Issue #784: DOC: Using a legacy Apache-based Dogtag 10.1 TPS with a Dogtag 10.1 TKS - dogtagpki

dogtagpki

#784 DOC: Using a legacy Apache-based Dogtag 10.1 TPS with a Dogtag 10.1 TKS

Closed: Fixed None Opened 10 years ago by mharmsen.

Document the additional steps necessary to use a legacy Apache-based Dogtag 10.1 TPS with a Dogtag 10.1 TKS.

Basically, this will consist of the following steps:

install a CA
install a DRM (optional)
install a TKS (run tkstool to create a sharedSecret)
install a TPS (run tkstool to install the sharedSecret)
stop the DS, TKS, and TPS
turn off syntax checking in the DS
add something similar to the following values in the TKS CS.cfg:

tps.0.host=<hostname>
tps.0.nickname=sharedSecret
tps.0.port=<secure port>
tps.0.userid=TPS-<hostname>-<secure port>
tps.list=0

start the DS, TKS, and TPS
add a test user to the DS

# ldapadd -x -D "cn=Directory Manager" -w <password> -h localhost -f sample.ldif

  where 'sample.ldif' contains something like the following:

       dn: uid=<uid>,ou=People,dc=example,dc=com
       objectClass: person
       objectClass: organizationalPerson
       objectClass: inetorgperson
       objectClass: top
       objectClass: extensibleobject
       cn: <uid>
       sn: <uid>
       uid: <uid>
       givenName: <uid>
       mail: <uid>@<domain>
       firstname: <uid>
       edipi: 123456789
       pcc: AA
       exec-edipi: 999999999
       exec-pcc: BB
       exec-mail: <uid>@r<domain>
       userPassword: <password>

obtain the TPS ports by running something similar to the following:

# pkicontrol status tps pki-tps

create a sample test format file, 'format.tst', similar to the following:

       op=var_set name=ra_host value=<hostname>
       op=var_set name=ra_port value=<unsecure port>
       op=var_set name=ra_uri value=/nk_service
       op=token_set cuid=40906145C76224192D2B msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=0 minor_ver=0
       op=token_set auth_key=404142434445464748494a4b4c4d4e4f
       op=token_set mac_key=404142434445464748494a4b4c4d4e4f
       op=token_set kek_key=404142434445464748494a4b4c4d4e4f
       op=ra_format uid=<uid> pwd=<password> new_pin=<password> num_threads=1
       op=exit

run a sample format test using 'tpsclient':

# tpsclient < format.tst

  which should finish successfully with something similar to this:

      .
      .
      .
      Output> Thread (0) status='1' time='3019 msec'
      Result> Success - Operation 'ra_format' Success (3019 msec)
      Command>op=exit

mharmsen commented 10 years ago

This bug should be addressed by the following documentation located on the Dogtag Wiki:

Metadata Update from @mharmsen:
- Issue set to the milestone: 10.1 - 10/13 (October)

7 years ago

dmoluguw commented 3 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/1351

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

major

Milestone

10.1 - 10/13 (October)

lowhangingfruit

None

reporter

None

rhbz

None

type

task

version

None

keywords

None

estimate

None

feature

None

origin

Community

proposedpriority

None

fixedinversion

None

platforms

None

blockedby

None

blocking

None

reviewer

None

component

Documentation

proposedmilestone

None

dogtagpki

Source Code

#784 DOC: Using a legacy Apache-based Dogtag 10.1 TPS with a Dogtag 10.1 TKS Closed: Fixed None Opened 10 years ago by mharmsen.

Metadata

#784 DOC: Using a legacy Apache-based Dogtag 10.1 TPS with a Dogtag 10.1 TKS

Closed: Fixed None Opened 10 years ago by mharmsen.