[Pki-devel] [PATCH] initial patch to get tps configured through pkispawn

Ade Lee alee at redhat.com
Tue Aug 13 16:47:23 UTC 2013 

acked by Endi - pushed to master.

On Thu, 2013-08-08 at 11:21 -0400, Ade Lee wrote:
> Oh, and just to clarify:
> 
> To set up my tps, I did the following:
> 1. Create a ca, kra and tks in a single instance.  In this case, I used
> the default instance.
> 
> 2. Ran the tkstool thing to generate the shared secret and restarted the
> instance.
> 
> tkstool -T -d /var/lib/pki/pki-tomcat/alias/ -n sharedSecret
> 
> 3. configured my tps using the config file below:
> pkispawn -s TPS -f tps.cfg
> 
> Ade
> 
> 
> On Thu, 2013-08-08 at 11:17 -0400, Ade Lee wrote:
> > Hi, 
> > 
> > This patch runs on top of Endi's patch for the initial skeleton.  Its an
> > initial patch and will probably be cleaned up a bit more - but its ready
> > for a first review.  And it will unblock Endi and Jack from doing other
> > things with a real configured system.
> > 
> > The config file I use has the following settings:
> > 
> > [DEFAULT]
> > pki_admin_password=redhat123
> > pki_client_pkcs12_password=redhat123
> > pki_ds_ldap_port=55389
> > pki_ds_ldaps_port=55636
> > pki_ds_password=redhat123
> > pki_security_domain_password=redhat123
> > pki_client_database_password=redhat123
> > 
> > [TPS]
> > pki_authdb_basedn=dc=redhat,dc=com
> > pki_authdb_port=56389
> > pki_enable_server_side_keygen=True
> > 
> > What this patch adds:
> > 1. Rebased TPS CS.cfg on the config file for the TKS.  This means
> > basically that I took the TKS config file and added the TPS bits,
> > modifying as needed.  This means that most of the Java specific things
> > needed - like class definitions for authenticators are there.
> > 
> > 2.  Self tests for TPS now start to run.  Only one test is configured
> > (SystemCertVerification) and that test starts and then quickly bombs out
> > as the test needs to modified to handle tps.  I will add a patch to get
> > self tests working for the new tps shortly.
> > 
> > 3.  Authentication source ldap1 (the external authentication source) is
> > now configured using the authentication mechanisms in the Java
> > subsystems.  Not sure if it works yet, but thats up to Jack to figure
> > out when he does the mod_tps conversion.
> > 
> > 4. Signed audit logging config changed to use the version in the java
> > subsystems.  Added the tps related events.
> > 
> > 5.  All substitutions are made as needed in CS.cfg
> > 
> > 6. Added all the new parameters needed for configuring a TPS, and the
> > logic to do the configuration.  This includes code to configure
> > connections to CA, KRA, OCSP etc.
> > 
> > 7.  Added all needed logic to the database ldif files.  Those files were
> > previously not used in the TPS installation.  I will remove the old
> > files in a subsequent patch.
> > 
> > Whats missing:
> > 1. Self tests not working.  Need to modify self tests and create TPS
> > specific self tests in Java.
> > 
> > 2. Admin currently has no profileId auxilliary object attached.  Will
> > add a patch to do that.
> > 
> > 3. Will add a patch to automatically obtain the shared secret from the
> > TKS (through a servlet) from TPS.
> > 
> > 4. Will add a patch to automatically generate the shared secret in TKS
> > installation, so that we wont have to do tkstool.  Or at the very least,
> > call that from pkispawn.
> > 
> > 5.  There is no option currently to configure the TPS though a wizard
> > menu.  Needs to be added in a separate patch.
> > 
> > _______________________________________________
> > Pki-devel mailing list
> > Pki-devel at redhat.com
> > https://www.redhat.com/mailman/listinfo/pki-devel
> 
> 
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel

More information about the Pki-devel mailing list