڽ�� ȯ�濡 �°� ��d�ؾ� �մϴ�.

Solaris�� Ŀ��ν�� ϴ� �� ڼ�� : Solaris ��? ��Ʈ�� Ϻ�� Security Services System Administration Guide�� ֽ4ϴ�. �� ? �� v�� ֽ4ϴ�.

��d

�� ǻ�� - Ŀ��ν� Ŭ��̾�Ʈ ��

�� ǻ�� - Administration Server ACL ��

KDC ��ǻ�� - KDC ��

KDC ��ǻ�� - KDC ��ͺ��̽� ��

KDC ��ǻ�� - �� Ű ��

KDC ��ǻ�� - Ŀ��ν� ��

KDC ��ǻ�� - KDC �� Directory Server ��ǻ�Ϳ� �� ȣ��Ʈ �� ߰�

KDC ��ǻ�� - Directory Server�� LDAP �� ߰�

KDC ��ǻ�� - KDC�� ׽�Ʈ �� ߰�

Directory Server ��ǻ�� - Directory Server ��ġ

Directory Server ��ǻ�� - GSSAPI�� Ȱ��ȭ�ϵ�� Directory Server ��

Directory Server ��ǻ�� - Directory Server Ű ��

Directory Server ��ǻ�� - Directory Server�� ׽�Ʈ �� ߰�

Directory Server ��ǻ�� - �׽�Ʈ ��ڷμ� Ŀ��ν� Ƽ�� ޱ�

Ŭ��̾�Ʈ ��ǻ�� - GSSAPI�� Directory Server ��

��d

�� ǻ�� 밡 KDC�� ۵��ϰ� ��v ��ǻ�ʹ� Directory Server�� Ͽ� ��ڰ� GSSAPI�� Ŀ��ν� ��; ��ϵ�� ϴ� �wμ�� մϴ�.

KDC�� Directory Server�� : ��ǻ�Ϳ�� ֽ4ϴ�. �̷�� ǵ�� : �� Directory Server ��ǻ�Ϳ�� ̹� KDC ��ǻ�Ϳ� �� ܰ�� ϵ�� մϴ�.

�̷�� ȯ�濡 �� d; ��f�� մϴ�. �̴� �Ʒ�� Ǿ� �ֽ4ϴ�. �� ȯ�濡 �°� �� ; ��d�Ͻʽÿ�.

�� ý��ۿ�� ֽ� �� ġ Ŭ��Ͱ� ��ġ�Ǿ� �ִ� Solaris 9 � ȯ�� ġ�˴ϴ�. �� Soalris ��ġ�� ġ�Ǿ� �� ʾ� Directory Server�� Ŀ��ν� �� ϴ� ��찡 ��8�Ƿ� �ֽ� �� ġ Ŭ��Ͱ� ��ġ�Ǵ� ��: �߿��մϴ�. �� ȭ�� ü�� Solaris 10�� ;�� : �ణ �ٸ�� Ϻ� �� : �ٸ� �� ֽ4ϴ�.

Ŀ��ν� ��; ��ϴ� ��ǻ�ʹ� kdc.example.com�̶�� d��ȭ�� ̸�; �� ˴ϴ�. �� ǻ�ʹ� �̸� ��d ��񽺷μ� DNS�� ϵ�� Ǿ�� մϴ�. (�̴� Ŀ��ν�� 䱸 ��8�μ� file ��: ��Ÿ �̸� ��d ��񽺰� �� Ǵ� ��쿡�� Ϻ� �۾�� ֽ4ϴ�.)

Directory Server�� ϴ� ��ǻ�ʹ� directory.example.com�̶�� d��ȭ�� ̸�; �� ˴ϴ�. �� ǻ�� ̸� ��d ��񽺷μ� DNS�� ϵ�� Ǿ�� մϴ�.

Directory Server ��ǻ�ʹ� Ŀ��ν�� Directory Server�� ϴ� �۾� �� Ŭ��̾�Ʈ �ý�� ; ��մϴ�. �̷�� : Directory Server �� Ŀ��ν� �� ٿ� �� ִ� �� ý��ۿ�� ʿ�� Ұ� �� Directory Server�� f��ǹǷ� �� ش� �ý��ۿ�� ˴ϴ�.

Directory Server�� ڴ� uid=username, ou=People,dc=example,dc=com�̶�� DN; �� ش�Ǵ� Ŀ��ν� ��ڴ� username@EXAMPLE.COM�� ˴ϴ�. �ٸ� �̸� ��d ��Ű�� ϴ� ��쿡�� ٸ� GSSAPI ��̵� ��; ��ؾ� �մϴ�.

�� ǻ�� - Ŀ��ν� Ŭ��̾�Ʈ ��

/etc/krb5/krb5.conf �� : KDC�� ϱ� '�� Ŀ��ν� Ŭ��̾�Ʈ�� ʿ�� ϴ� d�� f��մϴ�.

KDC ��ǻ��, Directory Server ��ǻ�� Ŀ��ν�� Ͽ� Directory Server�� Ŭ��̾�Ʈ ��ǻ�Ϳ�� /etc/krb5/krb5.conf �� ; ��=�� Ͻʽÿ�.

"___default_realm___"�� "EXAMPLE.COM"8�� ٲߴϴ�.

"___master_kdc___"�� "kdc.example.com"8�� ٲߴϴ�.

Ŀ��ν� �� ϳ�� ְ� �ǹǷ� "___slave_kdcs___"�� Ե� ��; f��մϴ�.

"___domain_mapping___"�� ".example.com = EXAMPLE.COM"(.example.com�� ó= ��ħǥ�� )8�� ٲߴϴ�.

��Ʈ�� /etc/krb5/krb5.conf �� : �ڵ� �� 11-1�� Ÿ��ϴ�.

�ڵ� �� 11-1 �� Ŀ��ν� Ŭ��̾�Ʈ �� /etc/krb5/krb5.conf

#pragma ident "@(#)krb5.conf 1.2 99/07/20 SMI"
# Copyright (c) 1999, by Sun Microsystems, Inc.
# All rights reserved.
#
# krb5.conf template
# In order to complete this configuration file
# you will need to replace the __<name>__ placeholders
# with appropriate values for your network.
#

[libdefaults]
default_realm = EXAMPLE.COM
[realms]
EXAMPLE.COM = {
kdc = kdc.example.com
admin_server = kdc.example.com
}
[domain_realm]
.example.com = EXAMPLE.COM
[logging]
default = FILE:/var/krb5/kdc.log
kdc = FILE:/var/krb5/kdc.log
kdc_rotate = {

# How often to rotate kdc.log. Logs will get rotated no more
# often than the period, and less often if the KDC is not used
# frequently.
period = 1d

# how many versions of kdc.log to keep around (kdc.log.0, kdc.log.1, ...)
versions = 10
}

[appdefaults]
kinit = {
renewable = true
forwardable= true
}
gkadmin = {
help_url =
http://docs.sun.com:80/ab2/coll.384.1/SEAM/@AB2PageView/1195
}

�� ǻ�� - Administration Server ACL ��

/etc/krb5/kadm5.acl �� Ͽ�� "___default_realm___"�� "EXAMPLE.COM"8�� ٲߴϴ�. ��Ʈ�� /etc/krb5/kadm5.acl ��: �ڵ� �� 11-3�� Ÿ��ϴ�.

KDC ��ǻ�� - KDC ��

/etc/krb5/kdc.conf ��; ��Ͽ� "___default_realm___"�� "EXAMPLE.COM"8�� ٲߴϴ�.

��Ʈ�� /etc/krb5/kdc.conf ��: �ڵ� �� 11-3�� Ÿ��ϴ�.

[kdcdefaults]
kdc_ports = 88,750

[realms]
EXAMPLE.COM = {
profile = /etc/krb5/krb5.conf
database_name = /var/krb5/principal
admin_keytab = /etc/krb5/kadm5.keytab
acl_file = /etc/krb5/kadm5.acl
kadmind_port = 749
max_life = 8h 0m 0s
max_renewable_life = 7d 0h 0m 0s
default_principal_flags = +preauth
}

KDC ��ǻ�� - KDC ��ͺ��̽� ��

bash-2.05# /usr/sbin/kdb5_util create -r EXAMPLE.COM -s
Initializing database ’/var/krb5/principal’ for realm ’EXAMPLE.COM’,
master key name ’K/M@EXAMPLE.COM’
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter KDC database master key: master-password
Re-enter KDC database master key to verify: master-password
bash-2.05#

KDC ��ǻ�� - �� Ű ��

��= ��; ��Ͽ� �� 󿡼� �� kws/admin@EXAMPLE.COM �� Ű�� ִ� �� ڸ� ��ʽÿ�.

bash-2.05# /usr/sbin/kadmin.local
kadmin.local: add_principal kws/admin
Enter password for principal "kws/admin@EXAMPLE.COM": kws-password
Re-enter password for principal "kws/admin@EXAMPLE.COM": kws-password
Principal "kws/admin@EXAMPLE.COM" created.
kadmin.local: ktadd -k /etc/krb5/kadm5.keytab kadmin/kdc.example.com
Entry for principal kadmin/kdc.example.com with kvno 3, encryption type
DES-CBC-CRC added to keytab WRFILE:/etc/krb5/kadm5.keytab.
kadmin.local: ktadd -k /etc/krb5/kadm5.keytab changepw/kdc.example.com
Entry for principal changepw/kdc.example.com with kvno 3, encryption type
DES-CBC-CRC added to keytab WRFILE:/etc/krb5/kadm5.keytab.
kadmin.local: ktadd -k /etc/krb5/kadm5.keytab kadmin/changepw
Entry for principal kadmin/changepw with kvno 3, encryption type
DES-CBC-CRC added to keytab WRFILE:/etc/krb5/kadm5.keytab.
kadmin.local: quit
bash-2.05#

KDC ��ǻ�� - Ŀ��ν� ��

��= ��; ��Ͽ� KDC �� ; ��մϴ�. KDC �wμ�� wμ�� Ͽ� /usr/lib/krb5/krb5kdc�� Ÿ�� : /usr/lib/krb5/kadmind�� Ÿ��ϴ�.

bash-2.05# /etc/init.d/kdc start
bash-2.05# /etc/init.d/kdc.master start
bash-2.05#

Solaris 10�� Ŀ��ν� ��: SMF �w��ӿ�ũ�� մϴ�. Solaris 10�� =�� ; ��Ͻʽÿ�.

bash-2.05# svcadm disable network/security/krb5kdc
bash-2.05# svcadm enable network/security/krb5kdc
bash-2.05# svcadm disable network/security/kadmin
bash-2.05# svcadm enable network/security/kadmin
bash-2.05#

KDC ��ǻ�� - KDC �� Directory Server ��ǻ�Ϳ� �� ȣ��Ʈ �� ߰�

��= �� Ͽ� KDC �� Directory Server ��ǻ�Ϳ� �� Ŀ��ν� ��ͺ��̽�� ȣ��Ʈ ��ڸ� �߰��Ͻʽÿ�. ȣ��Ʈ ��ڴ� klist�� : Ưd Ŀ��ν� /ƿ��Ƽ�� մϴ�.

bash-2.05# /usr/sbin/kadmin -p kws/admin
Enter Password: kws-password
kadmin: add_principal -randkey host/kdc.example.com
Principal "host/kdc.example.com@EXAMPLE.COM" created.
kadmin: ktadd host/kdc.example.com
Entry for principal host/kdc.example.com with kvno 3, encryption type
DES-CBC-CRC added to keytab WRFILE:/etc/krb5/krb5.keytab.
kadmin: add_principal -randkey host/directory.example.com
Principal "host/directory.example.com@EXAMPLE.COM" created.
kadmin: ktadd host/directory.example.com
Entry for principal host/directory.example.com with kvno 3, encryption type DES-CBC-CRC added to keytab WRFILE:/etc/krb5/krb5.keytab.
kadmin: quit
bash-2.05#

KDC ��ǻ�� - Directory Server�� LDAP �� ߰�

Directory Server�� ڰ� ��/�� Ŀ��ν� Ƽ��; Ȯ�� ֵ�� ϱ� '�ؼ�� ش� Directory Server�� ü ��ڰ� �־�� մϴ�. ��, Directory Server�� ϵ� �ڵ�Ǿ� ��8�Ƿ� ldap/fqdn@realm�� ڰ� �ʿ��մϴ�. ��⼭ fqdn: Directory Server�� d��ȭ�� ̸�(Directory Server�� ġ�� f�� d��ȭ�� ̸�� ġ�ؾ� ��)�̸� realm: Ŀ��ν� ��Դϴ�. �� , Directory Server�� ڴ� ldap/directory.example.com@EXAMPLE.COM�� ˴ϴ�.

bash-2.05# /usr/sbin/kadmin -p kws/admin
Enter Password: kws-password
kadmin: add_principal -randkey ldap/directory.example.com
Principal "ldap/directory.example.com@EXAMPLE.COM" created.
kadmin: quit
bash-2.05#

KDC ��ǻ�� - KDC�� ׽�Ʈ �� ߰�

Ŀ��ν� ��; �� ֵ�� ϱ� '�ؼ�� Ŀ��ν� ��ͺ��̽�� ־�� մϴ�. �� ڴ� kerberos-test�� ̸�; �� Ǹ� �̴� Ŀ��ν� ��ڰ� kerberos-test@EXAMPLE.COM�� ȴٴ� �ǹ��Դϴ�.

bash-2.05# /usr/sbin/kadmin -p kws/admin
Enter Password: kws-password
kadmin: add_principal kerberos-test
Enter password for principal "kerberos-test@EXAMPLE.COM": test-password
Re-enter password for principal "kerberos-test@EXAMPLE.COM": test-password
Principal "kerberos-test@EXAMPLE.COM" created.
kadmin: quit
bash-2.05#

Directory Server ��ǻ�� - Directory Server ��ġ

Directory Server 5.2 �� ġ�� ġ�Ͻʽÿ�. ��d �� Ʒ�� 4ϴ�.


d��ȭ�� ǻ�� ̸�	directory.example.com
��ġ ��Ʈ	/data/ds52p2
��	unixuser
�� ׷�	unixgroup
�� ĺ��	directory
�� Ʈ	389
b�̾�	dc=example,dc=com
�� ̵�	admin
�� й�ȣ	dsadmin-password
��	example.com
��丮 �� DN	cn=Directory Manager
��丮 �� й�ȣ	dm-password
�� Ʈ	390

Directory Server ��ǻ�� - GSSAPI�� Ȱ��ȭ�ϵ�� Directory Server ��

��, Directory Server�� ڸ� ��8�� ϴ� Ŀ��ν� ��ڸ� �ĺ��ϴ� �� ; d��ϴ� /data/ds52p2/shared/bin/gssapi.ldif ��; ��ʽÿ�. �ڵ� �� 11-11�� Ÿ�� Ͱ� �� ; ��ϴ�.

n: cn=GSSAPI,cn=identity mapping,cn=config
changetype: add
objectClass: top
objectClass: nsContainer
cn: GSSAPI
dn: cn=default,cn=GSSAPI,cn=identity mapping,cn=config
changetype: add
objectClass: top
objectClass: nsContainer
objectClass: dsIdentityMapping
objectClass: dsPatternMatching
cn: default
dsMatching-pattern: ${Principal}
dsMatching-regexp: (.*)@EXAMPLE.COM
dsMappedDN: uid=$1,ou=People,dc=example,dc=com

dn: cn=SASL,cn=security,cn=config
changetype: modify
replace: dsSaslPluginsPath
dsSaslPluginsPath: /data/ds52p2/lib/sasl

��=8��, ldapmodify ��; ��Ͽ� �ڵ� �� 11-12�� Ÿ�� ó�� ; ��Ͽ� GSSAPI�� Ȱ��ȭ�ϵ�� Directory Server�� Ʈ�Ͻʽÿ�.

�ڵ� �� 11-12 GSSAPI�� Ȱ��ȭ�ϵ�� Directory Server�� Ʈ�ϴ� ��

bash-2.05# ./ldapmodify -D ’cn=Directory Manager’ -w dm-password -a -f
gssapi.ldif
adding new entry cn=GSSAPI,cn=identity mapping,cn=config
adding new entry cn=default,cn=GSSAPI,cn=identity mapping,cn=config
modifying entry cn=SASL,cn=security,cn=config
bash-2.05#

Directory Server ��ǻ�� - Directory Server Ű ��

�ռ� �� ٿ� �� Directory Server�� GSSAPI�� Ŀ��ν� ��ڸ� ��ϱ� '�� KDC�� ü ��ڸ� �ξ�� մϴ�. �� ۾�� ùٷ� �۵��ϵ�� Ϸx� �� d�� Directory Server ��ǻ�� Ŀ��ν� Ű �ǿ� Directory Server�� ۵��ϴ� �� d�� ; �� ִ� �� 8�� ־�� մϴ�.

bash-2.05# /usr/sbin/kadmin -p kws/admin
Enter Password: kws-password
kadmin: ktadd -k /data/ds52p2/slapd-directory/config/ldap.keytab
ldap/directory.example.com
Entry for principal ldap/directory.example.com with kvno 3, encryption type
DES-CBC-CRC added to keytab
WRFILE:/data/ds52p2/slapd-directory/config/ldap.keytab.
kadmin: quit
bash-2.05#

Directory Server�� ϴ� �� Ǵ� �� d�� /�ϰ� �ش� ��ڸ� ��; �� ֵ�� d�� Ű �� Ѱ� ��/��; ��Ͻʽÿ�.

bash-2.05# chown unixuser:unixgroup /data/ds52p2/slapd-directory/config/ldap.keytab
bash-2.05# chmod 600 /data/ds52p2/slapd-directory/config/ldap.keytab
bash-2.05#

�⺻��8�� Directory Server�� /etc/kerb5/krb5.keytab �� ǥ�� Ŀ��ν� Ű ��; ��Ϸp� �մϴ�. �׷�� ; Directory Server ��ڰ� ��; �� ֵ�� Ȼ� '�� Ƿ� Directory Server�� d�� Ű ��; �� Դϴ�.

�� d�� Ű ��; ��ϵ�� Directory Server�� Ͻʽÿ�. �̴� �ڵ� �� 11-15�� ٿ� �� start-slapd ��ũ��Ʈ�� Ͽ� KRB5_KTNAME ȯ�� ϴ� ��8�� ֽ4ϴ�.

�ڵ� �� 11-15 �� d�� Ŀ��ν� Ű ��; ��ϵ�� Ʈ�� start-slapd ��ũ��Ʈ

#!/bin/sh

# Configure the server to use a custom Kerberos keytab.
KRB5_KTNAME=/data/ds52p2/slapd-directory/config/ldap.keytab
export KRB5_KTNAME

unset LD_LIBRARY_PATH

# Script that starts the ns-slapd server.
# Exit status can be:
# 0: Server started successfully
# 1: Server could not be started
# 2: Server was already started

NETSITE_ROOT=/data/ds52p2
export NETSITE_ROOT

{The remainder of this file has been omitted to conserve space}

��8��, �̷�� ǵ�� Directory Server�� ٽ� ��Ͻʽÿ�.

bash-2.05# cd /data/ds52p2/slapd-directory
bash-2.05# ./stop-slapd
bash-2.05# ./start-slapd
bash-2.05#

Directory Server ��ǻ�� - Directory Server�� ׽�Ʈ �� ߰�

Directory Server�� Ŀ��ν� ��ڸ� ��ϱ� '�ؼ�� ش� �� Ŀ��ν� ��ڿ� �ش��ϴ� ��ڿ� �� 丮 �׸�� ־�� մϴ�.

�� ܰ迡�� kerberos-test@EXAMPLE.COM ��ڰ� �ִ� Ŀ��ν� ��ͺ��̽�� ׽�Ʈ ��ڰ� �߰��Ǿ�4ϴ�. ��̵� �� 丮�� ߰��Ǿ�� ڿ� �ش��ϴ� ��丮 �׸񿡴� uid=kerberos-test,ou=People,
dc=example,dc=com�̶�� DN�� ־�� մϴ�.

�� = �� ִ� /data/ds52p2/shared/bin/testuser.ldif ��; �ۼ��Ͽ� ��丮�� ڸ� �߰��Ͻʽÿ�.

dn: uid=kerberos-test,ou=People,dc=example,dc=com
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: kerberos-test
givenName: Kerberos
sn: Test
cn: Kerberos Test
description: An account for testing Kerberos authentication through GSSAPI

bash-2.05# ./ldapmodify -D ’cn=Directory Manager’ -w dm-password -f
testuser.ldif
adding new entry uid=kerberos-test,ou=People,dc=example,dc=com
bash-2.05#

Directory Server ��ǻ�� - �׽�Ʈ ��ڷμ� Ŀ��ν� Ƽ�� ޱ�

Ŀ��ν� ��ͺ��̽�� Directory Server�� ׽�Ʈ ��ڰ� x��ϹǷ� KDC�� GSSAPI�� Ͽ� Ŀ��ν�� ڷμ� Directory Server�� ֽ4ϴ�.

��, �ڵ� �� 11-19�� ִ� �� kinit ��; ��Ͽ� �� ڿ� �� Ŀ��ν� Ƽ��; ��8�ʽÿ�.

bash-2.05# kinit kerberos-test
Password for kerberos-test@EXAMPLE.COM: test-password
bash-2.05#

�׷� ��= klist ��; ��Ͽ� �� Ƽ�Ͽ� �� d�� Ȯ��Ͻʽÿ�.

bash-2.05# klist
Ticket cache: /tmp/krb5cc_0
Default principal: kerberos-test@EXAMPLE.COM

Valid starting Expires Service principal
Sat Jul 24 00:24:15 2004 Sat Jul 24 08:24:15 2004 krbtgt/EXAMPLE.COM@EXAMPLE.COM
renew until Sat Jul 31 00:24:15 2004
bash-2.05#

Ŭ��̾�Ʈ ��ǻ�� - GSSAPI�� Directory Server ��

�� ܰ�μ�, GSSAPI�� Ͽ� Directory Server�� Ͻʽÿ�. Directory Server�� f�� ldapsearch /ƿ��Ƽ�� GSSAPI, DIGEST-MD5 �� EXTERNAL ��; ��Ͽ� SASL �� ; f��մϴ�. �׷�� ̸� '�ؼ�� Ŭ��̾�Ʈ�� SASL ��̺귯�� ΰ� f��Ǿ�� մϴ�. SASL_PATH ȯ�� Directory Server ��ġ ��Ʈ �Ʒ� lib/sasl ��丮�� d��8�ν� �� ۾�; �� ֽ4ϴ�.

bash-2.05# SASL_PATH=/data/ds52p2/lib/sasl
bash-2.05# export SASL_PATH
bash-2.05#

ldapsearch�� Ͽ� Directory Server�� Ŀ��ν� �� ; ��Ϸx� -o mech=GSSAPI �� -o authzid=principal �μ� ��ؾ� �մϴ�. ��= �� Ŀ��ν� �׽�Ʈ �� d8�� Ǵ� �� dc=example,dc=com �׸�; �˻��մϴ�.

bash-2.05# ./ldapsearch -h directory.example.com -p 389 -o mech=GSSAPI -o
authzid="kerberos-test@EXAMPLE.COM" -b "dc=example,dc=com" -s base
(objectClass=*)
version: 1
dn: dc=example,dc=com
dc: example
objectClass: top
objectClass: domain
bash-2.05#

Directory Server �׼�� α׸� �˻��Ͽ� �� ó��Ǿ�� Ȯ��Ͻ�
�ÿ�.

bash-2.05# tail -12 /data/ds52p2/slapd-directory/logs/access
[24/Jul/2004:00:30:47 -0500] conn=0 op=-1 msgId=-1 - fd=23 slot=23 LDAP connection from 1.1.1.8 to 1.1.1.8
[24/Jul/2004:00:30:47 -0500] conn=0 op=0 msgId=1 - BIND dn="" method=sasl version=3 mech=GSSAPI
[24/Jul/2004:00:30:47 -0500] conn=0 op=0 msgId=1 - RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress
[24/Jul/2004:00:30:47 -0500] conn=0 op=1 msgId=2 - BIND dn="" method=sasl version=3 mech=GSSAPI
[24/Jul/2004:00:30:47 -0500] conn=0 op=1 msgId=2 - RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress
[24/Jul/2004:00:30:47 -0500] conn=0 op=2 msgId=3 - BIND dn="" method=sasl version=3 mech=GSSAPI
[24/Jul/2004:00:30:47 -0500] conn=0 op=2 msgId=3 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=kerberos-test,ou=people,dc=example,dc=com"
[24/Jul/2004:00:30:47 -0500] conn=0 op=3 msgId=4 - SRCH base="dc=example,dc=com" scope=0 filter="(objectClass=*)" attrs=ALL
[24/Jul/2004:00:30:47 -0500] conn=0 op=3 msgId=4 - RESULT err=0 tag=101 nentries=1 etime=0
[24/Jul/2004:00:30:47 -0500] conn=0 op=4 msgId=5 - UNBIND
[24/Jul/2004:00:30:47 -0500] conn=0 op=4 msgId=-1 - closing - U1
[24/Jul/2004:00:30:48 -0500] conn=0 op=-1 msgId=-1 - closed.
bash-2.05#

�̷κ�� ε�� 3�ܰ� �wμ��μ�, ó= �� ܰ�� LDAP �� 14(ó�� SASL ��ε�)�� ȯ�ϰ� �� ° �ܰ�� ش� ��ε尡 ��8�� ó��Ǿ�=; ǥ��Ѵٴ� ��; Ȯ�� ֽ4ϴ�. method=sasl �� mech=GSSAPI �±״� �� ε尡 GSSAPI SASL ��; ��=; ��Ÿ��, �� ε� �4�� κп� �ִ� dn="uid=kerberos-test,ou=people,dc=example,dc=com": �� ڷμ� ��ε尡 ��Ǿ�=; ��Ÿ�4ϴ�.

�� =
Sun Java(TM) System Directory Server 5.2 2005Q1 �� ?

11�� ���� �� ��ȣȭ ��

Directory Server�� SSL �Ұ�

SSL Ȱ��ȭ �ܰ� ���

���� ���� ��� �� ��ġ

���� �����ͺ��̽� �ۼ�

�ܼ� ���

����� ���

���� ��û ��

�ܼ� ���

����� ���

���� ���� ��ġ

�ܼ� ���

����� ���

���� ��� Ʈ����Ʈ

�ܼ� ���

����� ���

SSL Ȱ��ȭ

��ȣȭ ��ȣ ����

Ŭ���̾�Ʈ ���� ���

Ŭ���̾�Ʈ ���� ����

DIGEST-MD5�� ���� SASL ����

DIGEST-MD5 ��� ����

DIGEST-MD5 ���̵� ����

GSSAPI�� ���� SASL ����(Solaris���� �ش�)

Ŀ��ν� �ý��� ����

GSSAPI ��� ����

GSSAPI ���̵� ����

���̵� ����

LDAP Ŭ���̾�Ʈ���� ����; ����ϵ��� ����

Ŭ���̾�Ʈ�� ���� ���� ����

Mozilla�� ���� Ŭ���̾�Ʈ ���� ��

�����; ���� Ŭ���̾�Ʈ ���� ��

���� ���� ���� SSL �ɼ� ��d

Ŭ���̾�Ʈ�� ���� ����� ���� ����

����� ���� ��� �� ��ġ

���� ����� Ŭ���̾�Ʈ ���� ���� SSL �ɼ� ��d

Ŭ���̾�Ʈ�� SASL DIGEST-MD5 ���

���� ��d

ȯ�� ���� ��d

ldapsearch ��� ��

Ŭ���̾�Ʈ�� Ŀ��ν� SASL GSSAPI ���

Ŭ���̾�Ʈ ȣ��Ʈ�� Kerberos V5 ����

Ŀ��ν� ���� ���� SASL �ɼ� ��d

SASL�� �ִ� GSSAPI�� ����Ͽ� Ŀ��ν� ���� ����: ���� ��

��d

��� ��ǻ�� - Ŀ��ν� Ŭ���̾�Ʈ ���� ���� ����

��� ��ǻ�� - Administration Server ACL ���� ���� ����

KDC ��ǻ�� - KDC ���� ���� ���� ����

KDC ��ǻ�� - KDC �����ͺ��̽� �����

KDC ��ǻ�� - �� ����� �� Ű �� �����

KDC ��ǻ�� - Ŀ��ν� ���� ����

KDC ��ǻ�� - KDC �� Directory Server ��ǻ�Ϳ� ���� ȣ��Ʈ ����� �߰�

KDC ��ǻ�� - Directory Server�� ���� LDAP ����� �߰�

KDC ��ǻ�� - KDC�� �׽�Ʈ ����� �߰�

Directory Server ��ǻ�� - Directory Server ��ġ

Directory Server ��ǻ�� - GSSAPI�� Ȱ��ȭ�ϵ��� Directory Server ����

Directory Server ��ǻ�� - Directory Server Ű �� �����

Directory Server ��ǻ�� - Directory Server�� �׽�Ʈ ����� �߰�

Directory Server ��ǻ�� - �׽�Ʈ ����ڷμ� Ŀ��ν� Ƽ�� �ޱ�

Ŭ���̾�Ʈ ��ǻ�� - GSSAPI�� ���� Directory Server ����

11��
�� ȣȭ ��

SSL Ȱ��ȭ �ܰ� ��

�� ġ

�� ͺ��̽� �ۼ�

�ܼ� ��

��

�� û ��

�ܼ� ��

��

�� ġ

�ܼ� ��

��

�� Ʈ��Ʈ

�ܼ� ��

��

��ȣȭ ��ȣ ��

Ŭ��̾�Ʈ ��

Ŭ��̾�Ʈ ��

DIGEST-MD5�� SASL ��

DIGEST-MD5 ��

DIGEST-MD5 ��̵� ��

GSSAPI�� SASL ��(Solaris�� ش�)

Ŀ��ν� �ý��

GSSAPI ��

GSSAPI ��̵� ��

��̵� ��

LDAP Ŭ��̾�Ʈ�� ; ��ϵ��

Ŭ��̾�Ʈ��

Mozilla�� Ŭ��̾�Ʈ ��

��; �� Ŭ��̾�Ʈ ��

�� SSL �ɼ� ��d

Ŭ��̾�Ʈ��

�� ġ

�� Ŭ��̾�Ʈ �� SSL �ɼ� ��d

Ŭ��̾�Ʈ�� SASL DIGEST-MD5 ��

�� d

ȯ�� d

ldapsearch ��

Ŭ��̾�Ʈ�� Ŀ��ν� SASL GSSAPI ��

Ŭ��̾�Ʈ ȣ��Ʈ�� Kerberos V5 ��

Ŀ��ν� �� SASL �ɼ� ��d

SASL�� ִ� GSSAPI�� Ͽ� Ŀ��ν� �� : ��

�� ǻ�� - Ŀ��ν� Ŭ��̾�Ʈ ��

�� ǻ�� - Administration Server ACL ��

KDC ��ǻ�� - KDC ��

KDC ��ǻ�� - KDC ��ͺ��̽� ��

KDC ��ǻ�� - �� Ű ��

KDC ��ǻ�� - Ŀ��ν� ��

KDC ��ǻ�� - KDC �� Directory Server ��ǻ�Ϳ� �� ȣ��Ʈ �� ߰�

KDC ��ǻ�� - Directory Server�� LDAP �� ߰�

KDC ��ǻ�� - KDC�� ׽�Ʈ �� ߰�

Directory Server ��ǻ�� - GSSAPI�� Ȱ��ȭ�ϵ�� Directory Server ��

Directory Server ��ǻ�� - Directory Server Ű ��

Directory Server ��ǻ�� - Directory Server�� ׽�Ʈ �� ߰�

Directory Server ��ǻ�� - �׽�Ʈ ��ڷμ� Ŀ��ν� Ƽ�� ޱ�

Ŭ��̾�Ʈ ��ǻ�� - GSSAPI�� Directory Server ��