From: Jeffrey Altman Date: Thu, 12 Apr 2007 05:32:20 +0000 (+0000) Subject: NIM 1.2 HtmlHelp User Documentation X-Git-Tag: krb5-1.7-alpha1~1166 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=e78b9c41a98f691a5dc9564608f598e3df1b296b;p=krb5.git NIM 1.2 HtmlHelp User Documentation Update all text for NIM 1.2. Update most screen images. Convert all images to PNG format from BMP in order to reduce the size of the files. Ensure that all pages are accessible via a path beginning at the welcome.htm page. ticket: new component: windows tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19428 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/windows/identity/help/Makefile b/src/windows/identity/help/Makefile index 2cfe823a8..8cb7f71a6 100644 --- a/src/windows/identity/help/Makefile +++ b/src/windows/identity/help/Makefile @@ -36,4 +36,4 @@ $(CHMFILE): netidmgr.hhp $(CP) netidmgr.chm $(CHMFILE) clean:: - if exist '..\obj' $(RM) $(INCFILES) \ No newline at end of file + if exist '..\obj' $(RM) $(INCFILES) diff --git a/src/windows/identity/help/html/act_chpw.htm b/src/windows/identity/help/html/act_chpw.htm index 40f97054a..ce977d267 100644 --- a/src/windows/identity/help/html/act_chpw.htm +++ b/src/windows/identity/help/html/act_chpw.htm @@ -1,21 +1,22 @@ - Change Password + Network Identity Manager - Change Password -

Change Password

Network Identity Manager - Change Password

The change password dialog can be invoked from the Credentials menu. This is used to change the password for the primary credentials provider (currently -Kerberos 5). +Kerberos v5).

For the default identity provider (Kerberos 5), there are two input +

For the default identity provider (Kerberos v5), there are two input boxes to specify the identity for which the password is to be changed. The identity uniquely maps to the Kerberos principal of the same name. Then the current password must be entered along with the new password @@ -23,7 +24,7 @@ twice.

Note that currently, when the password for an identity is being -changed, only the associated Kerberos 5 password is changed. +changed, only the associated Kerberos v5 password is changed.

diff --git a/src/windows/identity/help/html/act_destroy_creds.htm b/src/windows/identity/help/html/act_destroy_creds.htm index ff24561e8..9d9ce3e61 100644 --- a/src/windows/identity/help/html/act_destroy_creds.htm +++ b/src/windows/identity/help/html/act_destroy_creds.htm @@ -1,17 +1,16 @@ - Destroy Credentials + Network Identity Manager - Destroy Credentials -

Destroy Credentials

Network Identity Manager - Destroy Credentials

This action will attempt to destroy the credentials that are -currently selected in the credentials window. How the credentials are -destroyed is up to each credentials provider. +currently selected in the credentials window.

In some cases, you may need to select all the credentials of a diff --git a/src/windows/identity/help/html/act_import_creds.htm b/src/windows/identity/help/html/act_import_creds.htm index 550bb39e2..2ccd01a45 100644 --- a/src/windows/identity/help/html/act_import_creds.htm +++ b/src/windows/identity/help/html/act_import_creds.htm @@ -1,26 +1,25 @@ - Import Credentials + Network Identity Manager - Import Credentials -

Import Credentials

Network Identity Manager - Import Credentials

Allows you to import credentials from the Windows LSA credentials -cache into any of the caches under the control of any credentials -provider. Currently, the only credentials provider that supports -importing is Kerberos 5. +

Allows you to import credentials from the Microsoft Windows LSA credentials +cache. Currently, the only credentials provider that supports +importing is Kerberos v5.

This action can be invoked via the Credentials menu or by pressing Ctrl + I. In addition, the Kerberos 5 +class="pre">Ctrl + I. In addition, the Kerberos v5 configuration pane accessible via the Options menu provides an options that -control how the importing of credentials happen. +href="menu_options.htm">Options menu contain settings that +control when the importing of credentials are performed at startup.

diff --git a/src/windows/identity/help/html/act_new_creds.htm b/src/windows/identity/help/html/act_new_creds.htm index f2769e08e..632408874 100644 --- a/src/windows/identity/help/html/act_new_creds.htm +++ b/src/windows/identity/help/html/act_new_creds.htm @@ -1,13 +1,13 @@ - New Credentials + Network Identity Manager - New Credentials -

New Credentials

Network Identity Manager - New Credentials

The new credentials dialog can be invoked from the Credentials menu, by typing

- New credentials dialog +

New credentials dialog with a valid identity -selected.

Note that the above screenshot is -from an instance of NetIDMgr with Kerberos 5, Kerberos 4 and OpenAFS -plugins with a Kerberos 5 identity manager. Actual display may be -different depending on the plugins that are active.

+selected.

If the Kerberos 5 identity provider is used, the dialog will ask +

If the Kerberos v5 identity provider is used, the dialog will ask for a username and a realm to determine the identity for which new credentials will be obtained for. Depending on the selected identity, you may be required to provide a password or other form of @@ -36,31 +33,35 @@ authentication for new credentials to be obtained.

Below the prompts is the credentials summary window. This window -provides an overview of the credentals that will be obtained when the +provides an overview of the credentials that will be obtained when the dialog is completed.

Expanded view

If you click any of the credentials type hyperlinks in the -credentials summary window or select the Options ->> button, the dialog will switch to the exanded view. +credentials summary window or select the >> button, the dialog will switch to the expanded view. An example of this is shown below:

- Expanded new credentials window -

Expanded view of the new credetials dialog

Expanded view of the new credentials dialogg

The expanded view provides access to additional options available for -each credential provider. For example, the Kerberos 5 credentials +each credential provider. For example, the Kerberos v5 credentials provider allows you to set the lifetime of the obtained Kerberos ticket as well as ticket flags such as renewable or forwardable.

+Note that the above screenshot is +from an instance of NetIDMgr with Kerberos v5, Kerberos v4, OpenAFS and +Kerberized Certificate Authority providers with a Kerberos v5 identity provider. Actual display may be +different depending on the providers that are active.

Credentials summary window

@@ -76,22 +77,21 @@ window will display a message describing the problem. For example:

- Credentials summary window showing an invalid identity +

The above is an example of what you would see if the provided identity -is invalid. Once the identity provider (in this case, Kerberos 5) +is invalid. Once the identity provider (in this case, Kerberos v5) indicates that the identity is invalid, it will be displayed as above along with a brief description of why the identity was found to be -invalid. Here, the Kerberos 5 identity provider is reporting that the +invalid. Here, the Kerberos v5 identity provider is reporting that the specified principal does not exist in the Kerberos database.

Additional notes

-The new credentials dialog can be invoked from the command line using +

The new credentials dialog can be invoked from the command line using the -i or --kinit command line option. Additionally, if you specify the -a or --autoinit @@ -100,10 +100,9 @@ there are no credentials available.

-Setting the Prompt for new credentials if there -aren't any at startup option is set in the General configuration panel, then the behavior is -similar to the --autoinit option. +Setting the Obtain new credentials at startup (if none are present) option in the General configuration panel causes NetIDMgr to behave as if +the --autoinit option is specified at each execution.

diff --git a/src/windows/identity/help/html/act_renew_creds.htm b/src/windows/identity/help/html/act_renew_creds.htm index 0bd196ad5..7e8a6637c 100644 --- a/src/windows/identity/help/html/act_renew_creds.htm +++ b/src/windows/identity/help/html/act_renew_creds.htm @@ -1,32 +1,31 @@ - Renew Credentials + Network Identity Manager - Renew Credentials -

Renew Credentials

Network Identity Manager - Renew Credentials

The renew credentials action can be invoked via the Credential menu or by pressing Ctrl + -R. Additionally, if Monitor credentials +R. Additionally, if the Monitor credential expiration option is enabled for all identities or for a specific identity, then those credentials will be automatically -renewed before they expire.

+renewed whenever possible before they expire.

An identity must be selected before invoking the renew credentials action.

Not all credentials can be renewed. The actual logic of renewing -the credentials is up to each credentials provider. In general -NetIDMgr will invoke each credentials provider to renew their -respective credentials. For Kerberos 5, if the initial ticket is +the credentials is up to each credentials provider. In general, NetIDMgr will invoke each credentials provider to renew their +respective credentials. For Kerberos v5, if the initial ticket is renewable and not expired, then it will obtain a renewed initial -ticket. For Kerberos 4, once a renewed Kerberos 5 initial ticket is +ticket. For Kerberos v4, once a renewed Kerberos v5 initial ticket is obtained, it will try to use a Krb524 translator to obtain a new -Kerberos 4 initial ticket.

+Kerberos v4 initial ticket.

\ No newline at end of file diff --git a/src/windows/identity/help/html/act_set_default.htm b/src/windows/identity/help/html/act_set_default.htm index 382b3c1ce..6dccd235c 100644 --- a/src/windows/identity/help/html/act_set_default.htm +++ b/src/windows/identity/help/html/act_set_default.htm @@ -1,15 +1,19 @@ - Set As Default Identity + Network Identity Manager - Set As Default Identity -

Set As Default Identity

Network Identity Manager - Set As Default Identity

+One identity can be designated as the default identity. The default identity is the +identity used by Kerberos v5 and GSS-API based applications which use the default +Kerberos v5 credential cache and +never request the use of a network identity by name.

diff --git a/src/windows/identity/help/html/bugs.htm b/src/windows/identity/help/html/bugs.htm index fcc563c9a..f934dffd2 100644 --- a/src/windows/identity/help/html/bugs.htm +++ b/src/windows/identity/help/html/bugs.htm @@ -1,22 +1,21 @@ - Reporting Bugs + Network Identity Manager - Reporting Bugs -

Reporting Bugs

Network Identity Manager - Reporting Bugs

If you encounter a bug in the software, please email -kfw-bugs@MIT.EDU -and report it. Please include as much information as possible to -enable us to reproduce the problem. +

If you encounter a bug in the software, please send a bug report via e-mail to +kfw-bugs@MIT.EDU. +Please include as much information as possible to assist us in reproducing the problem.

kerberos@MIT.EDU -is a mailing list set up for discussing Kerberos issues. It is +is a mailing list set up for discussing end user Kerberos issues. It is gatewayed to the Usenet newsgroup 'comp.protocols.kerberos'. If you prefer to read it via mail, send a subscription request to kerberos-request@MIT.EDU diff --git a/src/windows/identity/help/html/cmdline_netidmgr.htm b/src/windows/identity/help/html/cmdline_netidmgr.htm new file mode 100644 index 000000000..f77c47598 --- /dev/null +++ b/src/windows/identity/help/html/cmdline_netidmgr.htm @@ -0,0 +1,38 @@ + + + Network Identity Manager Command Line Options + + + + + + +

Network Identity Manager Command Line Options

Command line options for Network Identity Manager are:

+ + + + + + + + + + + + + + + + + + + + + +

-a or --autoinit	Automatic Initialization of Credentials
-i or --kinit	Obtain New Credentials and then exit
-d or --destroy	Destroy Credentials belonging to the default identity + and then exit
-r or --renew	Renew all Credentials and then exit
-x or --exit	Signal the running instance of Network Identity + Manager to exit

+ + + \ No newline at end of file diff --git a/src/windows/identity/help/html/concept_cred_pro.htm b/src/windows/identity/help/html/concept_cred_pro.htm index 37fec760c..db936aa00 100644 --- a/src/windows/identity/help/html/concept_cred_pro.htm +++ b/src/windows/identity/help/html/concept_cred_pro.htm @@ -1,16 +1,38 @@ - NetIDMgr Concepts: Credentials Provider + Network Identity Manager Concepts: Credentials Provider -

NetIDMgr Concepts: Credentials Provider

Network Identity Manager Concepts: Credentials Provider

+Network Identity Manager relies on plug-ins to provide the majority +of its functionality. A credentials provider is a plug-in +that manages one or more types of credentials. The responsibilities +of a credential provider are:

to maintain the list of credentials and their properties for the supported type
to monitor credential expiration
to provide the logic necessary to obtain additional credentials once the + identity provider has obtained the + initial credential
to provide the user interface panels necessary to permit the user to + configure the credential provider

+ + +

MIT Kerberos for Windows ships with two Network Identity Manager credential +providers supporting Kerberos v5 and Kerberos v4. Credential providers for +the Andrew File System and the Kerberized Certificate Authority are available +separately.

+ \ No newline at end of file diff --git a/src/windows/identity/help/html/concept_credential.htm b/src/windows/identity/help/html/concept_credential.htm new file mode 100644 index 000000000..eca302ef3 --- /dev/null +++ b/src/windows/identity/help/html/concept_credential.htm @@ -0,0 +1,31 @@ + + + Network Identity Manager Concepts: Credential + + + + + + +

Network Identity Manager Concepts: Credential

+ +

+In Network Identity Manager, a credential is any digital object that can +be used by a network authentication protocol to assert a specific +identity.

+As of this writing, Network Identity Manager supports four different types of +credentials:

Kerberos v5 tickets
Kerberos v4 tickets
AFS tokens
X.509 certificates issued by a Kerberized Certificate Authority

Of these, only Kerberos v5 initial ticket granting tickets can be used as an +identity provider credential.

+ + + + \ No newline at end of file diff --git a/src/windows/identity/help/html/concept_ident_pro.htm b/src/windows/identity/help/html/concept_ident_pro.htm index 5c4601c06..d17c23b94 100644 --- a/src/windows/identity/help/html/concept_ident_pro.htm +++ b/src/windows/identity/help/html/concept_ident_pro.htm @@ -1,16 +1,32 @@ - NetIDMgr Concepts: Identity Provider + Network Identity Manager Concepts: Identity Provider -

NetIDMgr Concepts: Identity Provider

Network Identity Manager Concepts: Identity Provider

+Network Identity Manager relies on plug-ins to provide the majority +of its functionality. One of the requirements is that there be at +least one plug-in that is registered as an identity provider. The identity +provider:

+ +

defines the identity
provides the engine that drives the Obtain New Credentials dialog
performs the initial authentication which results in a network credential that + can be used in conjunction with subsequent credential providers

+ +

Naturally, the identity provider plug-in that is distributed with MIT Kerberos for Windows +is Kerberos v5 based and obtains Kerberos v5 ticket granting tickets as the network credential +that represents the identity.

\ No newline at end of file diff --git a/src/windows/identity/help/html/concept_identity.htm b/src/windows/identity/help/html/concept_identity.htm index ae2dda074..434067916 100644 --- a/src/windows/identity/help/html/concept_identity.htm +++ b/src/windows/identity/help/html/concept_identity.htm @@ -1,18 +1,18 @@ - NetIDMgr Concepts: Identity + Network Identity Manager Concepts: Identity -

NetIDMgr Concepts: Identity

Network Identity Manager Concepts: Identity

While there are many approaches to defining what an identity is, as -far as the NetIDMgr framework is considered, an identity is the unique -security principal that is identified by a service. Each credential -that is managed by NetIDMgr is assumed to map to a unique identity. +far as the Network Identity Manager (NetIDMgr) is considered, an identity is the unique +user identifier that is accepted by a network service. Each credential +that is managed by NetIDMgr is assumed to map to a single identity. The collection of credentials that map to a single identity is considered to belong to that identity.

@@ -23,16 +23,11 @@ considered to belong to that identity.

Default Identity

The default identity is the identity that will be picked up by -other applications as being the default. For example, an application -that uses Kerberos 5 can use the credentials found in the default -Kerberos 5 credentials cache. Therefore, the Kerberos 5 plug-in -considers the principal that corresponds to the default credentials -cache as being the default identity. +

The default identity is the identity that will be used by +applications when a specific identity has not been requested. +The Kerberos v5 plug-in will mark the credential cache that +contains the default identity as the default credentials +cache for the current logon session.

- -

- \ No newline at end of file diff --git a/src/windows/identity/help/html/concepts.htm b/src/windows/identity/help/html/concepts.htm index 003187205..2ce38e97f 100644 --- a/src/windows/identity/help/html/concepts.htm +++ b/src/windows/identity/help/html/concepts.htm @@ -1,32 +1,31 @@ - NetIDMgr Concepts + Network Identity Manager Concepts -

NetIDMgr Concepts

Network Identity Manager Concepts

The Network Identity manager organizes and manages your credentials -based on how they identify you to external services which use those -credentials for authentication. To this end, it is assumed that each -credential will uniquely identify the user to a service as a single -principal or identity. For -Kerberos, the identity is conceptually the same as the principal. +

The Network Identity Manager (NetIDMgr) organizes and manages credentials +based on how they identify the user to network services. To this end, it is assumed that each +credential will uniquely identify the user to a service as a single +identity. When using Kerberos v5 the +identity is the Kerberos principal name.

At it's core, NetIDMgr does not possess any knowlege about specific -credentials that might be available for the user or how to manage -them. It relies on several types of plugins to provide the +

At it's core, NetIDMgr does not possess any knowledge about specific +credentials that might be available to the user or how to manage +them. It relies on several types of plug-ins to provide the information it needs, and to carry out credentials management tasks. One primary task is to identify and manage identities. These services -are provided by a plugin called the identity provider. Information about individual credentials are provided by credentials providers. Other plugins -may extend the functionaility of these plugins or provide additional +href="concept_cred_pro.htm">credential providers. Other plug-ins +may extend the functionality of these plug-ins or provide additional functionality for NetIDMgr.

@@ -41,7 +40,9 @@ functionality for NetIDMgr.

Identity Provider

Credentials Provider

+ +

Credential

- + \ No newline at end of file diff --git a/src/windows/identity/help/html/copyright.htm b/src/windows/identity/help/html/copyright.htm index b98a1569a..b62753d7a 100644 --- a/src/windows/identity/help/html/copyright.htm +++ b/src/windows/identity/help/html/copyright.htm @@ -1,13 +1,13 @@ - License + Network Identity Manager - License -

Network Identity Manager License

Network Identity Manager - License

This software is being provided to you, the LICENSEE, by the Massachusetts Institute of Technology (M.I.T) under the following @@ -23,7 +23,7 @@ the same appear on ALL copies of the software and documentation, including modifications that you make for internal use or for distribution:

THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS diff --git a/src/windows/identity/help/html/howdoi.htm b/src/windows/identity/help/html/howdoi.htm index 7a380c8d2..9826ac20a 100644 --- a/src/windows/identity/help/html/howdoi.htm +++ b/src/windows/identity/help/html/howdoi.htm @@ -1,18 +1,18 @@ - How do I ... + Network Identity Manager - How do I ... -

How do I ...

Network Identity Manager - How do I ...

Startup

diff --git a/src/windows/identity/help/html/images/appicon_empty.bmp b/src/windows/identity/help/html/images/appicon_empty.bmp deleted file mode 100644 index 6938c8e61..000000000 Binary files a/src/windows/identity/help/html/images/appicon_empty.bmp and /dev/null differ diff --git a/src/windows/identity/help/html/images/appicon_empty.png b/src/windows/identity/help/html/images/appicon_empty.png new file mode 100644 index 000000000..1f509071d Binary files /dev/null and b/src/windows/identity/help/html/images/appicon_empty.png differ diff --git a/src/windows/identity/help/html/images/appicon_expired.bmp b/src/windows/identity/help/html/images/appicon_expired.bmp deleted file mode 100644 index d617465b9..000000000 Binary files a/src/windows/identity/help/html/images/appicon_expired.bmp and /dev/null differ diff --git a/src/windows/identity/help/html/images/appicon_expired.png b/src/windows/identity/help/html/images/appicon_expired.png new file mode 100644 index 000000000..3aa90d681 Binary files /dev/null and b/src/windows/identity/help/html/images/appicon_expired.png differ diff --git a/src/windows/identity/help/html/images/appicon_good.bmp b/src/windows/identity/help/html/images/appicon_good.bmp deleted file mode 100644 index b8bc9d36f..000000000 Binary files a/src/windows/identity/help/html/images/appicon_good.bmp and /dev/null differ diff --git a/src/windows/identity/help/html/images/appicon_good.png b/src/windows/identity/help/html/images/appicon_good.png new file mode 100644 index 000000000..d8789da99 Binary files /dev/null and b/src/windows/identity/help/html/images/appicon_good.png differ diff --git a/src/windows/identity/help/html/images/appicon_warnexp.bmp b/src/windows/identity/help/html/images/appicon_warnexp.bmp deleted file mode 100644 index 339c25de5..000000000 Binary files a/src/windows/identity/help/html/images/appicon_warnexp.bmp and /dev/null differ diff --git a/src/windows/identity/help/html/images/appicon_warnexp.png b/src/windows/identity/help/html/images/appicon_warnexp.png new file mode 100644 index 000000000..becdf9e81 Binary files /dev/null and b/src/windows/identity/help/html/images/appicon_warnexp.png differ diff --git a/src/windows/identity/help/html/images/appicon_warning.bmp b/src/windows/identity/help/html/images/appicon_warning.bmp deleted file mode 100644 index 53df9ec03..000000000 Binary files a/src/windows/identity/help/html/images/appicon_warning.bmp and /dev/null differ diff --git a/src/windows/identity/help/html/images/appicon_warning.png b/src/windows/identity/help/html/images/appicon_warning.png new file mode 100644 index 000000000..e72901aeb Binary files /dev/null and b/src/windows/identity/help/html/images/appicon_warning.png differ diff --git a/src/windows/identity/help/html/images/notification_icon_menu.png b/src/windows/identity/help/html/images/notification_icon_menu.png new file mode 100644 index 000000000..ab75b74d1 Binary files /dev/null and b/src/windows/identity/help/html/images/notification_icon_menu.png differ diff --git a/src/windows/identity/help/html/images/screen_app_icon.bmp b/src/windows/identity/help/html/images/screen_app_icon.bmp deleted file mode 100644 index 49e2fb026..000000000 Binary files a/src/windows/identity/help/html/images/screen_app_icon.bmp and /dev/null differ diff --git a/src/windows/identity/help/html/images/screen_app_icon.png b/src/windows/identity/help/html/images/screen_app_icon.png new file mode 100644 index 000000000..86bd210d8 Binary files /dev/null and b/src/windows/identity/help/html/images/screen_app_icon.png differ diff --git a/src/windows/identity/help/html/images/screen_chng_pwd.png b/src/windows/identity/help/html/images/screen_chng_pwd.png new file mode 100644 index 000000000..0f3704efa Binary files /dev/null and b/src/windows/identity/help/html/images/screen_chng_pwd.png differ diff --git a/src/windows/identity/help/html/images/screen_config_appearance.png b/src/windows/identity/help/html/images/screen_config_appearance.png new file mode 100644 index 000000000..e2ed86113 Binary files /dev/null and b/src/windows/identity/help/html/images/screen_config_appearance.png differ diff --git a/src/windows/identity/help/html/images/screen_config_cred_provider.png b/src/windows/identity/help/html/images/screen_config_cred_provider.png new file mode 100644 index 000000000..5c72a0616 Binary files /dev/null and b/src/windows/identity/help/html/images/screen_config_cred_provider.png differ diff --git a/src/windows/identity/help/html/images/screen_config_general.bmp b/src/windows/identity/help/html/images/screen_config_general.bmp deleted file mode 100644 index 6c6e57e33..000000000 Binary files a/src/windows/identity/help/html/images/screen_config_general.bmp and /dev/null differ diff --git a/src/windows/identity/help/html/images/screen_config_general.png b/src/windows/identity/help/html/images/screen_config_general.png new file mode 100644 index 000000000..ce7e52814 Binary files /dev/null and b/src/windows/identity/help/html/images/screen_config_general.png differ diff --git a/src/windows/identity/help/html/images/screen_config_global_krb4.png b/src/windows/identity/help/html/images/screen_config_global_krb4.png new file mode 100644 index 000000000..90a5664f4 Binary files /dev/null and b/src/windows/identity/help/html/images/screen_config_global_krb4.png differ diff --git a/src/windows/identity/help/html/images/screen_config_global_krb5.png b/src/windows/identity/help/html/images/screen_config_global_krb5.png new file mode 100644 index 000000000..d0e28d9cf Binary files /dev/null and b/src/windows/identity/help/html/images/screen_config_global_krb5.png differ diff --git a/src/windows/identity/help/html/images/screen_config_ident.bmp b/src/windows/identity/help/html/images/screen_config_ident.bmp deleted file mode 100644 index 2ac15fec6..000000000 Binary files a/src/windows/identity/help/html/images/screen_config_ident.bmp and /dev/null differ diff --git a/src/windows/identity/help/html/images/screen_config_ident.png b/src/windows/identity/help/html/images/screen_config_ident.png new file mode 100644 index 000000000..ac6278ad0 Binary files /dev/null and b/src/windows/identity/help/html/images/screen_config_ident.png differ diff --git a/src/windows/identity/help/html/images/screen_config_ident_krb4.png b/src/windows/identity/help/html/images/screen_config_ident_krb4.png new file mode 100644 index 000000000..5c4c6f4bd Binary files /dev/null and b/src/windows/identity/help/html/images/screen_config_ident_krb4.png differ diff --git a/src/windows/identity/help/html/images/screen_config_ident_krb5.png b/src/windows/identity/help/html/images/screen_config_ident_krb5.png new file mode 100644 index 000000000..484b94d62 Binary files /dev/null and b/src/windows/identity/help/html/images/screen_config_ident_krb5.png differ diff --git a/src/windows/identity/help/html/images/screen_config_ident_provider.png b/src/windows/identity/help/html/images/screen_config_ident_provider.png new file mode 100644 index 000000000..2ab9c4d7e Binary files /dev/null and b/src/windows/identity/help/html/images/screen_config_ident_provider.png differ diff --git a/src/windows/identity/help/html/images/screen_config_idents.bmp b/src/windows/identity/help/html/images/screen_config_idents.bmp deleted file mode 100644 index 8f55a0543..000000000 Binary files a/src/windows/identity/help/html/images/screen_config_idents.bmp and /dev/null differ diff --git a/src/windows/identity/help/html/images/screen_config_idents.png b/src/windows/identity/help/html/images/screen_config_idents.png new file mode 100644 index 000000000..a67fd1747 Binary files /dev/null and b/src/windows/identity/help/html/images/screen_config_idents.png differ diff --git a/src/windows/identity/help/html/images/screen_config_notifications.png b/src/windows/identity/help/html/images/screen_config_notifications.png new file mode 100644 index 000000000..e8069ba4c Binary files /dev/null and b/src/windows/identity/help/html/images/screen_config_notifications.png differ diff --git a/src/windows/identity/help/html/images/screen_config_plug_in_krb4.png b/src/windows/identity/help/html/images/screen_config_plug_in_krb4.png new file mode 100644 index 000000000..f763a9aa5 Binary files /dev/null and b/src/windows/identity/help/html/images/screen_config_plug_in_krb4.png differ diff --git a/src/windows/identity/help/html/images/screen_config_plug_in_krb5.png b/src/windows/identity/help/html/images/screen_config_plug_in_krb5.png new file mode 100644 index 000000000..e3e651a88 Binary files /dev/null and b/src/windows/identity/help/html/images/screen_config_plug_in_krb5.png differ diff --git a/src/windows/identity/help/html/images/screen_config_plug_in_krb5_ccache.png b/src/windows/identity/help/html/images/screen_config_plug_in_krb5_ccache.png new file mode 100644 index 000000000..206386bef Binary files /dev/null and b/src/windows/identity/help/html/images/screen_config_plug_in_krb5_ccache.png differ diff --git a/src/windows/identity/help/html/images/screen_config_plug_in_krb5_realm.png b/src/windows/identity/help/html/images/screen_config_plug_in_krb5_realm.png new file mode 100644 index 000000000..e016aa10b Binary files /dev/null and b/src/windows/identity/help/html/images/screen_config_plug_in_krb5_realm.png differ diff --git a/src/windows/identity/help/html/images/screen_config_plug_ins.png b/src/windows/identity/help/html/images/screen_config_plug_ins.png new file mode 100644 index 000000000..ec9c749e6 Binary files /dev/null and b/src/windows/identity/help/html/images/screen_config_plug_ins.png differ diff --git a/src/windows/identity/help/html/images/screen_main_wnd.bmp b/src/windows/identity/help/html/images/screen_main_wnd.bmp deleted file mode 100644 index 0763318d9..000000000 Binary files a/src/windows/identity/help/html/images/screen_main_wnd.bmp and /dev/null differ diff --git a/src/windows/identity/help/html/images/screen_main_wnd.png b/src/windows/identity/help/html/images/screen_main_wnd.png new file mode 100644 index 000000000..b520c858f Binary files /dev/null and b/src/windows/identity/help/html/images/screen_main_wnd.png differ diff --git a/src/windows/identity/help/html/images/screen_main_wnd_basic.png b/src/windows/identity/help/html/images/screen_main_wnd_basic.png new file mode 100644 index 000000000..488fff33b Binary files /dev/null and b/src/windows/identity/help/html/images/screen_main_wnd_basic.png differ diff --git a/src/windows/identity/help/html/images/screen_menu_bar.bmp b/src/windows/identity/help/html/images/screen_menu_bar.bmp deleted file mode 100644 index 5f80c1967..000000000 Binary files a/src/windows/identity/help/html/images/screen_menu_bar.bmp and /dev/null differ diff --git a/src/windows/identity/help/html/images/screen_menu_bar.png b/src/windows/identity/help/html/images/screen_menu_bar.png new file mode 100644 index 000000000..00b775b0a Binary files /dev/null and b/src/windows/identity/help/html/images/screen_menu_bar.png differ diff --git a/src/windows/identity/help/html/images/screen_menu_credential.bmp b/src/windows/identity/help/html/images/screen_menu_credential.bmp deleted file mode 100644 index 92a1ec3f2..000000000 Binary files a/src/windows/identity/help/html/images/screen_menu_credential.bmp and /dev/null differ diff --git a/src/windows/identity/help/html/images/screen_menu_credential.png b/src/windows/identity/help/html/images/screen_menu_credential.png new file mode 100644 index 000000000..588117c4e Binary files /dev/null and b/src/windows/identity/help/html/images/screen_menu_credential.png differ diff --git a/src/windows/identity/help/html/images/screen_menu_file.bmp b/src/windows/identity/help/html/images/screen_menu_file.bmp deleted file mode 100644 index 4a9054668..000000000 Binary files a/src/windows/identity/help/html/images/screen_menu_file.bmp and /dev/null differ diff --git a/src/windows/identity/help/html/images/screen_menu_file.png b/src/windows/identity/help/html/images/screen_menu_file.png new file mode 100644 index 000000000..5836662e0 Binary files /dev/null and b/src/windows/identity/help/html/images/screen_menu_file.png differ diff --git a/src/windows/identity/help/html/images/screen_menu_help.bmp b/src/windows/identity/help/html/images/screen_menu_help.bmp deleted file mode 100644 index dc1a8f6dd..000000000 Binary files a/src/windows/identity/help/html/images/screen_menu_help.bmp and /dev/null differ diff --git a/src/windows/identity/help/html/images/screen_menu_help.png b/src/windows/identity/help/html/images/screen_menu_help.png new file mode 100644 index 000000000..d39b257e4 Binary files /dev/null and b/src/windows/identity/help/html/images/screen_menu_help.png differ diff --git a/src/windows/identity/help/html/images/screen_menu_options.bmp b/src/windows/identity/help/html/images/screen_menu_options.bmp deleted file mode 100644 index 5762e65d8..000000000 Binary files a/src/windows/identity/help/html/images/screen_menu_options.bmp and /dev/null differ diff --git a/src/windows/identity/help/html/images/screen_menu_options.png b/src/windows/identity/help/html/images/screen_menu_options.png new file mode 100644 index 000000000..528e01e94 Binary files /dev/null and b/src/windows/identity/help/html/images/screen_menu_options.png differ diff --git a/src/windows/identity/help/html/images/screen_menu_view.bmp b/src/windows/identity/help/html/images/screen_menu_view.bmp deleted file mode 100644 index e47e54a0a..000000000 Binary files a/src/windows/identity/help/html/images/screen_menu_view.bmp and /dev/null differ diff --git a/src/windows/identity/help/html/images/screen_menu_view.png b/src/windows/identity/help/html/images/screen_menu_view.png new file mode 100644 index 000000000..f977bda45 Binary files /dev/null and b/src/windows/identity/help/html/images/screen_menu_view.png differ diff --git a/src/windows/identity/help/html/images/screen_menu_view_cols.bmp b/src/windows/identity/help/html/images/screen_menu_view_cols.bmp deleted file mode 100644 index 25779bfcc..000000000 Binary files a/src/windows/identity/help/html/images/screen_menu_view_cols.bmp and /dev/null differ diff --git a/src/windows/identity/help/html/images/screen_menu_view_cols.png b/src/windows/identity/help/html/images/screen_menu_view_cols.png new file mode 100644 index 000000000..79954d2b6 Binary files /dev/null and b/src/windows/identity/help/html/images/screen_menu_view_cols.png differ diff --git a/src/windows/identity/help/html/images/screen_new_creds.bmp b/src/windows/identity/help/html/images/screen_new_creds.bmp deleted file mode 100755 index bf5be3113..000000000 Binary files a/src/windows/identity/help/html/images/screen_new_creds.bmp and /dev/null differ diff --git a/src/windows/identity/help/html/images/screen_new_creds.png b/src/windows/identity/help/html/images/screen_new_creds.png new file mode 100644 index 000000000..eb461bf76 Binary files /dev/null and b/src/windows/identity/help/html/images/screen_new_creds.png differ diff --git a/src/windows/identity/help/html/images/screen_new_creds_err01.bmp b/src/windows/identity/help/html/images/screen_new_creds_err01.bmp deleted file mode 100755 index 44bf0f958..000000000 Binary files a/src/windows/identity/help/html/images/screen_new_creds_err01.bmp and /dev/null differ diff --git a/src/windows/identity/help/html/images/screen_new_creds_err01.png b/src/windows/identity/help/html/images/screen_new_creds_err01.png new file mode 100644 index 000000000..4999db898 Binary files /dev/null and b/src/windows/identity/help/html/images/screen_new_creds_err01.png differ diff --git a/src/windows/identity/help/html/images/screen_new_creds_exp.bmp b/src/windows/identity/help/html/images/screen_new_creds_exp.bmp deleted file mode 100755 index 5caa6328e..000000000 Binary files a/src/windows/identity/help/html/images/screen_new_creds_exp.bmp and /dev/null differ diff --git a/src/windows/identity/help/html/images/screen_new_creds_exp.png b/src/windows/identity/help/html/images/screen_new_creds_exp.png new file mode 100644 index 000000000..f533c977a Binary files /dev/null and b/src/windows/identity/help/html/images/screen_new_creds_exp.png differ diff --git a/src/windows/identity/help/html/images/screen_tb_standard.bmp b/src/windows/identity/help/html/images/screen_tb_standard.bmp deleted file mode 100644 index bd07cf208..000000000 Binary files a/src/windows/identity/help/html/images/screen_tb_standard.bmp and /dev/null differ diff --git a/src/windows/identity/help/html/images/screen_tb_standard.png b/src/windows/identity/help/html/images/screen_tb_standard.png new file mode 100644 index 000000000..5d2f070b3 Binary files /dev/null and b/src/windows/identity/help/html/images/screen_tb_standard.png differ diff --git a/src/windows/identity/help/html/images/screen_tray_icon.bmp b/src/windows/identity/help/html/images/screen_tray_icon.bmp deleted file mode 100644 index b2fb1ee86..000000000 Binary files a/src/windows/identity/help/html/images/screen_tray_icon.bmp and /dev/null differ diff --git a/src/windows/identity/help/html/images/screen_tray_icon.png b/src/windows/identity/help/html/images/screen_tray_icon.png new file mode 100644 index 000000000..6d935d617 Binary files /dev/null and b/src/windows/identity/help/html/images/screen_tray_icon.png differ diff --git a/src/windows/identity/help/html/menu_all.htm b/src/windows/identity/help/html/menu_all.htm index 2710d5986..6cd811393 100644 --- a/src/windows/identity/help/html/menu_all.htm +++ b/src/windows/identity/help/html/menu_all.htm @@ -1,12 +1,12 @@ - The Menu Bar + Network Identity Manager - The Menu Bar -

The Menu Bar

Network Identity Manager - The Menu Bar

Click an item on the menu to go to the description of the submenu, or @@ -26,7 +26,7 @@ highlighted character on the submenu.

- +

Credential Menu

Network Identity Manager - Credential Menu

Credential Menu

Network Identity Manager - Credential Menu

Click an item on the menu to go to the description of the action, or choose from the list below. You can activate the by pressing Alt + C and you can activate each action by -pressing the highlited character. +pressing the highlighted character.

@@ -22,21 +22,21 @@ right of the action. You can use the hot key to trigger the action without invoking the Credential menu.

- - - - - - -

- + + + + + + + + + +

New Credentials ...: +
New Credentials ...: Opens the new credentials acquisition dialog box. If an identity was selected, then that identity would be made the default for the new credentials acquisition. However, it can easily be changed in @@ -46,17 +46,17 @@ without invoking the Credential menu. Action for more information.
Renew credentials: +
Renew credentials: Renews the selected credentials or identity. This action requires that the selected credentials be renewable.
See Renew Credentials Action for more information.
Destroy +
Destroy credentials...: Destroys the selected credentials.
Set as default: Sets +
Set as default: Sets the selected identity as the default, if it is not already the default. The implications of this operation is dependent on the current identity provider. @@ -64,17 +64,16 @@ without invoking the Credential menu. See Set As Default Action for more information.
Change password...: +
Change password...: Changes the password for the selected identity. However, once the new password dialog opens, you can change the identity for which the password is getting changed.
Import +
Import Credentials: Import any existing credentials from external - sources. With the Kerberos 5 credentials provider, the Kerberos - tickets from the Microsoft Windows LSA cache will be imported to MIT - Kerberos ticket caches.

credentials provider

File Menu

Network Identity Manager - File Menu

File Menu

Network Identity File Menu

Click an item on the menu to go to the description of the action, or @@ -22,22 +22,21 @@ right of the action. You can use the hot key to trigger the action without invoking the File menu.

- - -

- + + + + +

+
Properties...: Displays a property sheet for the selected credential, identity or credential type.
+
Exit: Exits Network Identity Manager

Help Menu

Network Identity Manager - Help Menu

Help Menu

Network Identity Manager - Help Menu

You can activate the menu by pressing Alt + H @@ -21,32 +21,30 @@ the question mark icon in the title bar and then clicking on the dialog box control that you want help with.

- - - - - - -

- + + + + + + +

Context: Provides - context sensitive help. You can invoke help at any time by pressing - F1

+ -

Contents: Opens +
Contents: Opens the table of contents for the user documentation
Index: Opens the +
Index: Opens the index for the user documentation
About: Opens a + +
Plug-in specific help: + Plug-ins can register their own on-line help.
About: Opens a dialog box containing information about this version of NetIDMgr as well as the modules that are currently loaded.

Options Menu

Network Identity Manager - Options Menu

Options Menu

Network Identity Manager - Options Menu

Click an item on the menu to go to the description of the action, or -choose from the list below. You can activate the by pressing Alt + O and you can activate each action by -pressing the highlited character. +pressing the highlighted character.

-Actions which have an associated hot key show this hot key to the -right of the action. You can use the hot key to trigger the action -without invoking the Options menu. -

- - - - - - - - -

- + + + + + + + + +

General ...: Opens +
General ...: Opens the NetIDMgr general configuration panel. This panel allows you to configure settings related to the startup/shutdown of NetIDMgr in addition to debugging and monitoring options.
Appearance ...: +
Appearance ...: Provides options for customizing the appearance of the credentials window. Currently, the only options provided are for selecting the font used for the credentials list.
Identities ...: +
Identities ...: Opens the identities configuration panel. These options control credentials defaults for all identities or for specific identities.
Notifications +
Notifications ...: The notifications configuration panel controls the settings used by the NetIDMgr timer that triggers warnings and identity renewals.
Plugins ...: -Options for enabling or disabling specific plugins and also for -viewing information about loaded plugins.

plug-ins ...: +Options for enabling or disabling specific plug-ins and also for +viewing information about loaded plug-ins.
Plugin specific +
Plugin specific configuration panels: Each registered plugin can register one or more configuration panels which will appear on the Options menu.

View Menu

Network Identity Manager - View Menu

View Menu

Network Identity Manager - View Menu

Click an item on the menu to go to the description of the action, or @@ -22,28 +22,38 @@ right of the action. You can use the hot key to trigger the action without invoking the View menu.

- - - -

- + + + + + + + +

View columns: +
Advanced F7: + +Toggles the display mode between basic and advanced modes. +In basic mode, the Network Identity Manager displays a list of identities +and their current status. In the advanced mode, NetIdMgr provides a +customizable list of all discovered credentials. +
View columns: +Only available in Advanced mode. Invokes a submenu from which you can choose the columns that are displayed in the credentials window. If you change the columns, or their order, a new custom layout will be created for you which you can later use using the Layout submenu later. For -more information about managing layouts, see the Layout topic.

Layout

Layout: Opens a +

Layout: +Only available in Advanced mode. Opens a submenu where you can select the layout for the credentials display.

Refresh: Refresh -the credentials view. This queries each Refresh view F5: Refresh +the contents of the credentials view. This queries each credential provider for any credentials and redraws the credentials view.

Standard Toolbar

Network Identity Manager - Standard Toolbar

Standard Toolbar

Network Identity Manager - Standard Toolbar

The standard toolbar appears below along with descriptions of what each button does.

- +

title

Network Identity Manager - title

Configuring NetIDMgr and identities

Network Identity Manager - Configuration

Configuring NetIDMgr and identities

All NetIDMgr configuration options can be accessed via the Options menu. The available configuration panels -are: +

Network Identity Manager - Configuration

All Network Identity Manager configuration options can be accessed via the +Options menu. The available configuration panels are:

General: General application options - for NetIDMgr.
- -
- Obtain new credentials at - startup: If checked, NetIDMgr will check there are initial - credentials for the default identity. If no such credentials are - found, NetIDMgr will display a new credentials dialog.
- Run NetIDMgr in system tray after - window close: If checked, NetIDMgr will continue running in - the system notification area (sometimes referred to as the system - tray) after you close the NetIDMgr window.
- Monitor network connectivity: When - changes to network connectivity are detected, NetIDMgr can notify - individual plug-ins about these changes. Doing so allows each - plug-in to respond to the change by obtaining new credentials etc. - If this option is cleared, no such notifications are sent and the - application would not respond to network changes.
- Log trace events: NetIDMgr can - generate debugging information during the course of performing - certain actions. This information aids the developers in fixing - problems that you may encounter while using NetIDMgr.
- -
Appearance: Allows you to set the - font used by NetIDMgr.
Identities: Default settings for all - identities and settings for each identity. Details below.
Notifications: Notification and timer - options. NetIDMgr can issue warnings when credentials are about to - expire. This configuration panel allows you to set the thresholds at - which these warnings are issued. For example, if the warning - timeout is set for 10 minutes, NetIDMgr will issue a warning 10 - minutes before a credential expires.
- -
The panel also allows you to control the credentials renew timer. - If the timer is disabled, NetIDMgr will not automatically attempt to - renew credentials. If the Renew at half life - intervals when possible option is set, then the timer will - expire after the credential has less than half its lifetime left. - If the renewal operation fails, it will attempt another renwal after - half of the remaining liftime is over (i.e. when the credential has - less than 1/4 of its original lifetime left) and so on. -
- -
Plugins: Enable/disable and check - the status of registered plug-ins. Enabling or disabling a plug-in - only takes effect after a restart of NetIDMgr.
+
General: General application options for NetIDMgr.
+
- +
  Obtain new credentials at startup: If checked, + NetIDMgr will check there are initial credentials for the default identity. + If no such credentials are found, NetIDMgr will display a new credentials + dialog.
  +
- +
  Run NetIDMgr in system tray after window close: + If checked, NetIDMgr will continue running in the system notification area + (sometimes referred to as the system tray) after you close the NetIDMgr + window.
  +
- +
  Monitor network connectivity: When changes + to network connectivity are detected, NetIDMgr can notify individual plug-ins + about these changes. Doing so allows each plug-in to respond to the change + by obtaining new credentials etc. If this option is cleared, no such notifications + are sent and the application would not respond to network changes.
  +
- +
  Log trace events: NetIDMgr can generate debugging + information during the course of performing certain actions. This information + aids the developers in fixing problems that you may encounter while using + NetIDMgr.
  +
+
+
Appearance: Allows you to set the font used by + NetIDMgr.
+
+
Identities: Default settings for all identities + and settings for each identity. Details below.
+
+
Notifications: Notification and timer options. + NetIDMgr can issue warnings when credentials are about to expire. This configuration + panel allows you to set the thresholds at which these warnings are issued. For + example, if the warning timeout is set for 10 minutes, NetIDMgr will issue a + warning 10 minutes before a credential expires.
+
The panel also allows you to control the credentials renew timer. If the + timer is disabled, NetIDMgr will not automatically attempt to renew credentials. + If the Renew at half life intervals when possible option + is set, then the timer will expire after the credential has less than half its + lifetime left. If the renewal operation fails, it will attempt another renwal + after half of the remaining liftime is over (i.e. when the credential has less + than 1/4 of its original lifetime left) and so on.
+
+
Plugins: Enable/disable and check the status of + registered plug-ins. Enabling or disabling a plug-in only takes effect after + a restart of NetIDMgr.
+

General Options

The General options dialog, accessed via the Options menu, allows you to configure +operational properties specific to the NetIdMgr application.

The Obtain new credentials at startup (if none are present) checkbox will +determine whether or not NetIdMgr will display the New Credentials dialog at startup +when no valid credentials exist.

The Destroy all credentials on exit option can be used to empty all of +the credential caches when the NetIdMgr is terminated.

The Run NetIdMgr in taskbar notification area after window close checkbox +determines the behavior of the window close button. When checked, NetIdMgr will +close the window but will continue running and can be accessed from the taskbar +notification area. When unchecked, NetIdMgr will behave as if File->Exit was selected +from the menu.

Clicking on the notification icon can be configured to either Show Network +Identity Manager or Obtain New Credentials. This option controls which menu item +on the notification icon menu is the default action.

The Monitor network connectivity option determines whether or not NetIdMgr +monitors the configuration of IP addresses on the machine. When IP addresses are +added or removed and this feature is activated, the NetIdMgr will probe the identity +management servers (e.g., Kerberos Key Distribution Centers) to determine if they +are reachable and if so will automatically obtain credentials.

The Log trace events to trace log at the following location option is +used to activate a log file that can be used to help debug the behavior of NetIdMgr +and its plug-ins. Press the Show log button to view the log file in Windows +Notepad.

Appearance Options

The Appearance Options page can be used to select an alternate typeface to be +used when displaying credentials in the NetIdMgr.

+ +

Configuration of default settings for all identities

The Identities configuration panel allows you to set +the defaults that will be used for all identities. However, most of the settings +displayed here can be overridden with specific per-identity settings.

The panel will have a number of sub panels (or tabs) corresponding to each plug-in +that maintains per-identity configuration.

A list of identities for which configuration information is maintained will be +shown under the main Identities configuration panel name. +Each of these correspond to a per identity configuration +panel.

Note that adding or removing an identity in the configuration panel only has +the effect of adding or removing the identity to or from the list of identities +for which configuration information is maintained.

The Identities configuration panel allows -you to set the defaults that will be used for all identities. -However, most of the settings displayed here can be overridden with -specific per-identity settings. -

Global Identity Settings

There are three general settings that can be used to set +global defaults.

The Monitor credential expiration setting determines +whether or not NetIdMgr should monitor the credential lifetimes and issue +expiration notifications. This value is used as the default for all new +identities.

The Automatically renew setting determines if +renewable credentials are automatically renewed prior to expiration. This +value is used as the default for all new identities.

The Always show in the credentials list (Pinned) +setting determines whether new identities are always pinned within the +credentials list. A pinned identity will always be displayed regardless of +whether or not there are credentials associated with it.

The panel will have a number of sub panels (or tabs) corresponding -to each plug-in that maintains per-identity configuration. -

Global Kerberos v5 Identity Settings

The global Kerberos v5 settings define default credential +lifetimes and minimum and maximum values for use in constructing the slider +controls used to set the lifetimes.

There are two expiration times associated with Kerberos +tickets. The first specifies the length of the time period during which the +tickets are valid for use. The second specifies the length of the renewable +lifetime. Valid Kerberos tickets may have their valid use lifetime repeatedly +extended up until the renewable lifetime expires. The settings on this page are +used to configure default lifetime values for NetIdMgr to use when requesting +Kerberos tickets from the Kerberos server (key distribution center). The +Kerberos server may issue tickets with shorter lifetimes than were requested.

The Renewable, Forwardable, and +Addressless options determine whether or not new identities default to +obtaining Kerberos v5 tickets with these options.

When Forwardable tickets are received from the +Kerberos Server, these tickets can be forwarded to a remote host when you +connect via telnet, ssh, ftp, rlogin, or similar applications. When tickets are +forwarded, there is no need to obtain Kerberos tickets again to access +Kerberized services on the remote host. Forwardable tickets are often +required when authenticating to a remote host using ssh or ftp when the remote +host requires the ability to authenticate to a remote file system such as AFS.

When Renewable tickets are received from the +Kerberos Server, the ticket lifetimes may be renewed without prompting the user +for her password. This allows Kerberos tickets to be issued with short +lifetimes allowing compromised accounts to be disabled on short notice without +requiring the user to enter a password every few hours. When combined with +Automatic Ticket Renewal, NetIdMgr can maintain valid tickets for a week, a +month, or longer by automatically renewing tickets prior to their expiration. +The ability to renew tickets without a password is limited by the tickets +renewable lifetime as issued by the Kerberos Server.

When Addressless is selected, the tickets do not +contain IP address information. This enables the tickets to be used from behind +Network Address Translators which are frequently found in Cable and DSL Modems.

The minimum and maximum ranges are used by the ticket +initialization dialog box when constructing the Lifetime and Renewable Lifetime +sliders. These sliders can be used to modify the requested ticket lifetimes +when Kerberos tickets are initialized.

A list of identities for which configuration information is -maintained will be shown under the main Identities configuration panel name. Each of these -correspond to a per identity configuration -panel. -

Global Kerberos v4 Identity Settings

When the Obtain Kerberos v4 credentials button is +checked, NetIdMgr will attempt to retrieve Kerberos v4 credentials when ticket +initialization, renewal, or importation is performed. Kerberos realms are +increasingly configured to support only Kerberos v5 (e.g., Windows Active +Directory Domains.) If the realms you use do not support Kerberos v4 it is +suggested that this button be unchecked.

Be aware that only the default identity can obtain Kerberos +v4 credentials. This limitation is due to the inability of Kerberos v4 +applications on Microsoft Windows to specify a credentials cache.

Note that adding or removing an identity in the configuration panel -only has the effect of adding or removing the identity to or from the -list of identities for which configuration information is maintained. -

Per identity configuration

You can access the per-identity configuration panel for a specific identity by +selecting the identity name from the list of configuration panels in the configuration +dialog.

These panels are similar to the Identities configuration +panel, but they change per-identity settings. Changes you make in these panels will +override the defaults set in the Identities panel.

Per identity General Configuration

The General page contains a Remove Identity button +that can be used to delete this Identity from the Network Identity Manager.

You can access the per-identity configuration panel for a specific -identity by selecting the identity name from the list of configuration -panels in the configuration dialog. -

Per identity Kerberos v5 Configuration

These panels are similar to the Identities -configuration panel, but they change per-identity settings. Changes -you make in these panels will override the defaults set in the Identities panel. -

The Kerberos v5 page displays the name of the credential +cache currently associated with the Identity.

Per identity Kerberos v4 Configuration

The Kerberos v4 page is optional and may not appear on all +systems. Only one identity can obtain Kerberos v4 credentials at a time.

Notification Configuration

The Renew automatically at check box determines +whether or not renewable tickets will be renewed by NetIdMgr when they reach the +specified time remaining.

The Initial warning at check box determines whether +or not a warning will be issued when the specified time remaining is reached.

The Final warning at check box determines whether or +not a warning will be issued when the specified time remaining is reached.

Notifications are performed in two ways. First, icons are +displayed next to the affected credentials in the flags column of the display. +Second, a balloon tip is displayed off of the NetIdMgr taskbar notification area +icon.

Plug-in Configuration

The Plug-ins +and Modules page provides status information on the currently loaded plug-ins +and modules include a description of their purpose; whether or not it was loaded +properly; which other modules are required; and what organization developed it. +

Kerberos v5 Plug-in Configuration

The Kerberos v5 Configuration tab allows you to +alter the behavior of the Kerberos v5 identity provider.

In the Default Realm field, select a Kerberos realm +from the dropdown list.

The Include all +configured realms in New Credentials realm list determines whether all of +the realms declared in the Kerberos v5 Configuration file are included in the +realms list of the Obtain New Credentials dialog. If disabled, only the +realms previously used to obtain credentials are displayed.

The Configuration File +field displays the path to the Kerberos v5 configuration file, krb5.ini.

The field labeled Host Name displays the name of +your local machine. The Domain Name field displays the domain to which +your local machine currently belongs.

The Import Tickets listbox allows you to configure +how NetIdMgr interacts with the Microsoft Kerberos Authentication Provider. +NetIdMgr will automatically import Kerberos Tickets from the Microsoft LSA at +startup depending upon the selected option and whether or not the Kerberos +Authentication Provider was used for Windows Logon authorization.

Never means do not import tickets from the + MSLSA;
Always means do import tickets from the MSLSA; + and
Only when the Principal matches means import + tickets from the MSLSA only if the MSLSA Kerberos principal belongs to the + Default Realm.

When the Windows Logon identity is imported and is +configured as the default identity, the MIT credential cache will be used in +preference to the MSLSA credential cache.

Kerberos v5 Realm Configuration

Kerberos v5 Credential Cache Configuration

The Kerberos Realm Configuration dialog can be used to +manage the contents of the [Realms] and [Domain_Realm] sections of the Kerberos +v5 configuration file.

Kerberos v4 Plug-in Configuration

Here, you can specify the +name of the in-memory cache used to store the Kerberos v4 tickets. The format +of the name is API: followed by the cache name. Disk caches are not supported +by Kerberos for Windows.

The paths to the Kerberos v4 configuration files: krb.con +and krbrealm.con may be viewed from this dialog. The default is to store the +configuration files in the Windows directory.

NetIDMgr Notification Icon

Network Identity Manager Notification Icon

NetIDMgr Notification Icon

Network Identity Manager Notification Icon

Visual Representation of Identity State Information

When NetIDMgr is running, an icon will be placed in the system -notification area (sometimes referred to as the "tray" area, or the -"system tray"). The icon will change to reflect the current state of +

When Network Identity Manager is running, an icon will appear in the taskbar notification area. The icon will change to reflect the current state of the managed credentials.

The icons and their meanings are described below:

	There are no managed credentials for any identity.
	There are valid credentials for all the identities.
Some of the +		Some of the credentials will expire in the next few minutes. This icon will be displayed even if automatic renewals are enabled. In this case, the credentials in question may get renewed before they expire, and the icon will change to reflect this change.
some of the managed credentials have expired.		At least one identity's credentials have expired.
A warning +		A warning message is waiting to be displayed. Click the icon to view the warning message.

Notification Icon Menu

Clicking on the notification with the second mouse button displays a menu +(see right) which contains the most commonly used Network Identity Manager +operations.

Notification Icon Default Action

Clicking on the icon with the first mouse button will open or close the Network Identity Manager application window or open the Obtain New Credentials dialog based upon the current configuration. The behavior can be adjusted from the Options->General page. Clicking with the second mouse button will display a menu of commands.

Managing the credentials view layout

Network Identity Manager - Managing the credentials view layout

Managing the credentials view layout

Network Identity Manager - Managing the credentials view layout

The credentials view layout provides an outlined view of the credentials that are being managed by NetIDMgr. The columns that are @@ -24,8 +24,8 @@ customizations that can be performed:

Grouping by a column.

- -

Predefined layouts

+ +

Pre-defined layouts

The predefined layouts in NetIDMgr are:

@@ -46,7 +46,7 @@ customizations that can be performed:

Adding and removing columns

The View Columns menu lists all the @@ -60,9 +60,9 @@ display.

View

Sorting by a column

Clicking on a column header will change the sort order of the @@ -73,7 +73,7 @@ will start sorting in increasing order by that column.

Double-clicking a column that is not used for grouping will stop sorting by that column.

Grouping by a column

Double-clicking on a column header will start grouping by that diff --git a/src/windows/identity/help/html/use_start.htm b/src/windows/identity/help/html/use_start.htm index 1f1a7d69a..4c1b7ab83 100644 --- a/src/windows/identity/help/html/use_start.htm +++ b/src/windows/identity/help/html/use_start.htm @@ -1,24 +1,24 @@ - Starting NetIDMgr + Network Identity Manager - Starting Network Identity Manager -

Starting NetIDMgr

Network Identity Manager - Starting Network Identity Manager

Opening the NetIDMgr window from the notification icon

Opening the Network Identity Manager window from the notification icon

Depending on how you have installed NetIDMgr, it may start as soon -as you login, or it may need to be started manually. NetIDMgr is a -tray application. Hence it doesn't appear on your task bar. This is -based on the assumption that you don't need to run NetIDMgr very -often, and helps reduce clutter on the desktop.

Depending on how Network Identity Manager was installed, it may be configured +with a shortcut in the Startup Folder, or it may require a manual start. NetIDMgr is a +notification tray application and therefore it is not listed in the Microsoft +Windows task bar. This design is based on the assumption that most users +rarely interact directly with the application.

here

Clicking on this icon brings up the NetIDMgr window. Right -clicking on the icon, on the other hand, brings up a menu.

Left clicking on this icon executes the default action which either changes +the view state of the credential list or displays the Obtain New Credentials +dialog. Right clicking on the icon displays a menu.

Starting NetIDMgr from the Start Menu or command line

Starting Network Identity Manager from the Start Menu or command line

If NetIDMgr was not configured to start automatically when you diff --git a/src/windows/identity/help/html/using.htm b/src/windows/identity/help/html/using.htm index c66ee8aab..de1727354 100644 --- a/src/windows/identity/help/html/using.htm +++ b/src/windows/identity/help/html/using.htm @@ -1,28 +1,35 @@ - Using NetIDMgr + Using Network Identity Manager -

Using NetIDMgr

Using Network Identity Manager

-Depending on how NetIDMgr was installed, it might already be running -in the system notification area or it might need to be started -manually. See the topic starting -NetIDMgr for details. Essentially, to open the NetIDMgr window, -you either have to click the application -icon in the system notification area, select the icon from the -start menu, or type 'netidmgr' at a command prompt. +Depending on how Network Identity Manager was installed, it might already be running +in the Windows taskbar notification area or it might need to be started +manually. See the topic Starting +Network Identity Manager for details. +

+To open the NetIDMgr window when the application +icon is displayed in the Windows taskbar notification area, click on the +icon with the 2nd mouse button (usually the right mouse button) and select Show Network Identity Manager window from the menu. +

+If NetIdMgr is not displayed in the Windows taskbar notification area, it can be +started from the +Start Menu, or type 'netidmgr' at a command prompt.

-Once you open the NetIDMgr window, you will be presented with a view -of your existing credentials, or a message notifying you that you -don't have any. Details of the credentials view objects can be found here.

-A more comprehensive list of how-to topics can be found in the How do I... section.

How do I...

Welcome to the Network Identity Manager

-The Network Identity Manager (or NetIDMgr for short) allows you to -manage your network identities and the associated credentials -(Kerberos tickets, AFS tokens, etc.). -

-NetIDMgr is extensible using plugins. In fact, most of the features -are implemented in plugins, some of which are themselves extensible. -Support for additional protocols and credential types can be added by -installing the appropriate plugins. +

Network Identity Manager (NetIdMgr) is a graphical +tool designed to simplify the management of network identities and their credentials +which are used by network authentication protocols while providing +secure access to network services. When NetIDMgr is used with Kerberos v5 each +network identity is a unique Kerberos principal name and the credentials +are Kerberos v5 tickets. Kerberos v5 tickets can be used by NetIDMgr to +obtain Andrew File System (AFS) tokens and X.509 public key certificates if the +appropriate plug-ins are available.

When you log into Microsoft Windows with a domain account, +your account name and the Windows Domain name when combined form a Kerberos +principal name. As an example, WINDOWS\jaltman is actually a short form +representation of +jaltman@WINDOWS.SECURE-ENDPOINTS.COM. Microsoft Windows uses +Kerberos-based network identities for all domain-based network authentications.

Since Microsoft Windows already provides a network +identity, why do you need NetIdMgr? Here are some examples:

Your only network identity is your Windows Domain + account but you have third-party applications that rely on MIT Kerberos for + authentication for access to remote files, e-mail, web data, or other + services. In this scenario, NetIdMgr will automatically import your Windows + Domain credentials into a form that can be used by applications that rely on + MIT Kerberos.
You do not have a Windows Domain account but you must + obtain network credentials in order to securely access a network service. + In this scenario, NetIdMgr can be used to obtain new credentials for network + identities and can automatically renew them before they expire.
You have Kerberos credentials for a network identity + and you have third-party applications that require an alternative form of + network credential, such as an AFS token or a X.509 certificate, which can + be obtained via a Kerberos authentication. In this scenario, NetIdMgr can + automatically use your existing credentials to obtain and renew the + additional network credentials types.
You have a Windows Domain account but you need to + authenticate to a service belonging to a Kerberos realm outside the Windows + Domain. In this scenario, NetIdMgr can be used to manage multiple network + identities, the Windows Domain identity as well as the additional Kerberos + identity required for the external network services.
You have multiple network identities within the same + Kerberos realm which are used for different roles. For example, an + unprivileged user identity and a privileged identity that is only meant to + be used for system administration. In this scenario, NetIdMgr can be used + to obtain credentials for all of your identities and automatically renew + them as necessary.

NetIdMgrs automated credential acquisition and renewal +makes it an invaluable tool which provides users with a Single Sign-on +experience.

NetIdMgr is most commonly configured as a StartUp item that runs an icon in the Taskbar Notification Area until you logout. +While running, NetIDMgr automatically renews your credentials, notifies you of +pending expirations and prompts you when a Kerberized application requires +credentials that have not already been obtained.

When configured to do so, NetIdMgr will prompt you +immediately after it starts to obtain Kerberos credentials. This is often +referred to as logging on to Kerberos. NetIdMgr does not perform a logon in the +sense of the Windows Logon Service. A logon service would do more than manage +Kerberos tickets. A logon service would authenticate you to the local machine, +validate access to your local file system and performs additional set-up tasks. +These are beyond the scope of NetIdMgr. NetIdMgr simply allows you to manage +Kerberos identities on behalf of compatible applications and to change your +Kerberos password.

-This version is distributed as a part of the MIT Kerberos for Windows -product along with the Kerberos 5 and Kerberos 4 plugins. The OpenAFS -plugin, which is required for supporting AFS tokens, is -distributed separately. -

OpenAFS for +Windows

Secure Endpoints Inc.

Legal information
NetIDMgr concepts
Using NetIDMgr
How do I ...
All Menus

Information for developers

-If you are interested in developing plugins or extending the features -of NetIDMgr, your first stop should be the NetIDMgr SDK. This is -included in the Kerberos for Windows SDK, which itself is a part of -the Kerberos for Windows distribution. -

-We highly recommend interested developers to contact the netidmgr@secure-endpoints.com -mailing list. -

External links

http://web.mit.edu/kerbeors: +
http://web.mit.edu/kerberos: MIT Kerberos distribution
http://openafs.org: +
http://www.openafs.org/windows.html: -OpenAFS +OpenAFS for Windows
+http://www.secure-endpoints.com/: +Secure Endpoints Inc.

Main Window

Network Identity Manager - Application Window

Main Window

Network Identity Manager - Application Window

The main window of Network Identity Manager is structured as follows

The application window of Network Identity Manager can be displayed in two modes: basic and advanced.

The basic view provides status information of the currently available identities whereas the advanced +view provides more detailed information of all the active credentials.

Figure 1. Network Identity Manager Basic View

+ +

Figure 2. Network Identity Manager Advanced View

Menu bar