Shibboleth Developers

I told Danno to just copy the keys from other machines......

lots of info on how he configured the machine; next note has some 
info about the iPlanet DS install.....

Date: Mon, 24 Feb 2003 18:48:46 -0500
From: Dan Pritts 
<>
To: 

Cc: Ij Kim 
<>
Subject: Re: status ... shib/ solaris machine?
X-Virus-Scanned: by AMaViS 0.3.12pre8
X-Brown-MailScanner: Found to be clean

hi steve,

>  >(dan) Who all will need access?  Since solaris 8 does not support the md5
>  >password crypt format i will have to distribute passwords somehow,
>  >or just install ssh keys.
>
>  the others will supply keys....... I'll probably need a password

should i just copy keys from, eg, marsalis or shib1 or shibprod0??

>  we'll probably need both sun's jdk 1.3.x and 1.4, with 1.4 being the
>  default (we're trying to move to 1.4 (pressure from campuses), but
>  we're currently measuring pushback from vendors who seem to still be
>  on 1.3)


# ls -ld /usr/java*
lrwxrwxrwx   1 root     other         13 Feb  3 14:00 /usr/java -> 
j2sdk1.4.1_01
drwxrwxr-x   6 root     bin          512 Jan 31 18:22 /usr/java1.1
drwxr-xr-x   7 root     bin          512 Jan 31 18:22 /usr/java1.2
lrwxrwxrwx   1 root     other         13 Feb 24 16:52 /usr/java1.3 -> 
j2sdk1_3_1_07
lrwxrwxrwx   1 root     other         13 Feb  3 14:00 /usr/java1.4 -> 
j2sdk1.4.1_01

>  can you create a directory for tomcat, and we'll install it (we may
>  change the version frequently)

you should be in sudoers, see below for suggested installation locations

>  can you install openssl 0.97 (which is relatively new...)

done, with caveats....

FYI, here is the convention I have used for software installation on this
host.

1) packages from sunfreeware.com are by default installed directly to
/usr/local/bin|man|lib|etc.  They are standard solaris packages,
pkgadd'd.  You can see what is installed via:

        # pkginfo -L | grep SMC
        SMCcvs
        SMCgcc
        SMClibgcc
        SMClynx
        SMCncftp
        SMCossh
        SMCossl
        SMCrcs
        SMCrsync
        SMCsudo
        SMCtcpw6
        SMCtop
        SMCtracer
        SMCwget


        # pkginfo -l SMCossl
           PKGINST:  SMCossl
              NAME:  ossl
          CATEGORY:  application
              ARCH:  sparc
           VERSION:  0.9.6g
           BASEDIR:  /usr/local/ssl
            VENDOR:  The OpenSSL Group
            PSTAMP:  Steve Christensen
          INSTDATE:  Feb 24 2003 18:39
             EMAIL:  

            STATUS:  completely installed
             FILES:      664 installed pathnames
                          30 directories
                          42 executables
                       20096 blocks used (approx)



2) locally compiled packages live in /usr/local/pkg.

eg:
        # ls -ld /usr/local/pkg/openssl-0.9.7a/
	drwxrwxrwx   9 root     other        512 Feb 24 14:49 
/usr/local/pkg/openssl-0.9.7a/
        # ls !$
        ls /usr/local/pkg/openssl-0.9.7a/
        bin          include      man          openssl.cnf
        certs        lib          misc         private

additionally, the local packages are symlinked into
/usr/local/bin|lib|man|etc

So the aforementioned caveat is that openssl version 0.9.6 is installed
from sunfreeware.com and 0.9.7 is installed by hand in /usr/local/pkg.
Much of the sunfreeware.com stuff is linked with their 0.9.6 openssl
distribution so it would be somewhat painful to get rid of the 0.9.6.

If you look in /usr/local/ssl/lib, you will see the Sunfreeware.com
0.9.6 distribution's shared libs.

If you look in /usr/local/lib, or /usr/local/pkg/openssl-0.9.7a, you'll
see the ones i built.

Please be aware of this when you are doing your tests and let me know
if it is a problem, and i can get rid of the 0.9.6 one and recompile
the other necessary stuff (eg, ssh) to match.

>  re ldap, can we use the iPLanet server? we need this running
>  somewhere... I'm checking at brown, to see if they'll send you their

IJ Kim is working on installing iplanet and should be done soon.

danno
--
dan pritts                                       

systems administrator                            734/352-4953 office
internet2                                        734/546-4423 mobile

------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

   http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--