perfSONAR User Q&A and Other Discussion

[Simon Leinen <>]

Nickless, Bill writes:
> Please try running http://perfsonar-sef2.labworks.org:7123 (NDT) and
> http://perfsonar-sef2.labworks.org:8000 (NPAD).  Their associated
> applets are signed and should work with a stock client installation of
> current Oracle Java with default security settings.

These work beautifully, thanks & thanks a lot for the instructions.

(Going to check with our PKI folks whether we can get EV certificates
for Java code signing here...)

I'm probably not the best person to review source RPMs, because we're
mostly a Debian shop.

Best regards,
-- 
Simon.

> This took four steps:

> 1. Modify the NDT and NPAD source RPMs to incorporate a "Permissions:
> sandbox" line in MANIFEST.MF.  (The NPAD tarball in the source RPM
> includes a precompiled DiagClient.jar file so by default it is never
> recompiled; fixing that took another small change to the .spec file
> %prep section.)

> 2. Have the resulting .jar files signed by someone at PNNL who went
> through the trouble and expense of securing an Extended Validation
> Java code signing certificate from Entrust.

> 3. Copy over /usr/ndt/Tcpbw100.jar and /var/lib/npad/DiagClient.jar with 
> the signed .jar files.

> 4. Stop and restart the NDT and NPAD services.

> I'm happy to share the modified NDT and NPAD source RPMs for (e.g.)
> peer review.  Just let me know.