10:09 a.m.
The man pages for pkispawn and pki_default.cfg have been updated
to include TPS deployment parameters.
https://fedorahosted.org/pki/ticket/1277
--
Endi S. Dewata
11:36 a.m.
1. I don't think we should assume that the installer is root. I suggest
you change the following line from
setup the path where the admin certificate of this <subsystem> should be
stored. The default value is
/root/.dogtag/pki-tomcat/<ca/kra/ocsp/tks/tps>_admin.cert.
to something like
setup the path where the admin certificate of this <subsystem> should be
stored. The default value is
$HOME/.dogtag/pki-tomcat/<ca/kra/ocsp/tks/tps>_admin.cert.
If there are other places like this in this man pages or any other
documentation, we should make sure we do this correct.y
2. I do not find any mentioning of the need to set up the shared secret
between TKS and TPS after pkispawn if one were to install TKS and TPS on
separate tomcat instances. Please add that as a note and point to
wherever the detail is at(possibly another tps-specific man page). Can
also mention that in the case of shared tomcat instance, pkispawn takes
cared of it.
3. probably no action needed from you now, but I need to write a man
page for TPS externalReg feature.
We can discuss more on irc if needed.
thanks,
Christina
On 07/17/2015 08:09 AM, Endi Sukma Dewata wrote:
The man pages for pkispawn and pki_default.cfg have been updated
to include TPS deployment parameters.
https://fedorahosted.org/pki/ticket/1277
_______________________________________________
Pki-devel mailing list
Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
6:37 p.m.
On 7/17/2015 11:36 AM, Christina Fu wrote:
1. I don't think we should assume that the installer is root. I
suggest
you change the following line from
setup the path where the admin certificate of this <subsystem> should be
stored. The default value is
/root/.dogtag/pki-tomcat/<ca/kra/ocsp/tks/tps>_admin.cert.
to something like
setup the path where the admin certificate of this <subsystem> should be
stored. The default value is
$HOME/.dogtag/pki-tomcat/<ca/kra/ocsp/tks/tps>_admin.cert.
If there are other places like this in this man pages or any other
documentation, we should make sure we do this correct.y
This is fixed in patch #635 (ACKed by alee).
2. I do not find any mentioning of the need to set up the shared
secret
between TKS and TPS after pkispawn if one were to install TKS and TPS on
separate tomcat instances. Please add that as a note and point to
wherever the detail is at(possibly another tps-specific man page). Can
also mention that in the case of shared tomcat instance, pkispawn takes
cared of it.
Please take a look at the new patch #634-2. I added references to the
instruction provided by jmagne.
3. probably no action needed from you now, but I need to write a man
page for TPS externalReg feature.
We can discuss more on irc if needed.
thanks,
Christina
--
Endi S. Dewata
10:08 p.m.
ACK.
This is just for the tps shared secret part, looks fine.
If we have precedent for linking back to docs this is fine.
Although the instructions are short enough, we might put them
in the text itself, but no big deal.
----- Original Message -----
From: "Endi Sukma Dewata" <edewata(a)redhat.com>
To: pki-devel(a)redhat.com, "Christina Fu" <cfu(a)redhat.com>
Sent: Friday, July 17, 2015 4:37:23 PM
Subject: Re: [Pki-devel] [PATCH] 634 Updated man pages with TPS info.
On 7/17/2015 11:36 AM, Christina Fu wrote:
> 1. I don't think we should assume that the installer is root. I suggest
> you change the following line from
> setup the path where the admin certificate of this <subsystem> should be
> stored. The default value is
> /root/.dogtag/pki-tomcat/<ca/kra/ocsp/tks/tps>_admin.cert.
> to something like
> setup the path where the admin certificate of this <subsystem> should be
> stored. The default value is
> $HOME/.dogtag/pki-tomcat/<ca/kra/ocsp/tks/tps>_admin.cert.
> If there are other places like this in this man pages or any other
> documentation, we should make sure we do this correct.y
This is fixed in patch #635 (ACKed by alee).
> 2. I do not find any mentioning of the need to set up the shared secret
> between TKS and TPS after pkispawn if one were to install TKS and TPS on
> separate tomcat instances. Please add that as a note and point to
> wherever the detail is at(possibly another tps-specific man page). Can
> also mention that in the case of shared tomcat instance, pkispawn takes
> cared of it.
Please take a look at the new patch #634-2. I added references to the
instruction provided by jmagne.
> 3. probably no action needed from you now, but I need to write a man
> page for TPS externalReg feature.
>
> We can discuss more on irc if needed.
> thanks,
> Christina
--
Endi S. Dewata
_______________________________________________
Pki-devel mailing list
Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
9:23 a.m.
On 7/17/2015 10:08 PM, John Magne wrote:
ACK.
This is just for the tps shared secret part, looks fine.
Thanks. The rest have been reviewed by alee and cfu.
If we have precedent for linking back to docs this is fine.
Although the instructions are short enough, we might put them
in the text itself, but no big deal.
I fixed it to include the instructions in the text.
Pushed to master.
--
Endi S. Dewata
3444
days inactive
3445
days old
4 comments
3 participants
participants (3)
-
Christina Fu -
Endi Sukma Dewata -
John Magne