<html>
+
<head>
- <title>About Network Identity Manager</title>
- <meta name="description" content="About NetIDMgr">
- <meta name="keywords" content="">
- <link rel="stylesheet" type="text/css" href="nidmgr.css">
+<title>About Network Identity Manager</title>
+<meta name="description" content="About NetIDMgr">
+<meta name="keywords" content>
+<link rel="stylesheet" type="text/css" href="nidmgr.css">
</head>
+
<body>
<h1>About Network Identity Manager</h1>
-
-<p>
-This is strictly an informative page about the origins of Network
-Identity Manager.
+<p>This is strictly an informative page about the origins of Network Identity Manager.
</p>
-
<h3>In the beginning</h3>
-
-<p>
-Network Identity Manager was conceived as an identity management
-solution to make up for the shortcomings of Leash32 (distributed with
-MIT Kerberos for Windows) and AFSCreds (distributed with OpenAFS).
-</p>
-
-<p>
-The work started as Unified Credentials Manager, a final project for
-the MIT course 6.831 : User Interface Design and Implementation,
-taught by <a href="http://people.csail.mit.edu/rcm/">Professor Rob
-Miller</a>. By the time actual code was written, it was named
-Khimaira (which was later changed to Network Identity Manager around
-October, 2005). Traces of the name Khimaira might still exist in the
-source code.
-</p>
-
-<p>
-Khimaira was presented at the <a
-href="http://www.pmw.org/afsbpw05/">AFS and Kerberos Best Practices
-Workshop 2005</a>. The slides can be found on the workshop website and <a
-href="http://web.mit.edu/asanka/www/misc.shtml">here</a>.
+<p>Network Identity Manager was conceived as an identity management solution to
+make up for the shortcomings of Leash32 (distributed with MIT Kerberos for Windows)
+and AFSCreds (distributed with OpenAFS). </p>
+<p>The work started as Unified Credentials Manager, a final project for the MIT
+course 6.831 : User Interface Design and Implementation, taught by
+<a href="http://people.csail.mit.edu/rcm/">Professor Rob Miller</a>. By the time
+actual code was written, it was named Khimaira (which was later changed to Network
+Identity Manager around October, 2005). Traces of the name Khimaira might still
+exist in the source code. </p>
+<p><a href="http://workshop.openafs.org/afsbpw05/talks/khimaira.html">Khimaira:
+A Unified Interface for AFS and Kerberos</a> was presented at the
+<a href="http://workshop.openafs.org/afsbpw05/">AFS and
+Kerberos Best Practices Workshop 2005</a>. </p>
+<p>A second talk,
+<a href="http://workshop.openafs.org/afsbpw06/talks/asanka.html">Developing
+plug-ins for Network Identity Manager</a>, was presented at
+<a href="http://workshop.openafs.org/afsbpw06/">AFS and Kerberos Best Practice
+Workshop 2006</a>.</p>
+<p>The development of Network Identity Manager has been financially supported
+(in alphabetical order) by <a href="http://www.fnal.gov/">Fermi National
+Accelerator Laboratory</a>,
+<a href="http://web.mit.edu">MIT</a> <a href="http://web.mit.edu/ist/">Information
+Services and Technology</a>, <a href="http://www.jpl.nasa.gov">NASA Jet Propulsion
+Laboratory</a>, <a href="http://www.secure-endpoints.com">Secure Endpoints Inc.</a>,
+and <a href="http://www.stanford.edu/">Stanford University</a>.
</p>
-
-<p>
-The work on Network Identity Manager was supported by <a
-href="http://web.mit.edu">MIT</a> <a
-href="http://web.mit.edu/ist/">Information Services and
-Technology</a>, <a href="http://www.jpl.nasa.gov">NASA Jet Propulsion Laboratory</a>,
-and <a href="http://www.secure-endpoints.com">Secure Endpoints Inc.</a>.
-</p>
-
<h3>Design</h3>
-
-<p>
-A plugin based architecture was chosen so that support for additional
-credential types and features could be added without making changes to
-the mainline code. In addition to making the application easily
-extensible, this also allows the AFS plugin to be maintained within
-the OpenAFS code base and separates the code supporting Kerberos 5 and
-Kerberos 4. Furthermore, it is anticipated that this would encourage
-third party developers to develop plugins for NetIDMgr.
-</p>
-
-<p>
-More information about the concepts used in the design of Network
-Identity Manager can be found <a href="concepts.htm">here</a>.
-</p>
+<p>A plug-in based architecture was chosen so that support for additional credential
+types and features could be added without making changes to the mainline code. In
+addition to making the application easily extensible, this also allows the AFS plug-in
+to be maintained within the OpenAFS code base and separates the code supporting
+Kerberos v5 and Kerberos v4 permitting Kerberos v4 to be easily removed from the
+Kerberos for Windows distribution. Furthermore, it is anticipated that this would encourage
+third party developers to develop plug-ins for Network Identity Manager.
+As of September 2007, a Kerberized Certificate Authority credential provider and
+a Grid credential provider are available from third parties.</p>
+<p>More information about the concepts used in the design of Network Identity Manager
+can be found <a href="concepts.htm">here</a>. </p>
</body>
-</html>
\ No newline at end of file
+
+</html>
</head>
<body>
-<h1>Network Identity Manager - New Credentials</h1>
+<h1>a Network Identity Manager - New Credentials</h1>
<p>The new credentials dialog can be invoked from the <a
href="menu_credential.htm">Credentials</a> menu, by typing <span
<img src="images/screen_new_creds_exp.png"
alt="Expanded new credentials window" />
-<p class="caption">Expanded view of the new credentials dialogg</p>
+<p class="caption">Expanded view of the new credentials dialog</p>
<p>
The expanded view provides access to additional options available for
<p>
One identity can be designated as the default identity. The default identity is the
-identity used by Kerberos v5 and GSS-API based applications which use the default
-Kerberos v5 credential cache and
-never request the use of a network identity by name.
+identity used by Kerberos v5 and GSS-API based applications which use the
+default Kerberos v5 credential cache and do not request the use of a network identity by name.
</p>
+<p>
+The following methods can be used to set an identity as the default identity:</p>
+<ol>
+ <li>In the NetIdMgr application window, select the desired identity and
+ choose the <i>Credentials->Set Default </i>menu item.</li>
+ <li>In the NetIdMgr application window, select the desired identity, click
+ the right mouse button, and choose the <i>Set as default</i> menu item.</li>
+ <li>Click the right mouse button on the NetIdMgr notification icon.
+ Choose the desired identity on the <i>Set Default</i> sub-menu.</li>
+</ol>
+<p> </p>
</body>
</html>
\ No newline at end of file
<td><font size="1">Signal the running instance of Network Identity
Manager to exit</font></td>
</tr>
+ <tr>
+ <td width="140"><font size="1">--show</font></td>
+ <td><font size="1">Open the Network Identity Manager application window of a running instance.</font></td>
+ </tr>
+ <tr>
+ <td width="140"><font size="1">--hide</font></td>
+ <td><font size="1">Hide the Network Identity Manager application window of a running instance.</font></td>
+ </tr>
+ <tr>
+ <td width="140"><font size="1">--minimize</font></td>
+ <td><font size="1">Open the Network Identity Manager application window in minimized mode.</font></td>
+ </tr>
</table>
</body>
<html>
+
<head>
- <title>Network Identity Manager Concepts: Identity</title>
- <meta name="description" content="NetIDMgr Concepts: Identity">
- <meta name="keywords" content="identity,concepts">
- <link rel="stylesheet" type="text/css" href="nidmgr.css">
+<title>Network Identity Manager Concepts: Identity</title>
+<meta name="description" content="NetIDMgr Concepts: Identity">
+<meta name="keywords" content="identity,concepts">
+<link rel="stylesheet" type="text/css" href="nidmgr.css">
</head>
+
<body>
<h1>Network Identity Manager Concepts: Identity</h1>
-
-<p>While there are many approaches to defining what an identity is, as
-far as the Network Identity Manager (NetIDMgr) is considered, an identity is the unique
-user identifier that is accepted by a network service. Each credential
-that is managed by NetIDMgr is assumed to map to a single identity.
-The collection of credentials that map to a single identity is
-considered to belong to that identity.
-</p>
-
-<p>
-</p>
-
-<a name="default_identity" />
+<p>While there are many approaches to defining what an identity is, as far as the
+Network Identity Manager (NetIDMgr) is concerned, an identity is the unique user
+identifier that is accepted by a network service. Each credential that is managed
+by NetIDMgr is assumed to map to a single identity. The collection of credentials
+that map to a single identity is considered to belong to that identity. </p>
+<p></p>
+<a name="default_identity"></a>
<h3>Default Identity</h3>
+<p>The default identity is the identity that will be used by applications when a
+specific identity is not requested. The Kerberos v5 plug-in will mark the
+credential cache that contains the default identity as the default credentials cache
+for the current logon session.</p>
+<p>Most applications that implement GSS-API or Kerberos v5 authentication assume
+that there is only one Kerberos v5 credential cache and one identity in use by
+the user at a time. These applications use the default identity. In
+general, if the application does not have a configuration option permitting the
+specification of a Kerberos v5 principal, the default identity will be used.</p>
+<p> </p>
+
-<p>The default identity is the identity that will be used by
-applications when a specific identity has not been requested.
-The Kerberos v5 plug-in will mark the credential cache that
-contains the default identity as the default credentials
-cache for the current logon session.
-</p>
</body>
-</html>
\ No newline at end of file
+
+</html>
<li><a href="act_new_creds.htm">Get new credentials</a></li>
- <li><a href="act_destroy_creds.htm">Destroy credentials</a></li>
+ <li><a href="act_renew_creds.htm">Renew credentials</a></li>
<li><a href="act_import_creds.htm">Import credentials from the MSLSA
cache</a></li>
- <li><a href="act_renew_creds.htm">Renew credentials</a></li>
+ <li><a href="act_destroy_creds.htm">Destroy credentials</a></li>
<li><a href="act_chpw.htm">Change password</a></li>
+ <li><a href="act_set_default.htm">Setting the default identity</a></li>
</ul>
<h3>Credentials view</h3>
<ul>
- <li><a href="use_layout.htm">Managing the credentials view layout</a></li>
+ <li><a href="use_layout.htm">Managing the advanced credentials view layout</a></li>
</ul>
<h1>Network Identity Manager - View Menu</h1>
<p>
-Click an item on the menu to go to the description of the action, or
-choose from the list below. You can activate the by pressing <span
-class="pre">Alt + V</span> and you can activate each action by
-pressing the highlited character.
+Click an item on the menu to go to the description of the action, or choose from
+the list below. You can activate the View Menu by pressing <span
+class="pre">Alt + V</span> and you can activate each action by pressing the
+highlighted character.
</p>
<p>
customizable list of all discovered credentials.
</li>
+<li><a name="all_ids"></a> <span class="title">All identities</span>: Toggles
+the inclusion of all configured identities in the NetIdMgr identity lists.
+If all identities is unchecked, only the default identity, pinned identities,
+and identities with credentials are included in the NetIdMgr identity lists.</li>
+
<li><a name="choosecol"></a> <span class="title">View columns</span>:
<i>Only available in Advanced mode.</i>
where the credentials are grouped by the location where they are
stored in. For Kerberos 5, the location is the name of the
credentials cache in which the tickets are stored, and for AFS,
- the locati
no is always the cache manager. Individual <a
+ the locati
on is always the cache manager. Individual <a
href="concept_cred_pro.htm">credential providers</a> choose the
interpretation of the <span class="pre">location</span> property
as the concept of location changes from type to type.</li>
than 1/4 of its original lifetime left) and so on. </p>
</li>
<li>
- <p><span class="title">Plugins</span>: Enable/disable and check the status of
+ <p><span class="title">Plug-ins</span>: Enable/disable and check the status of
registered plug-ins. Enabling or disabling a plug-in only takes effect after
a restart of NetIDMgr.</p>
</li>
<ul>
<li><a href="act_new_creds.htm">Obtaining new credentials</a></li>
- <li><a href="act_destroy_creds.htm">Destroying credentials</a></li>
+ <li><a href="act_renew_creds.htm">Renew credentials</a></li>
<li><a href="act_import_creds.htm">Import credentials from the Microsoft Logon
Session cache</a></li>
- <li><a href="act_renew_creds.htm">Renew credentials</a></li>
- <li><a href="act_chpw.htm">Change password</a></li>
+ <li><a href="act_destroy_creds.htm">Destroying credentials</a></li>
+ <li><a href="act_set_default.htm">Setting the Default Identity</a></li>
+ <li><a href="act_chpw.htm">Change password</a></li>
</ul>
<div class="sidebar">
<ul>
<li><a href="act_new_creds.htm">Obtaining new credentials</a></li>
- <li><a href="act_destroy_creds.htm">Destroying credentials</a></li>
+ <li><a href="act_renew_creds.htm">Renew credentials</a></li>
<li><a href="act_import_creds.htm">Import credentials from the Microsoft Logon
Session cache</a></li>
- <li><a href="act_renew_creds.htm">Renew credentials</a></li>
+ <li><a href="act_destroy_creds.htm">Destroying credentials</a></li>
<li><a href="act_chpw.htm">Change password</a></li>
+ <li><a href="act_set_default.htm">Setting the default identity</a></li>
<li><a href="use_layout.htm">Customizing the advanced credentials view layout</a></li>
<li><a href="use_config.htm">Configuring Network Identity Manager</a></li>
- <li><a href="tb_standard.htm">Using the Toobar</a></li>
+ <li><a href="tb_standard.htm">Using the Toolbar</a></li>
</ul>
<p>
network identity is a unique Kerberos principal name and the credentials
are Kerberos v5 tickets. Kerberos v5 tickets can be used by NetIDMgr to
obtain Andrew File System (AFS) tokens and X.509 public key certificates if the
-appropriate plug-ins are available.</p>
+appropriate plug-ins are installed.</p>
<p>When you log into Microsoft Windows with a domain account,
your account name and the Windows Domain name when combined form a Kerberos
principal name. As an example, \93WINDOWS\jaltman\94 is actually a short form
<h3>Getting started</h3>
<ul>
-<li><a href="concepts.htm">NetIDMgr concepts</a></li>
-<li><a href="using.htm">Using NetIDMgr</a></li>
+<li><a href="concepts.htm">Network Identity Manager concepts</a></li>
+<li><a href="using.htm">Using Network Identity Manager</a></li>
<li><a href="howdoi.htm">How do I ...</a></li>
<li><a href="menu_all.htm">All Menus</a></li>
</ul>
<html>
-<head>
- <title>Network Identity Manager - Application Window</title>
- <meta name="description" content="Main Window">
- <meta name="keywords" content="main window">
- <link rel="stylesheet" type="text/css" href="nidmgr.css">
-
-<Object type="application/x-oleobject" classid="clsid:1e2a7bd0-dab9-11d0-b93a-00c04fc99f9e">
- <param name="Keyword" value="Application Window Basic View">
- <param name="Keyword" value="Application Windows Advanced View">
- <param name="Keyword" value="Identity Views">
-</OBJECT>
+<head>
+<title>Network Identity Manager - Application Window</title>
+<meta name="description" content="Main Window">
+<meta name="keywords" content="main window">
+<link rel="stylesheet" type="text/css" href="nidmgr.css">
+<object type="application/x-oleobject" classid="clsid:1e2a7bd0-dab9-11d0-b93a-00c04fc99f9e">
+<param name="Keyword" value="Application Window Basic View">
+<param name="Keyword" value="Application Windows Advanced View">
+<param name="Keyword" value="Identity Views">
+</object>
+<style>
+v\:* { behavior: url(#default#VML) }
+o\:* { behavior: url(#default#VML) }
+</style>
+<!--[if gte mso 9]><xml><o:shapedefaults v:ext="edit" spidmax="1027"/>
+
+</xml><![endif]-->
</head>
+
<body>
<h1>Network Identity Manager - Application Window</h1>
-
-<p>The application window of Network Identity Manager can be displayed in two modes: <b>basic</b> and <b>advanced</b>.</p>
-
-<p>The basic view provides status information of the currently available identities whereas the advanced
-view provides more detailed information of all the active credentials.</p>
-
+<p>The application window of Network Identity Manager can be displayed in two modes:
+<b>basic</b> and <b>advanced</b>.</p>
+<p>The basic view provides status information of the currently available identities
+whereas the advanced view provides more detailed information of all the active credentials.</p>
<div>
-<img src="images/screen_main_wnd_basic.png"/>
+<img src="images/screen_main_wnd_basic.png" />
<p class="caption">Figure 1. Network Identity Manager Basic View</p>
</div>
-
<div>
-
-<img src="images/screen_main_wnd.png"/>
-<p class="caption">Figure 2. Network Identity Manager Advanced View</p>
+<img src="images/screen_main_wnd.png" />
+<p class="caption">Figure 2. Network Identity Manager Advanced View</p>
</div>
-
<ol>
- <li>Menu bar</li>
- <li>Tool bar</li>
- <li>Credentials list</li>
-
+<li>Menu bar</li>
+<li>Tool bar</li>
+<li>Credentials list</li>
</ol>
-
<h3>Identity views</h3>
-
-<p>
-The default credentials view organizes them grouped by identity name
-and then by credential type. Each credential is then shown under each
-group heading sorted by the credential name. The default headings for
-the credential view provides you with a minimal amount of information
-to reduce clutter. If you wish you can add columns to the display
-using the <span class="pre">Choose columns...</span> action on the
-<span class="pre"><a href="menu_view.htm">View</a></span> menu.
-</p>
-
-<p>
-The header backgrounds and the credential rows change color if the
-credentials are about to expire or are expired.
-
-<ul>
-
-<li> <span style="background-color:#fbc74d">Headers</span> mean that
-credentials at that level will expire unless renewed. Credentials
-will have a warning icon next to them.<br/>
-
-The threshold for this can be set as the <span class="pre">Warn</span>
-parameter in the <span class="pre">Notifications</span> configuration
-panel.</li>
-
-<li> <span style="background-color:#f08575">Headers</span> mean that
-credentials at that level will expire in a few minutes. Credentials
-will have a critical icon next to them.<br/>
-
-The threshold for this can be set as the <span class="pre">Warn
-again</span> parameter in the <span class="pre">Notifications</span>
-configuration panel. </li>
-
-<li> <span style="background-color:#ff9090">Headers</span> mean that
-the credentials at that level have expired. Credentials will have an
-expired icon next to them.<br/>
-
-The threshold for this is always zero.
+<p>The advanced credentials view organizes them grouped by identity name and then
+by credential type. Each credential is then shown under each group heading sorted
+by the credential name. The default headings for the credential view provides you
+with a minimal amount of information to reduce clutter. If you wish you can add
+columns to the display using the <span class="pre">Choose columns...</span> action
+on the <span class="pre"><a href="menu_view.htm">View</a></span> menu. </p>
+<p>The header backgrounds and the credential rows change color if the credentials
+are about to expire or are expired. </p>
+<ul>
+<li><span style="background-color:#fbc74d">Headers</span> mean that credentials
+at that level will expire unless renewed. Credentials will have a warning icon
+next to them.<br />
+The threshold for this can be set as the <span class="pre">Warn</span> parameter
+in the <span class="pre">Notifications</span> configuration panel.</li>
+<li><span style="background-color:#f08575">Headers</span> mean that credentials
+at that level will expire in a few minutes. Credentials will have a critical
+icon next to them.<br />
+The threshold for this can be set as the <span class="pre">Warn again</span>
+parameter in the <span class="pre">Notifications</span> configuration panel.
</li>
-
-</ul>
-</p>
+<li><span style="background-color:#ff9090">Headers</span> mean that the credentials
+at that level have expired. Credentials will have an expired icon next to them.<br />
+The threshold for this is always zero. </li>
+</ul>
+<p class="MsoNormal">In its default configuration, the NetIdMgr advanced view displays
+a list of network identity names (aka Kerberos principals, user@REALM). Each
+entry appears with a
+<img border="0" width="16" height="15" src="images\wdg_collapsed_hi.bmp">
+or <img border="0" width="16" height="15" src="images\wdg_expanded_hi.bmp">
+button, a pushpin <img border="0" width="16" height="15" src="images\wdg_stuck_hi.bmp">
+or <img border="0" width="16" height="15" src="images\wdg_stick_hi.bmp">
+button and an Identity icon <img border="0" width="16" height="15" src="images\id-sm.bmp">
+to its left. </p>
+<p class="MsoNormal">Click on the
+<img border="0" width="16" height="15" src="images\wdg_collapsed_hi.bmp">
+button of an identity to expand the branch, displaying a <img border="0" width="16" height="15" src="images\wdg_expanded_hi.bmp">
+
+button. Click on the <img border="0" width="16" height="15" src="images\wdg_expanded_hi.bmp">
+button to hide the branch.</p>
+<p class="MsoNormal">Click on the pushpin <img border="0" width="16" height="15" src="images\wdg_stuck_hi.bmp">
+or <img border="0" width="16" height="15" src="images\wdg_stick_hi.bmp">
+button to pin the identity to the display. A pinned identity will be
+displayed in the identity list regardless of whether or not it has matching
+credentials.</p>
+<p class="MsoNormal">Click on the Identity icon <img border="0" width="16" height="15" src="images\id-sm.bmp">
+to view the identity's properties dialog.</p>
+<p class="MsoNormal">To the right of each credential is a flag icon representing
+one of the following states: </p>
+<p class="MsoNormal">
+None = credentials are valid</p>
+<p class="MsoNormal">
+<img border="0" width="16" height="15" src="images\flag_renewable.bmp">
+
+= credentials are valid and renewable</p>
+<p class="MsoNormal" style="text-indent:36.0pt"><img border="0" width="16" height="15" src="images\flag-warning.bmp">
+
+= credentials are valid and the initial expiration warning has been issued </p>
+<p class="MsoNormal" style="text-indent:36.0pt">
+<img border="0" width="16" height="15" src="images\flag-critical.bmp">
+
+= credentials are valid and the final expiration warning has been issued</p>
+<p class="MsoNormal" style="text-indent:36.0pt">
+<img border="0" width="16" height="15" src="images\flag_expired.bmp">
+
+= credentials are invalid or expired</p>
+<p class="MsoNormal"> </p>
+<p> </p>
+<p></p>
</body>
-</html>
\ No newline at end of file
+
+</html>
projects / krb5.git / commitdiff
