[Pki-devel] [PATCH] initial patch to get tps configured through pkispawn

Ade Lee alee at redhat.com
Thu Aug 8 15:21:42 UTC 2013 

Oh, and just to clarify:

To set up my tps, I did the following:
1. Create a ca, kra and tks in a single instance.  In this case, I used
the default instance.

2. Ran the tkstool thing to generate the shared secret and restarted the
instance.

tkstool -T -d /var/lib/pki/pki-tomcat/alias/ -n sharedSecret

3. configured my tps using the config file below:
pkispawn -s TPS -f tps.cfg

Ade


On Thu, 2013-08-08 at 11:17 -0400, Ade Lee wrote:
> Hi, 
> 
> This patch runs on top of Endi's patch for the initial skeleton.  Its an
> initial patch and will probably be cleaned up a bit more - but its ready
> for a first review.  And it will unblock Endi and Jack from doing other
> things with a real configured system.
> 
> The config file I use has the following settings:
> 
> [DEFAULT]
> pki_admin_password=redhat123
> pki_client_pkcs12_password=redhat123
> pki_ds_ldap_port=55389
> pki_ds_ldaps_port=55636
> pki_ds_password=redhat123
> pki_security_domain_password=redhat123
> pki_client_database_password=redhat123
> 
> [TPS]
> pki_authdb_basedn=dc=redhat,dc=com
> pki_authdb_port=56389
> pki_enable_server_side_keygen=True
> 
> What this patch adds:
> 1. Rebased TPS CS.cfg on the config file for the TKS.  This means
> basically that I took the TKS config file and added the TPS bits,
> modifying as needed.  This means that most of the Java specific things
> needed - like class definitions for authenticators are there.
> 
> 2.  Self tests for TPS now start to run.  Only one test is configured
> (SystemCertVerification) and that test starts and then quickly bombs out
> as the test needs to modified to handle tps.  I will add a patch to get
> self tests working for the new tps shortly.
> 
> 3.  Authentication source ldap1 (the external authentication source) is
> now configured using the authentication mechanisms in the Java
> subsystems.  Not sure if it works yet, but thats up to Jack to figure
> out when he does the mod_tps conversion.
> 
> 4. Signed audit logging config changed to use the version in the java
> subsystems.  Added the tps related events.
> 
> 5.  All substitutions are made as needed in CS.cfg
> 
> 6. Added all the new parameters needed for configuring a TPS, and the
> logic to do the configuration.  This includes code to configure
> connections to CA, KRA, OCSP etc.
> 
> 7.  Added all needed logic to the database ldif files.  Those files were
> previously not used in the TPS installation.  I will remove the old
> files in a subsequent patch.
> 
> Whats missing:
> 1. Self tests not working.  Need to modify self tests and create TPS
> specific self tests in Java.
> 
> 2. Admin currently has no profileId auxilliary object attached.  Will
> add a patch to do that.
> 
> 3. Will add a patch to automatically obtain the shared secret from the
> TKS (through a servlet) from TPS.
> 
> 4. Will add a patch to automatically generate the shared secret in TKS
> installation, so that we wont have to do tkstool.  Or at the very least,
> call that from pkispawn.
> 
> 5.  There is no option currently to configure the TPS though a wizard
> menu.  Needs to be added in a separate patch.
> 
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel

More information about the Pki-devel mailing list