some more nuxwdog patches
by Ade Lee
Attached are two patches:
1. The first one should be non-controversial. Just some additions to
ensure nuxwdog code is loaded correctly.
2. The second one will be trickier. I'm looking for some guidance here.
I'll explain more on #irc.
Ade
9 years, 10 months
Patch to add nuxwdog support to tomcatjss
by Ade Lee
Please review.
Note that all that is required to use nuxwdog is:
1. Add configFile parameter to server.xml pointing to CS.cfg
2. Maintaining a list of hardware tokens in CS.cfg (cms.tokenList)
3. Start server using nuxwdog.
Code will prompt for passwords as needed on startup and will attempt to
log in to each respective token. Up to three password attempts are
prompted before logging error.
Ade
9 years, 11 months
[PATCH] add nuxwdog functionality to pki-core
by Ade Lee
This is the first of a set of patches.
This patch adds a listener to init() the watchdog client and to query
for (and test) passwords on startup. All that is required to invoke the
relevant password class is to start the server using nuxwdog. The
passwords to be invoked are in cms.passwordList.
More patches to come to address the following:
1. When publishing is configured on the fly, we invoke putPassword. The
cms.passwordList needs to updated.
2. Patch to populate cms.tokenList as needed.
3. Patch to actually start up the server using nuxwdog when the relevant
option/setup is completed.
Ade
9 years, 11 months
[PATCH]pki-cfu-0047-Ticket-1316-Allow-adding-SAN-to-server-cert-during-t.patch
by Christina Fu
This patch allows SAN to be specified for the server cert during
installation.
It ports some of the code from now obsolete 8.1 errata that dealt with
IP port separation, and added needed pkispawn config parameters and
example enrollment profile with SAN patterns
note: the installation part of san injection code ported was originally
authored by mharmsen, while the backend SAN input code (authored by
myself) was already ported earlier for other purpose.
Usage:
* under /usr/share/pki/ca/conf, you will find a new file called
serverCert.profile.exampleWithSANpattern
* copy existing serverCert.profile away and replace with
serverCert.profile.exampleWithSANpattern
* edit serverCert.profile.exampleWithSANpattern
- follow the instruction right above 8.default.
- save and quit
* cd /usr/share/pki/ca/profiles/ca , edit caInternalAuthServerCert.cfg
- follow the instruction right above policyset.serverCertSet.9
- save and quit
* save away and edit the ca config file for pkispawn: (note: you can add
multiple SAN's delimited by ',' for pki_san_server_cert
- add the following lines, e.g.
pki_san_inject=True
pki_san_server_cert=host1.Example.com
- do the same pkispawn cfg changes for kra or any other instances
that you plan on creating
* create your instance(s)
check the sl sever cert, it should contain something like the following:
Identifier: Subject Alternative Name - 2.5.29.17
Critical: no
Value:
DNSName: host1.Example.com
9 years, 11 months
[PATCH] 559 Added server migration command.
by Endi Sukma Dewata
New pki-server CLI commands have been added to migrate the server
configuration from Tomcat 7 to Tomcat 8 and vice versa. These
commands can be used later during system upgrade to migrate
existing instances from Tomcat 7 in F22 to Tomcat 8 in F23.
The Python CLI framework has been refactored to provide a way to
find other CLI modules by the command names.
https://fedorahosted.org/pki/ticket/1264
--
Endi S. Dewata
9 years, 11 months
[PATCH] 558 Added support for Tomcat 8.
by Endi Sukma Dewata
The Dogtag code has been modified to support both Tomcat 7 and 8.
All files depending on a specific Tomcat version are now stored
in separate folders. The build scripts have been modified to use
the proper folder for the target platform. The tomcatjss
dependency has been updated as well.
The upgrade script will be added in a separate patch.
https://fedorahosted.org/pki/ticket/1264
--
Endi S. Dewata
9 years, 11 months
