Re: [Pki-devel] [PATCH] initial patch to get tps configured through pkispawn

Oh, and just to clarify: To set up my tps, I did the following: 1. Create a ca, kra and tks in a single instance. In this case, I used the default instance. 2. Ran the tkstool thing to generate the shared secret and restarted the instance. tkstool -T -d /var/lib/pki/pki-tomcat/alias/ -n sharedSecret 3. configured my tps using the config file below: pkispawn -s TPS -f tps.cfg Ade On Thu, 2013-08-08 at 11:17 -0400, Ade Lee wrote: > Hi, > > This patch runs on top of Endi's patch for the initial skeleton. Its an > initial patch and will probably be cleaned up a bit more - but its ready > for a first review. And it will unblock Endi and Jack from doing other > things with a real configured system. > > The config file I use has the following settings: > > [DEFAULT] > pki_admin_password=redhat123 > pki_client_pkcs12_password=redhat123 > pki_ds_ldap_port=55389 > pki_ds_ldaps_port=55636 > pki_ds_password=redhat123 > pki_security_domain_password=redhat123 > pki_client_database_password=redhat123 > > [TPS] > pki_authdb_basedn=dc=redhat,dc=com > pki_authdb_port=56389 > pki_enable_server_side_keygen=True > > What this patch adds: > 1. Rebased TPS CS.cfg on the config file for the TKS. This means > basically that I took the TKS config file and added the TPS bits, > modifying as needed. This means that most of the Java specific things > needed - like class definitions for authenticators are there. > > 2. Self tests for TPS now start to run. Only one test is configured > (SystemCertVerification) and that test starts and then quickly bombs out > as the test needs to modified to handle tps. I will add a patch to get > self tests working for the new tps shortly. > > 3. Authentication source ldap1 (the external authentication source) is > now configured using the authentication mechanisms in the Java > subsystems. Not sure if it works yet, but thats up to Jack to figure > out when he does the mod_tps conversion. > > 4. Signed audit logging config changed to use the version in the java > subsystems. Added the tps related events. > > 5. All substitutions are made as needed in CS.cfg > > 6. Added all the new parameters needed for configuring a TPS, and the > logic to do the configuration. This includes code to configure > connections to CA, KRA, OCSP etc. > > 7. Added all needed logic to the database ldif files. Those files were > previously not used in the TPS installation. I will remove the old > files in a subsequent patch. > > Whats missing: > 1. Self tests not working. Need to modify self tests and create TPS > specific self tests in Java. > > 2. Admin currently has no profileId auxilliary object attached. Will > add a patch to do that. > > 3. Will add a patch to automatically obtain the shared secret from the > TKS (through a servlet) from TPS. > > 4. Will add a patch to automatically generate the shared secret in TKS > installation, so that we wont have to do tkstool. Or at the very least, > call that from pkispawn. > > 5. There is no option currently to configure the TPS though a wizard > menu. Needs to be added in a separate patch. > > _______________________________________________ > Pki-devel mailing list > Pki-devel(a)redhat.com > https://www.redhat.com/mailman/listinfo/pki-devel _______________________________________________ Pki-devel mailing list Pki-devel(a)redhat.com https://www.redhat.com/mailman/listinfo/pki-devel