Versions Compared

Old Version 18

changes.mady.by.user Robert A Basch

Saved on

compared with

New Version 19

changes.mady.by.user Robert A Basch

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

To support use of crypto key sizes larger than 2048 bits, we also add the Unlimited Strength Security Policy to the JVM. Download jce_policy-6.zip from the locker downloads directory, or from Sun (http://java.sun.com/javase/downloads/index.jsp, Other Downloads section at the bottom). Unzip the policy zip file and copy local_policy.jar and US_export_policy.jar into the JRE's lib/security directory (replacing the versions installed from the JDK RPM).

Also, the MIT CA certificates must be added to the certificate trust store. This can be done by downloading and adding them explicitly to the JRE cacerts trust store, as follows:

No Format

# wget 'http://ca.mit.edu.ezproxy.canberra.edu.au/mitca.crt'
# wget 'http://ca.mit.edu.ezproxy.canberra.edu.au/mitClient.crt'
# setenv JAVA_HOME /usr/java/latest
# cd $JAVA_HOME/jre/lib/security
# cp -p cacerts cacerts.orig
# $JAVA_HOME/bin/keytool -import -keystore cacerts -alias mitca -file /path/to/mitca.crt
# $JAVA_HOME/bin/keytool -import -keystore cacerts -alias mitclientca -file /path/to/mitClient.crt

The password for the trust store is "changeit". Answer "yes" to the "Trust this certificate?" prompt
An already-updated cacerts store is available in the touchstone locker, in XXX.

Install Tomcat

  • Download current Tomcat 6.0 binary distribution (tested with 6.0.20, available in /mit/touchstone/downloads/apache-tomcat-6.0.20.tar.gz, and install under /usr/local:
    No Format
    # cd /usr/local
# tar xzf /path/to/apache-tomcat-6.0.20.tar.gz
# rm -f tomcat
# ln -s apache-tomcat-6.0.20.tar.gz tomcat
  • Create the tomcat user, and change the ownership of the tomcat tree:
    No Format
    # groupadd -g 52 tomcat
# useradd -u 52 -g tomcat -c "Tomcat User" -d /usr/local/tomcat tomcat
# chown -R tomcat:tomcat /usr/local/apache-tomcat-6.0.20
    Install the tomcat init script in /etc/init.d/, and make sure tomcat is started at boot time:
    No Format
    # chkconfig --add tomcat

    Install Shibboleth IdP

  • Extract our distribution tar file into the /usr/local/shibboleth-idp directory:
    No Format
    # mkdir -p /usr/local/shibboleth-idp
# chown tomcat:tomcat /usr/local/shibboleth-idp
# cd /usr/local/shibboleth-idp
# tar xzf /path/to/usr_local_shibboleth-idp.tgz

...