/[dtapublic]/to_be_filed/webprojs/pamc/gen_a/docs/manual/man_a/c_ist0/c_ist0.tex
ViewVC logotype

Annotation of /to_be_filed/webprojs/pamc/gen_a/docs/manual/man_a/c_ist0/c_ist0.tex

Parent Directory Parent Directory | Revision Log Revision Log


Revision 19 - (hide annotations) (download) (as text)
Sat Oct 8 04:30:47 2016 UTC (7 years, 9 months ago) by dashley
File MIME type: application/x-tex
File size: 27425 byte(s)
Initial commit.
1 dashley 19 %$Header: /home/dashley/cvsrep/e3ft_gpl01/e3ft_gpl01/webprojs/pamc/gen_a/docs/manual/man_a/c_ist0/c_ist0.tex,v 1.9 2009/11/04 16:50:19 dashley Exp $
2    
3     \chapter{Installation of \emph{\productbasename{}-\productversion{}}}
4    
5     \label{cist0}
6    
7     \beginchapterquote{``A distributed system is one in which the failure of
8     a computer you didn't even know existed can render
9     your own computer unusable.''}
10     {Les Lamport, as quoted in newsgroup post by Richard Heylen}
11    
12    
13     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
14     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
15     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
16     \section{Introduction}
17     %Section tag: INT0
18     \label{cist0:sint0}
19    
20     This chapter provides instructions for installing
21     \emph{\productbasename{}-\productversion{}}.
22    
23    
24     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
25     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
26     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
27     \section{System Requirements}
28     %Section tag: srq0
29     \label{cist0:ssrq0}
30    
31     \index{system requirements}In order to install
32     \emph{\productbasename{}-\productversion{}}, the
33     server must meet the following requirements:
34    
35     \begin{itemize}
36     \item Virtually any\footnote{\emph{Any} because
37     \emph{\productbasename{}-\productversion{}} is a very ordinary
38     database application and does not make use of any special
39     features of the operating system or \emph{MySQL}.}
40     version of a *nix (\emph{Linux}, \emph{FreeBSD},
41     \emph{Solaris}, etc.).
42     \item \index{apache@\emph{apache}}\emph{apache}, any modern version.
43     \item \index{PHP@\emph{PHP}}\emph{PHP}, version 4.X or above.
44     \item \index{MySQL@\emph{MySQL}}\emph{MySQL}, version 4.X or above.
45     \item Any sane processor and processor speed.
46     \item Any sane amount of RAM.
47     \item Adequate system permissions to inject e-mail from \emph{PHP} via \emph{PHP}'s
48     \index{mail()@\emph{mail($\cdot{}$)}}\emph{mail($\cdot{}$)} function.
49     \item Adequate system permissions to set up a directory, with
50     read/write/create permissions
51     for the UID/GID of the \emph{apache} server, to contain the file repository.
52     The file repository must not be directly in the logical web space served
53     directly by \emph{apache}.
54     \item Adequate system permissions to set up a \emph{cron} job that runs
55     at least once every several minutes and runs under the same UID/GID as the
56     \emph{Apache} server.\footnote{Because this \emph{cron} job performs
57     some CPU-intensive tasks (such as verifying file signatures of files in the
58     file repository), it would violate
59     the terms of most shared hosting services. A dedicated server is
60     almost certainly required; and if not that then a server that is not
61     too heavily loaded.}
62     \item Adequate system permissions to set up a location for the PHP library
63     that is accessible to the \emph{apache} UID/GID but not in the
64     logical web space served directly by \emph{apache}.
65     \end{itemize}
66    
67    
68     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
69     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
70     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
71     \section{Installation Checklist}
72     %Section tag: ICK0
73     \label{cist0:sick0}
74    
75     This section provides an enumerated overview of the steps required to
76     install \emph{\productbasename{}-\productversion{}}. The steps are explained
77     in detail in the indicated sections.
78    
79     \begin{enumerate}
80     \item Selection of unpack directory, web root directory,
81     PHP library directory, and file repository directory
82     (\S{}\ref{cist0:sdse0}).
83     \item Unpacking of \emph{\productbasename{}-\productversion{}}
84     \emph{tar.gz} file (\S{}\ref{cist0:sutz0}).
85     \item Customization of \emph{PHP} include path (\S{}\ref{cist0:scpi0}).
86     \item Creation of site hash key (\S{}\ref{cist0:scsh0}).
87     \item Creation of \emph{MySQL} database (\S{}\ref{cist0:scmd0}).
88     \item Setup of \emph{apache} to serve web content (\S{}\ref{cist0:ssap0}).
89     \item Copying of web content files (\S{}\ref{cist0:swcf0}).
90     \item Copying of \emph{PHP} library files (\S{}\ref{cist0:scph0}).
91     \item Initialization of database (\S{}\ref{cist0:sdiz0}).
92     \item Initial testing (\S{}\ref{cist0:sits0}).
93     \end{enumerate}
94    
95    
96     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
97     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
98     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99     \section{Directory Selection}
100     %Section tag: dse0
101     \label{cist0:sdse0}
102    
103     TBD.
104    
105    
106     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
107     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
108     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
109     \section{Unpacking of \emph{tar.gz} File}
110     %Section tag: utz0
111     \label{cist0:sutz0}
112    
113     TBD.
114    
115    
116     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
117     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
118     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
119     \section{Customizaton of \emph{PHP} Include Path}
120     %Section tag: cpi0
121     \label{cist0:scpi0}
122    
123     TBD.
124    
125    
126     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
127     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
128     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
129     \section{Creation of Site Hash Key}
130     %Section tag: csh0
131     \label{cist0:scsh0}
132    
133     The site hash key is best created using the
134     \index{hashkeygen@\emph{hashkeygen}} program. The specific steps are:
135    
136     \begin{enumerate}
137     \item Change directory to the directory containing the script using
138     the command ``\texttt{cd cd sw/standalone}'' or similar.
139     \item Ensure that the file \emph{hashkeygen.php} has the
140     ``\texttt{x}'' bit set. The command ``\texttt{chmod +x hashkeygen.php}''
141     will accomplish this in most circumstances.
142     \item Run the program using the command ``\texttt{./hashkeygen.php}''.
143     \end{enumerate}
144    
145     \begin{figure}
146     \begin{footnotesize}
147     \begin{verbatim}
148     [dashley@pamc standalone]$ ./hashkeygen.php
149     The key char set size is 89.
150     To maintain a purely random distribution, the maximum value of a
151     random character that can be used is 177.
152     Target key length is 204 characters.
153     Open of "/dev/random" was successful. Will now generate hash key. This may
154     take up to several minutes, as the device may block. Each character from
155     "/dev/random" that can be used is denoted with a ".", and each character
156     that cannot be used is denoted with a "/".
157     .../../../.././/../././....///..../............/././../.....
158     /////.//./////.....//./././.././/.../.../.../...//.../././/.
159     /...../..../....../......../.............//...../../..././..
160     ///./....//......//.//....////../..../......../....//.../../
161     /./././/..//./......./......///..././/......../..../.......
162     Key generation complete.
163     \end{verbatim}
164     \end{footnotesize}
165     \caption{Typical Output of \emph{hashkeygen}}
166     \label{fig:cist0:scsh0:00}
167     \end{figure}
168    
169     \begin{figure}
170     \begin{scriptsize}
171     \begin{verbatim}
172     <?php
173     //hashkey.inc -- Definition of hash key for PAMC.
174     //--------------------------------------------------------------------------------
175     //This file is automatically generated by the hashkeygen.php program. Because
176     //this is a data file that should, for security reasons, be different for each
177     //deployment of the system, it is not kept under version control. However, the
178     //hashkeygen.php program that generated this file has this version control
179     //information associated with it:
180     //$Source: /home/dashley/cvsrep/e3ft_gpl01/e3ft_gpl01/webprojs/pamc/gen_a/docs/manual/man_a/c_ist0/c_ist0.tex,v $
181     //$Revision: 1.9 $
182     //$Date: 2009/11/04 16:50:19 $
183     //$Author: dashley $
184     //$State: Exp $
185     //--------------------------------------------------------------------------------
186     $config_hard["hash"]["key"] = "z)Jckkr?}6UC+GN8A{#VL{&DEdH=[Neu-X u4OONN+<7i)@t"
187     . "BZ_0LoD]8.@aYBrr[D6c(RV(vg3JdDIe^gW1?I2}5-[Imj5h"
188     . ">f{X]19R()i/)&;S1&A3^Wj_-Xjr!Vv(5VR]{ h9bFeWMXD "
189     . "+3@6W+/ _I *4yZ7umMa[o)!!J 43,OJmJBDpaRkzdr.;a2x"
190     . "%tXn&9a!QXa|";
191     //--------------------------------------------------------------------------------
192     ?>
193     \end{verbatim}
194     \end{scriptsize}
195     \caption{Typical Hash Key Generated by \emph{hashkeygen}}
196     \label{fig:cist0:scsh0:01}
197     \end{figure}
198    
199     Sample typical output of the \emph{hashkeygen} program is shown in
200     Fig. \ref{fig:cist0:scsh0:00}. A typical key
201     generated is shown in
202     Fig. \ref{fig:cist0:scsh0:01}.
203    
204     Note that the \emph{hashkeygen} program writes its output to the file\\\\
205     ``\texttt{../phplib/hash/hashkey.inc}''.\\\\ Later in the installation,
206     this file will be copied to the final location for the \emph{PHP} library.
207    
208     It is naturally important that each deployment of
209     \emph{\productbasename{}-\productversion{}} have a hash key that is
210     unknown to a potential attacker. Although the \emph{hashkeygen} program is
211     the most effective way to generate a random hash key, the key can also
212     be created or edited manually (although this is not recommended).
213    
214    
215     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
216     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
217     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
218     \section{Creation of \emph{MySQL} Database}
219     %Section tag: cmd0
220     \label{cist0:scmd0}
221    
222     Setup of
223     \index{MySQL@\emph{MySQL}!Setup for \productbasename{}-\productversion{}@Setup for \emph{\productbasename{}-\productversion{}}}%
224     \emph{MySQL} involves obtaining a database name,
225     userid, and password. (This is the only information
226     required to set up \emph{\productbasename{}}---creation of
227     database tables is handled by a script.)
228    
229     The steps to set up \emph{MySQL} depend on how the software
230     is hosted.
231    
232     \begin{itemize}
233     \item If the software is hosted by a hosting company, the
234     \emph{MySQL} database name, userid, and password will probably
235     be assigned by the hosting company.
236     \item If the software is hosted on an owned or dedicated server,
237     the setup must be performed by the individual
238     installing \emph{\productbasename{}}.
239     \end{itemize}
240    
241     If the software is hosted on an owned or dedicated server,
242     the following steps should be used to set up \emph{MySQL}:
243    
244     \begin{enumerate}
245     \item Choose a database name, userid, and password
246     for use with \emph{MySQL}. In subsequent description, these
247     are denoted \emph{dbname}, \emph{userid},
248     and \emph{password}.
249     \item Log into \emph{MySQL} as the root user.\footnote{Note that the
250     \emph{root} password for \emph{MySQL} is not the same
251     thing as the \emph{root} user password for \emph{Linux}.}
252     The command to do this is:
253    
254     \texttt{mysql --user=root -p}
255     \item Create the database. The \emph{MySQL} command to do this is:
256    
257     \texttt{create database \emph{dbname};}
258     \item Grant the user \emph{userid} all privileges on database
259     \emph{dbname} using password \emph{password} when connecting
260     from \emph{localhost}.\footnote{The normal arrangement is that the
261     \emph{MySQL} daemon runs on the same server as \emph{Apache}, hence
262     the connection from \emph{localhost}.} The command to do this is:
263    
264     \texttt{grant all on \emph{dbname}.* to \emph{userid}@localhost\\identified by '\emph{password}';}
265     \item Log out of \emph{MySQL} (Control-D).
266     \item Test the permissions created by running
267    
268     \texttt{mysql --user=\emph{userid} -p}
269    
270     and entering the \emph{password} chosen. Issue the command:
271    
272     \texttt{use \emph{dbname};}
273    
274     to verify permission to access \emph{dbname}.
275     \item Log out of \emph{MySQL} (Control-D).
276     \end{enumerate}
277    
278    
279     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
280     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
281     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
282     \section{Creation of Network Interface Aliases (Some Installations Only)}
283     %Section tag: cna0
284     \label{cist0:scna0}
285    
286     For greater security, \emph{\productbasename{}-\productversion{}} may be
287     served via \emph{https} rather than \emph{http}. Because
288     each domain served by \emph{https} must have its own IP address, in some
289     installations additional IP addresses will need to be bound to the same
290     network interface.
291    
292     The procedure for assigning additional IP addresses to a network
293     interface involves creating an additional file in the
294     \texttt{/etc/sysconfig/network-scripts} directory.
295     The most common scenario is to create a file with a \emph{:0} suffix.
296     The files below illustrate adding the IP address 208.81.180.179 to
297     an interface already bound to the IP address 208.81.180.178.
298    
299     \begin{small}
300     \begin{verbatim}
301     [dashley@pamc ~]$ cat /etc/sysconfig/network-scripts/ifcfg-eth0
302     # Broadcom Corporation NetXtreme BCM5722 Gigabit Ethernet PCI Express
303     DEVICE=eth0
304     BOOTPROTO=none
305     BROADCAST=208.81.180.255
306     HWADDR=00:1e:c9:51:a6:b9
307     IPADDR=208.81.180.178
308     NETMASK=255.255.255.128
309     NETWORK=208.81.180.128
310     ONBOOT=yes
311     GATEWAY=208.81.180.129
312     TYPE=Ethernet
313     [dashley@pamc ~]$ cat /etc/sysconfig/network-scripts/ifcfg-eth0:0
314     # Broadcom Corporation NetXtreme BCM5722 Gigabit Ethernet PCI Express
315     DEVICE=eth0:0
316     BOOTPROTO=none
317     BROADCAST=208.81.180.255
318     HWADDR=00:1e:c9:51:a6:b9
319     IPADDR=208.81.180.179
320     NETMASK=255.255.255.128
321     NETWORK=208.81.180.128
322     ONBOOT=yes
323     GATEWAY=208.81.180.129
324     TYPE=Ethernet
325     \end{verbatim}
326     \end{small}
327    
328     Once the additional file is created, the \texttt{ifup} command can
329     used to activate the interface without rebooting the system, i.e.
330     \texttt{ifup eth0:0}. When the system is rebooted, the interface will
331     be activated automatically if \texttt{ONBOOT=yes} is specified.
332    
333     The network to which the server is connected must be configured to
334     accept the additional IP addresses. More information can be found
335     in various \emph{Linux} networking tutorials on the Internet.
336    
337    
338     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
339     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
340     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
341     \section{Creation of Multiple Instances of \emph{apache}}
342     %Section tag: cmi0
343     \label{cist0:scmi0}
344    
345     A single instance of \emph{apache}, running under a single UID/GID,
346     can be configured to listen on multiple IP addresses and
347     serve multiple domains via \emph{https}. In some server deployments,
348     this will work well.
349    
350     However, in some server deployments, it is desirable to serve multiple
351     domains from the same server, and using a single instance
352     of \emph{apache} may raise security issues if not
353     all of the web scripts are under the control of the same individual
354     or organization. It would be possible for one author of web content
355     to write a script that compromises private files of another author---files
356     containing hash keys, cryptographic keys, or database passwords, for example.
357    
358     Running multiple instances of \emph{apache}, each running under a different
359     UID/GID and listening on a different IP address or port, can alleviate
360     security concerns. For example, in some server deployments it would be
361     possible to run \emph{\productbasename{}-\productversion{}} using a second
362     instance of \emph{apache} and a separate UID/GID, thus securing it against
363     attacks launched from the UID/GID of other instance(s).
364    
365     A naming schema should be chosen for the multiple
366     instances of \emph{apache}. One naming schema would be to designate
367     the IP addresses as \emph{a}, \emph{b}, etc. so that the
368     instance of \emph{apache} listening on port 80 on the first interface
369     would be named \emph{httpd80a}.
370    
371     The startup scripts in \texttt{/etc/rc.d/init.d} should be copied and modified
372     so that there is one startup script per instance of \emph{apache},
373     appropriately named to coincide with the naming schema chosen.
374     The difference listing below indicates how to modify each startup
375     script. Note that some modifications (the first ones in the listing)
376     are to comments and are unnecessary.
377    
378     \begin{small}
379     \begin{verbatim}
380     [dashley@pamc ~]$ diff /etc/rc.d/init.d/httpd /etc/rc.d/init.d/httpd80a
381     3c3
382     < # httpd Startup script for the Apache HTTP Server
383     ---
384     > # httpd80a Startup script for the Apache HTTP Server
385     8,11c8,11
386     < # processname: httpd
387     < # config: /etc/httpd/conf/httpd.conf
388     < # config: /etc/sysconfig/httpd
389     < # pidfile: /var/run/httpd.pid
390     ---
391     > # processname: httpd80a
392     > # config: /etc/httpd/conf/httpd80a.conf
393     > # config: /etc/sysconfig/httpd80a
394     > # pidfile: /var/run/httpd80a.pid
395     16,17c16,17
396     < if [ -f /etc/sysconfig/httpd ]; then
397     < . /etc/sysconfig/httpd
398     ---
399     > if [ -f /etc/sysconfig/httpd80a ]; then
400     > . /etc/sysconfig/httpd80a
401     33,36c33,36
402     < httpd=${HTTPD-/usr/sbin/httpd}
403     < prog=httpd
404     < pidfile=${PIDFILE-/var/run/httpd.pid}
405     < lockfile=${LOCKFILE-/var/lock/subsys/httpd}
406     ---
407     > httpd=${HTTPD-/usr/sbin/httpd80a}
408     > prog=httpd80a
409     > pidfile=${PIDFILE-/var/run/httpd80a.pid}
410     > lockfile=${LOCKFILE-/var/lock/subsys/httpd80a}
411     41c41
412     < CONFFILE=/etc/httpd/conf/httpd.conf
413     ---
414     > CONFFILE=/etc/httpd/conf/httpd80a.conf
415     \end{verbatim}
416     \end{small}
417    
418     The executable files in \texttt{/sbin} should
419     be copied so that \texttt{httpd}, \texttt{httpd.worker}, and
420     \texttt{httpd.event} each have appropriately named copies corresponding
421     to the naming schema chosen. The listing below shows the files
422     in a typical server.
423    
424     \begin{small}
425     \begin{verbatim}
426     [dashley@pamc ~]$ ls -al /usr/sbin/http*
427     -rwxr-xr-x 1 root root 315284 Jul 15 09:04 /usr/sbin/httpd
428     -rwxr-xr-x 1 root root 315284 Oct 4 01:29 /usr/sbin/httpd443a
429     -rwxr-xr-x 1 root root 327708 Oct 4 01:29 /usr/sbin/httpd443a.event
430     -rwxr-xr-x 1 root root 327708 Oct 4 01:30 /usr/sbin/httpd443a.worker
431     -rwxr-xr-x 1 root root 315284 Nov 1 23:20 /usr/sbin/httpd443b
432     -rwxr-xr-x 1 root root 327708 Nov 1 23:20 /usr/sbin/httpd443b.event
433     -rwxr-xr-x 1 root root 327708 Nov 1 23:20 /usr/sbin/httpd443b.worker
434     -rwxr-xr-x 1 root root 315284 Oct 4 01:29 /usr/sbin/httpd80a
435     -rwxr-xr-x 1 root root 327708 Oct 4 01:29 /usr/sbin/httpd80a.event
436     -rwxr-xr-x 1 root root 327708 Oct 4 01:30 /usr/sbin/httpd80a.worker
437     -rwxr-xr-x 1 root root 315284 Nov 1 23:19 /usr/sbin/httpd80b
438     -rwxr-xr-x 1 root root 327708 Nov 1 23:20 /usr/sbin/httpd80b.event
439     -rwxr-xr-x 1 root root 327708 Nov 1 23:20 /usr/sbin/httpd80b.worker
440     -rwxr-xr-x 1 root root 327708 Jul 15 09:04 /usr/sbin/httpd.event
441     -rwxr-xr-x 1 root root 327708 Jul 15 09:04 /usr/sbin/httpd.worker
442     \end{verbatim}
443     \end{small}
444    
445     The runlevel links can then be modified. Need to add information about this.
446    
447     \emph{Dave Ashley note:}
448     When attempting to use four instances of \emph{apache} to listen on two
449     IP addresses, ran into an issue with port binding to 0:0:0:0. Need to
450     resolve this issue definitively. For now, am using two instances of
451     \emph{apache}, one listening on two IP addresses on port 80, and the other
452     listening on two IP addresses on port 443. I should be able, however, to use
453     four instances.
454    
455    
456     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
457     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
458     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
459     \section{Generation of an SSL Certificate for \emph{apache}}
460     %Section tag: gsl0
461     \label{cist0:sgsl0}
462    
463     An SSL certificate allows a browser (when using \emph{https}) to verify that
464     the site connected to is the actual site rather the result of intercepted
465     transmission.
466    
467     An SSL certificate is required to serve \emph{\productbasename{}-\productversion{}}
468     via \emph{https}.
469    
470     There are two types of SSL certificates that may used:
471    
472     \begin{itemize}
473     \item \textbf{A purchased certificate (\S\ref{cist0:sgsl0:spsl0})\@.}
474     A purchased certificate typically costs around \$30 (for a 1-year
475     certificate), but is traceable to a certification authority already
476     accepted by browsers and so introduces no complexity in configuring
477     a browser to accept the certificate.
478     \item \textbf{A self-signed certificate (\S\ref{cist0:sgsl0:sgss0})\@.}
479     A self-signed certificate is free, but introduces complexity in
480     configuring a browser to accept the certificate without nags or
481     perhaps to accept the certificate at all.
482     \end{itemize}
483    
484    
485     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
486     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
487     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
488     \subsection{Purchase of an SSL Certificate}
489     %Subsection tag: psl0
490     \label{cist0:sgsl0:spsl0}
491    
492     TBD.
493    
494    
495     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
496     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
497     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
498     \subsection{Generating a Self-Signed SSL Certificate}
499     %Subsection tag: gss0
500     \label{cist0:sgsl0:sgss0}
501    
502     TBD.
503    
504    
505     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
506     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
507     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
508     \section{Setup of \emph{apache} to Serve Web Content}
509     %Section tag: sap0
510     \label{cist0:ssap0}
511    
512     TBD.
513    
514    
515     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
516     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
517     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
518     \section{Installation of the \emph{cc\_kt1\_auth\_php} Program}
519     %Section tag: ipg0
520     \label{cist0:sipg0}
521    
522     The \emph{cc\_kt1\_auth\_php} program is called from \emph{PHP} scripts to
523     authenticate the \emph{CryptoCard} KT-1 token.
524    
525     The \emph{cc\_kt1\_auth\_php} program operates in the following way:
526    
527     \begin{itemize}
528     \item A \emph{PHP} script invokes the \emph{cc\_kt1\_auth\_php} program,
529     opening two pipes\footnote{Pipes (more precisely, anonymous pipes) are used because a pipe provides
530     secure communication between processes. Passing sensitive information
531     (such as token keys) as a command-line parameter is not secure, as
532     command-line parameters are world-visible on a \emph{Linux} system.}
533     to communicate bidirectionally with the program.
534     \item The \emph{cc\_kt1\_auth\_php} accepts all of the data provided
535     by the \emph{PHP} script via a pipe. The data includes
536     a token key, token state, and other parameters.
537     \item The \emph{cc\_kt1\_auth\_php} calls a library provided by
538     \emph{CryptoCard} to predict what a token should display.
539     \item The \emph{cc\_kt1\_auth\_php} returns this information to
540     the \emph{PHP} script via a pipe.
541     \item The \emph{cc\_kt1\_auth\_php} terminates.
542     \item The \emph{PHP} script uses the information provided by the
543     \emph{cc\_kt1\_auth\_php} program to authenticate a token.
544     \end{itemize}
545    
546     The \emph{cc\_kt1\_auth\_php} can be installed using the following steps:
547    
548     \begin{enumerate}
549     \item Obtain the \emph{AuthEngine SDK} product from \emph{CryptoCard}.
550     \item Install the shared libraries (\texttt{libAuthentication.so}
551     \texttt{libAuthentication.a}) in the recommended location for
552     the target system,\footnote{On a standard \emph{Linux} system,
553     the appropriate location is \texttt{/usr/lib}.}
554     and set ownership and permissions appropriately.
555     \item Place the program file (\texttt{cc\_kt1\_auth\_php.c}) and
556     the header file from \emph{CryptoCard} (\texttt{Authentication.h})
557     in a directory for compilation.
558     \item Compile the program using the instructions contained in the source
559     code. The source code also contains a description of steps to
560     take if \texttt{libcrypto.so.4} is missing.
561     \item Copy the executable to a location suitable for the target system and
562     set ownership and permissions appropriately (this is described
563     in the source code).
564     \end{enumerate}
565    
566    
567     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
568     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
569     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
570     \section{Copying of \emph{PHP} Web Content Files}
571     %Section tag: wcf0
572     \label{cist0:swcf0}
573    
574     TBD.
575    
576    
577     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
578     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
579     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
580     \section{Copying of \emph{PHP} Library Files}
581     %Section tag: CPH0
582     \label{cist0:scph0}
583    
584     TBD.
585    
586    
587     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
588     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
589     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
590     \section{Database Initialization}
591     %Section tag: DIZ0
592     \label{cist0:sdiz0}
593    
594     TBD.
595    
596    
597     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
598     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
599     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
600     \section{Initial Testing}
601     %Section tag: ITS0
602     \label{cist0:sits0}
603    
604     TBD.
605    
606    
607     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
608     \noindent\begin{figure}[!b]
609     \noindent\rule[-0.25in]{\textwidth}{1pt}
610     \begin{tiny}
611     \begin{verbatim}
612     $RCSfile: c_ist0.tex,v $
613     $Source: /home/dashley/cvsrep/e3ft_gpl01/e3ft_gpl01/webprojs/pamc/gen_a/docs/manual/man_a/c_ist0/c_ist0.tex,v $
614     $Revision: 1.9 $
615     $Author: dashley $
616     $Date: 2009/11/04 16:50:19 $
617     \end{verbatim}
618     \end{tiny}
619     \noindent\rule[0.25in]{\textwidth}{1pt}
620     \end{figure}
621    
622     %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
623     %$Log: c_ist0.tex,v $
624     %Revision 1.9 2009/11/04 16:50:19 dashley
625     %Edits.
626     %
627     %Revision 1.8 2009/11/02 04:53:28 dashley
628     %Edits.
629     %
630     %Revision 1.7 2009/11/02 02:00:04 dashley
631     %Edits.
632     %
633     %Revision 1.6 2007/06/24 21:19:24 dashley
634     %Minor extra word (that won't work) for MySQL command removed.
635     %
636     %Revision 1.5 2007/06/12 02:47:17 dashley
637     %Edits.
638     %
639     %Revision 1.4 2007/06/10 18:03:20 dashley
640     %Edits.
641     %
642     %Revision 1.3 2007/06/06 02:23:58 dashley
643     %Edits.
644     %
645     %Revision 1.2 2007/06/04 03:26:55 dashley
646     %Edits.
647     %
648     %Revision 1.1 2007/06/04 00:12:03 dashley
649     %Initial checkin.
650     %
651     %End of $RCSfile: c_ist0.tex,v $.

dashley@gmail.com
ViewVC Help
Powered by ViewVC 1.1.25