summaryrefslogtreecommitdiffstats
path: root/doc/unsorted/ssl.txt
diff options
context:
space:
mode:
authorSol Jerome <solj@ices.utexas.edu>2010-01-24 18:47:00 +0000
committerSol Jerome <solj@ices.utexas.edu>2010-01-24 18:47:00 +0000
commit7c6c1e10f3cc62acc919123d0067a8a9720aeffa (patch)
treea6f6cb0cc17d41e6ccbc27c2e9f986df2e37c67d /doc/unsorted/ssl.txt
parente3bd887d601dad1be9352768206cbb45a91a8cc7 (diff)
downloadbcfg2-7c6c1e10f3cc62acc919123d0067a8a9720aeffa.tar.gz
bcfg2-7c6c1e10f3cc62acc919123d0067a8a9720aeffa.tar.bz2
bcfg2-7c6c1e10f3cc62acc919123d0067a8a9720aeffa.zip
doc: Add a lot more unsorted stuff from the wiki
Signed-off-by: Sol Jerome <solj@ices.utexas.edu> git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5703 ce84e21b-d406-0410-9b95-82705330c041
Diffstat (limited to 'doc/unsorted/ssl.txt')
-rw-r--r--doc/unsorted/ssl.txt53
1 files changed, 53 insertions, 0 deletions
diff --git a/doc/unsorted/ssl.txt b/doc/unsorted/ssl.txt
new file mode 100644
index 000000000..6189fdd3c
--- /dev/null
+++ b/doc/unsorted/ssl.txt
@@ -0,0 +1,53 @@
+.. -*- mode: rst -*-
+
+.. _unsorted-ssl:
+
+==========
+Python SSL
+==========
+
+The ssl module can be found `here <http://pypi.python.org/pypi/ssl>`_.
+
+With this change, SSL certificate based client authentication is supported. In order to use this, based CA-type capabilities are required. A central CA needs to be created, with each server and all clients getting a signed cert. See [wiki:Authentication] for details.
+
+Setting up keys is accomplished with three settings, each in the "`[communication]`" section of bcfg2.conf::
+
+ key = /path/to/ssl private key
+ certificate = /path/to/signed cert for that key
+ ca = /path/to/cacert.pem
+
+
+Python SSL Backport Packaging
+=============================
+
+Both the Bcfg2 server and client are able to use the in-tree ssl module included with python 2.6. The client is also able to still use M2Crypto. A python ssl backport exists for 2.3, 2.4, and 2.5. With this, M2Crypto is not needed, and tlslite is no longer included with bcfg2 sources. See [wiki:Authentication] for details.
+
+To build a package of the ssl backport for .deb based distributions that don't ship with python 2.6, you can follow these instructions, which use [http://github.com/astraw/stdeb/tree/master stdeb]. Alternatively if you happen to have .deb packaging skills, it would be great to get policy-complaint .debs into the major deb-based distributions.
+
+The following commands were used to generate :download:`this
+<python-ssl_1.14-1_amd64.deb>` debian package ('''NOTE:''' Version
+numbers for the SSL module have changed). The `easy_install` command can
+be found in the `python-setuptools` package.::
+
+ sudo aptitude install python-all-dev fakeroot
+ sudo easy_install stdeb
+ wget http://pypi.python.org/packages/source/s/ssl/ssl-1.14.tar.gz#md5=4e08aae0cd2c7388d1b4bbb7f374b14a
+ tar xvfz ssl-1.14.tar.gz
+ cd ssl-1.14
+ stdeb_run_setup
+ cd deb_dist/ssl-1.14
+ dpkg-buildpackage -rfakeroot -uc -us
+ sudo dpkg -i ../python-ssl_1.14-1_amd64.deb
+
+For complete bcfg2 goodness, you'll also want to package stdeb using stdeb.
+The completed debian package can be grabbed from :download:`here
+<python-stdeb_0.3-1_all.deb>`, which was generated using the following::
+
+ sudo aptitude install apt-file
+ wget http://pypi.python.org/packages/source/s/stdeb/stdeb-0.3.tar.gz#md5=e692f745597dcdd9343ce133e3b910d0
+ tar xvfz stdeb-0.3.tar.gz
+ cd stdeb-0.3
+ stdeb_run_setup
+ cd deb_dist/stdeb-0.3
+ dpkg-buildpackage -rfakeroot -uc -us
+ sudo dpkg -i ../python-stdeb_0.3-1_all.deb