Steps:
--------
Unpack this distro tarfile
Install Kerberos5
Install kx509/kxutils
Install java
Install jxplorer
Modify the keygen script
Set your keystore password
Running keygen and jxplorer

This distribution tarfile should contain the following:

README						#This file
JXv3.1b1deploy.tar.bz2		#The jxplorer distribution
keygen.jar					#The credential conversion script
keygen.sh					#Helper app used by keygen.sh
ca-bundle.crt				#The CITI CA cert

Install Kerberos5/SASL
----------------------
Under Fedora (core 2):
yum install krb5-workstation  # For kerberos installations
yum install cyrus-sasl
yum install cyrus-sasl-gssapi # For kerberos installations
yum install cyrus-sasl-plain
yum install cyrus-sasl-devel

Install kx509/kxutils
----------------------
XXX No package that I know of.
XXX Grab source and compile

Install Java
----------------------
Grab the Sun jre or sdk (1.4.2 or greater)
Sun has nice self extracting binary distributions or rpms.

Set your JAVA_HOME environment variable to the base of your java installation:
eg:
export JAVA_HOME=/usr/local/j2sdk1.4.2_04

also, add the java bin location to your PATH variable
eg: 
export PATH=$PATH:$JAVA_HOME/bin/

It is recommended that this is done in your /etc/profile or personal profile

Install JXplorer
-----------------------
Unpack the tarfile included, or get it from sourceforge:
http://sourceforge.net/project/showfiles.php?group_id=55394

Version 3.1Beta was used.

Unpack the file into the directory that you unpacked the distribution tarfile.
the tarfile will unpack into ./jxplorer


Modify the keygen script
-------------------------
The distribution tarfile contains a script called keygen.sh. Edit the first few
lines so that the paths to the binaries are correct.

Make sure that KERBEROS_ROOT is correctly set, as well as the paths to kxlist,
kx509 and openssl. Nothing else should need modifying.


Set your keystore passwords
------------------------
Run jxplorer by executing ./jxplorer.sh in the jxplorer directory.


Security->Client Certificates
Click the Set Password button:
The default password is: passphrase
When done, click OK to close the Manager dialog. (Note, after changing
passwords, or importing certs, the manager dialog sometime gets buried
under the browser window. Just move the browser window to the side, or send
it to the back.

Similarly, you need to set the password on the CA Certs keystore.
The default password for this keystore is: changeit

You also need to import the CA cert. The ca-bundle.crt cert is included in
the distribution tarfile for your convenience. Be sure to take precautions
against tampering (sum against known copy, etc). To do this, open the CA
Certificate manager. Click Add Certificate. Locate the ca-bundle.crt file
(note that you will have to change the suffix filter to All Files)


Running the keygen script
-------------------------
cd to the directory containing the keygen script.
Execute:
./keygen.sh

Two flags are supported. Execute ./keygen.sh -? for useage.

keygen will convert your kerberos creds into kx509 creds, reformat those into
pkcs8 format, and then import them into the java keystore.  You should do this
every time you startup jxplorer.

File->Connect to open the connection dialog.
Enter the hostname and base DN. Also, change the Security level to:
"SSL+SASL+Keystore Password" and enter the keystore password in the textbox.

You should be able to establish a secure connection, protected by SSL TLS and
using the SASL EXTERNAL authentication mechanism. You may need to modify your
slapd.conf file with the appropriate sasl-regexp to get your kx509->DN mapping
correct.

