[Pki-devel] [PATCH] initial patch to get tps configured through pkispawn
Ade Lee
alee at redhat.com
Tue Aug 13 16:47:23 UTC 2013
acked by Endi - pushed to master.
On Thu, 2013-08-08 at 11:21 -0400, Ade Lee wrote:
> Oh, and just to clarify:
>
> To set up my tps, I did the following:
> 1. Create a ca, kra and tks in a single instance. In this case, I used
> the default instance.
>
> 2. Ran the tkstool thing to generate the shared secret and restarted the
> instance.
>
> tkstool -T -d /var/lib/pki/pki-tomcat/alias/ -n sharedSecret
>
> 3. configured my tps using the config file below:
> pkispawn -s TPS -f tps.cfg
>
> Ade
>
>
> On Thu, 2013-08-08 at 11:17 -0400, Ade Lee wrote:
> > Hi,
> >
> > This patch runs on top of Endi's patch for the initial skeleton. Its an
> > initial patch and will probably be cleaned up a bit more - but its ready
> > for a first review. And it will unblock Endi and Jack from doing other
> > things with a real configured system.
> >
> > The config file I use has the following settings:
> >
> > [DEFAULT]
> > pki_admin_password=redhat123
> > pki_client_pkcs12_password=redhat123
> > pki_ds_ldap_port=55389
> > pki_ds_ldaps_port=55636
> > pki_ds_password=redhat123
> > pki_security_domain_password=redhat123
> > pki_client_database_password=redhat123
> >
> > [TPS]
> > pki_authdb_basedn=dc=redhat,dc=com
> > pki_authdb_port=56389
> > pki_enable_server_side_keygen=True
> >
> > What this patch adds:
> > 1. Rebased TPS CS.cfg on the config file for the TKS. This means
> > basically that I took the TKS config file and added the TPS bits,
> > modifying as needed. This means that most of the Java specific things
> > needed - like class definitions for authenticators are there.
> >
> > 2. Self tests for TPS now start to run. Only one test is configured
> > (SystemCertVerification) and that test starts and then quickly bombs out
> > as the test needs to modified to handle tps. I will add a patch to get
> > self tests working for the new tps shortly.
> >
> > 3. Authentication source ldap1 (the external authentication source) is
> > now configured using the authentication mechanisms in the Java
> > subsystems. Not sure if it works yet, but thats up to Jack to figure
> > out when he does the mod_tps conversion.
> >
> > 4. Signed audit logging config changed to use the version in the java
> > subsystems. Added the tps related events.
> >
> > 5. All substitutions are made as needed in CS.cfg
> >
> > 6. Added all the new parameters needed for configuring a TPS, and the
> > logic to do the configuration. This includes code to configure
> > connections to CA, KRA, OCSP etc.
> >
> > 7. Added all needed logic to the database ldif files. Those files were
> > previously not used in the TPS installation. I will remove the old
> > files in a subsequent patch.
> >
> > Whats missing:
> > 1. Self tests not working. Need to modify self tests and create TPS
> > specific self tests in Java.
> >
> > 2. Admin currently has no profileId auxilliary object attached. Will
> > add a patch to do that.
> >
> > 3. Will add a patch to automatically obtain the shared secret from the
> > TKS (through a servlet) from TPS.
> >
> > 4. Will add a patch to automatically generate the shared secret in TKS
> > installation, so that we wont have to do tkstool. Or at the very least,
> > call that from pkispawn.
> >
> > 5. There is no option currently to configure the TPS though a wizard
> > menu. Needs to be added in a separate patch.
> >
> > _______________________________________________
> > Pki-devel mailing list
> > Pki-devel at redhat.com
> > https://www.redhat.com/mailman/listinfo/pki-devel
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list