From cyoun@postoffice.npac.syr.edu Mon Jan 4 14:03:02 1999 Date: Mon, 4 Jan 1999 14:02:58 -0500 (EST) From: Choonhan Youn X-Sender: cyoun@leibniz.npac.syr.edu To: Mary Thompson cc: Tomasz Haupt Subject: Re: Current problems In-Reply-To: <21253.915267597@portnoy.lbl.gov> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Status: O X-Status: Hi, Mary. > That is exactly what was happening. Our code to parse the directory listing > returned by a WebServer was too specific to the Apache Web server. We were > expecting lines of the form 1234.0 and the Web server on > www.cis.syr.edu was returning lines of the form > 1234.0. Do you know what Web server cis is running? ======> What do you mean by that question? I don't konw what Web server cis is running. In my opinion, because of web server cis, I tried to get another web server, http://web.syr.edu/~cyoun/Certificates. But, I still have the same problem. At this time, Use-condition certificates finding is OK. But, It seems that Akenti web server would not find the attribute certificate. When I created the attribute certificate last time, I got some error messages like this, AttrCert >>> ERROR #102 : Database Connection Exception java.sql.SQLException: Connection failed. At that time, I remember that you told me to ignore this error message. Is it no problem? And I put some log files at http://www.cis.syr.edu/~cyoun/Certificates. Would you mind if you could check them for me again please? Thanks, Choonhan Youn From cyoun@postoffice.npac.syr.edu Tue Jan 5 11:18:48 1999 Date: Tue, 5 Jan 1999 11:18:31 -0500 (EST) From: Choonhan Youn X-Sender: cyoun@leibniz.npac.syr.edu To: Mary Thompson cc: Tomasz Haupt Subject: Re: Current problems In-Reply-To: <13705.915489471@portnoy.lbl.gov> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Status: O X-Status: Hi, Mary. I appreciate that your help really. I tried to put the hase name which contain the directory path name of the attribute certificate at .htauthority file. Like this, CertificateDirectory public ldap idcg-ds.lbl.gov CertificateDirectory public 80deda2d /home/T11F/webflow/public_html/Certificates/ ====>80deda2d means that the hash name of the attribute certificate. But, it is no of use for me doing that. Still keep the same problem. In my opinion, even if I set up the attribute certificate at .htauthoruty file, when I see the monitor logging file, it seems that the Akenti web server was finding the attribute certificate at LADP server, not root policy file. So, I think that it is no meaning to set up it at the root policy file. As long as I know, the Akenti web server is looking for these certificates via URL, http://www.cis.syr.edu/~cyoun/Certificates. Is that right? What information do you need to fix this problem? Thanks, Choonhan Youn On Mon, 4 Jan 1999, Mary Thompson wrote: > Choonyan, > I am pretty sure cis is running a Netscape Enterprise server, rather than > an Apache or NSCA server, but it doesn't really matter. I was just curious. If > you picked up my latest changes, Akenti should now work with either one. > > I think the only way Akenti will find Attribute certificates at the moment is > to add the line > CertificateDirectory trusted file > to your .htauthority file. > > Other things are supposed to work but do not. So if you put your attribute > certificate in a directory on osprey stored under its hash name, it should get > found. > > Mary > > From cyoun@postoffice.npac.syr.edu Tue Jan 5 12:46:21 1999 Date: Tue, 5 Jan 1999 12:46:16 -0500 (EST) From: Choonhan Youn X-Sender: cyoun@leibniz.npac.syr.edu To: Mary Thompson cc: Tomasz Haupt Subject: Re: Current problems In-Reply-To: <7714.915557841@portnoy.lbl.gov> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Status: O X-Status: Hi, Mary. At this time, Akenti web server found the attribute certificate via CertificateDirectory at .htaythority file. But, it seems that there is a problem of UseCondition verification as I saw the log file. I put all log files at the http://www.cis.syr.edu/~cyoun/Certificates. Would you please check them for me? Thanks, Choonhan Youn From cyoun@postoffice.npac.syr.edu Wed Jan 6 13:08:01 1999 Date: Wed, 6 Jan 1999 13:07:56 -0500 (EST) From: Choonhan Youn X-Sender: cyoun@leibniz.npac.syr.edu To: Roman Markowski Subject: About place. Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Status: O X-Status: Hi, Roman. I'm so sorry to disturb you. I am supposed to move another place. But, personally I like this space, Cubicle J. Even if the speed of this computer is slower than IRIX machine. During lsat semester, it's OK for me to use it. I would like to keep this space. Thanks Choonhan Youn From cyoun@postoffice.npac.syr.edu Wed Jan 6 13:31:00 1999 Date: Wed, 6 Jan 1999 13:30:56 -0500 (EST) From: Choonhan Youn X-Sender: cyoun@leibniz.npac.syr.edu To: Neil Jasper Subject: telephone problem In-Reply-To: <01BE237A.9821B240@poseiden.npac.syr.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Status: O X-Status: Hi, Neil. Now my telephone doesn't work. Telephone number: 443-4884 Cubicle J Choonhan Youn. Thanks. Choonhan From cyoun@postoffice.npac.syr.edu Fri Jan 8 12:04:43 1999 Date: Fri, 8 Jan 1999 12:04:38 -0500 (EST) From: Choonhan Youn X-Sender: cyoun@leibniz.npac.syr.edu To: Mary Thompson Subject: Re: Current problems In-Reply-To: <8724.915563094@portnoy.lbl.gov> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Status: O X-Status: Hi, Mary. I made two Usecondition certificates, one is type "acess", read, add. the other is type "access", read. So, it works now. And I am going to permit this resource to Project leader, Tomaz Haupt. H has already had the Identity Certificate which you gave. What sholud I do? modifying .htauthority, .resattribute, generating two certificates, and so on. Please let me know. Thanks. Choonhan youn On Tue, 5 Jan 1999, Mary Thompson wrote: > It looks like everything is behaving just fine, except for one little detail. > You must have a least one UseCondition that grants "access" to the resource. > > I think you have just one UseCondtion, the one that grants read,write to > "ou=Guests or group=guests". There must also be another one that grants > "access" and perhaps "read", otherwise no-one gets access to anything. > > So create a new UseCondition for > resource http://osprey3.npac.syr.edu > scope sub-tree > and check the enable access button on the Usecondition generator page along > with selecting the read action. If you grant this UseCondition to > "o=Lawrence Bekeley National Laboratory", then I can test the access from here. > > I have some meetings for the rest of the day, so I may not be able to respond > to more e-mail for a while. > > Mary > > > From cyoun@postoffice.npac.syr.edu Fri Jan 8 13:19:14 1999 Date: Fri, 8 Jan 1999 13:19:09 -0500 (EST) From: Choonhan Youn X-Sender: cyoun@leibniz.npac.syr.edu To: Mary Thompson Subject: Re: Current problems In-Reply-To: <4786.915819085@portnoy.lbl.gov> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Status: O X-Status: Hi, Mary. OK. If so, Should I restrict this resource for him? For example, UseCondition certificate has "read", "add" as type "access". For him, I just permit type "execute", or "read" instead of it. So, he is not allowed the "add" or "write" of the type "access". Thanks Choonhan Youn On Fri, 8 Jan 1999, Mary Thompson wrote: > Choonhan, > Tomaz probably already has access. Your UseConditions grant access to > ou=Guests OR group=guests. Since Tomaz's IdCert has group Guests he would be > granted access by that UseCondition. You could also generate an AttributeCert > for him for the group guests. > > In general, once you get a resource tree set up initially, you should not have > to edit .htauthority or .resattributes, but just add UseConditions and > AttrCerts. > > Mary > > From cyoun@presenter.npac.syr.edu Fri Jan 15 17:10:29 1999 Date: Fri, 15 Jan 1999 17:10:28 -0500 (EST) From: Choonhan Youn To: Mary Thompson Subject: Re: Current problems In-Reply-To: <7787.915831949@portnoy.lbl.gov> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Status: RO X-Status: Hi, Mary. I appreciate your help always. It seems that evrything is fine. At this time, we made LADP server, ladp://mercury.npac.syr.edu:1389/cn=Gateways,ou=Groups,o=npac.syr.edu. And also CA using netscape center. I have no experience about that, how to handle, operate, manage, and so on. I think I know you will. Would you give me thw whole information, or materials, any web site about that? Thanks, Choonhan Youn From cyoun@presenter.npac.syr.edu Thu Jan 21 16:25:23 1999 Status: O X-Status: Date: Thu, 21 Jan 1999 16:25:22 -0500 (EST) From: Choonhan Youn To: Mary Thompson Subject: Re: Current problems In-Reply-To: <7787.915831949@portnoy.lbl.gov> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Hi, Mary. Last time I sent email to you. I have not received any response from you. Do you by any chance have any business trip or something? I have read the material about managing the LDAP. But, I have no idea what to do, what to start it. Would you mind if you could recommend something or give me some direction? I need your help. Now System administrator gave me LDAP address like this, "ladp://mercury.npac.syr.edu:1389/cn=Gateways,ou=Groups,o=npac.syr.edu". Thanks, Choonhan Youn From cyoun@presenter.npac.syr.edu Fri Jan 22 11:59:55 1999 Status: O X-Status: Date: Fri, 22 Jan 1999 11:59:54 -0500 (EST) From: Choonhan Youn To: Kang-seok Kim Subject: your SGI Indy (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII ---------- Forwarded message ---------- Date: Fri, 22 Jan 1999 07:23:23 -0500 From: Kathy Becker To: cyoun@npac.syr.edu, kskim@npac.syr.edu Cc: systems@npac.syr.edu, kbecker@npac.syr.edu Subject: your SGI Indy I have moved each of your Indy systems back on your desks. You must not have the system sitting on the floor as each of you did. You both had your systems not only on the floor but sitting so that the vented side was facing the carpet. Choohan - when you put presenter on the floor you also put the external disk on the floor. The external disk was no longer completely connected besides the fact that you should never put any peripherals on the carpet because of ventilation reasons. Please the systems on your desks. If you need to move them, keep in mind that the system should ALWAYS be placed right-side up on a flat, level, smooth surface. NEVER place the system on its side. Regards, Kathy From cyoun@presenter.npac.syr.edu Mon Jan 25 17:48:45 1999 Status: O X-Status: Date: Mon, 25 Jan 1999 17:48:44 -0500 (EST) From: Choonhan Youn To: Mary Thompson cc: Tomasz Haupt Subject: Re: Current problems In-Reply-To: <2218.917059151@portnoy.lbl.gov> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Hi, Mary. > Now for some specific questions for you. > > Did you personally install the LDAP and CA servers or did someone else do it > for you? > Actually No. My system administrator, Dr.roman, is managing for LDAP server and we are going to make CA server sooner or later. Now I am just interested in managing LDAP server, what information should I put into it for using Akenti security? For example, in case of personal identity certificate, Subject name-- E=cyoun@npac.syr.edu, CN=Choonhan Youn, UID=cyoun, OU=Guests, O=Lawrence Berkeley National Laboratory, C=US and Subject Public Key Information-- Public key and so on, Should I put them into LDAP server for using Akenti security? > Do you have copies of the 3 Netscape manuals each about 200-300 pages long. > One on Informix, one on the Certificate Server and one on the Directory server? > No, I don't > Do you realize that you have 6 servers running and do you know what they do? > Informix server, LDAP server, HTTP gateway to LDAP, Netscape Administration > server for LDAP, CA server, Netscape Administration Server for CA. There is a > command line interface to the LDAP server, documented in the Directory Server > book, in addition to the HTTP gateway server. > > Check out http://developer.netscape.com/directory/ for lots of information on > LDAP and http://developer.netscape.com/docs/manuals/index.html?content=certific > ate.html for documents about the Certificate server. If you don't have paper > copies of the manuals you can find copies of them here. > Actually I don't know them. But I will check all of them and read them. > So are you at the point of configuring the servers (that is normally part of > the installation) or ready to issue a Certificate for someone? > Now no. we are going to make them. And When receiving the certificate request from someone, what are you doning for this first of all? I would like to know this processing to give it to someone to access the resources. Thanks, Choonhan youn From cyoun@presenter.npac.syr.edu Sun Jan 31 08:54:21 1999 Status: O X-Status: Date: Sun, 31 Jan 1999 08:54:20 -0500 (EST) From: Choonhan Youn To: Mary Thompson Subject: Re: Current problems In-Reply-To: <17098.917461708@portnoy.lbl.gov> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Hi, Mary. Thank you for your help. I appreciate that. Now my administrator has completed the installation of LDAP sever. And my project leader, Dr. Tomasz Haupt, will finish the installation of CA server sooner or later. Now, I have LDAP URLs, ldap://merkury.npac.syr.edu:1389, o=npac.syr.edu, ou=Gateway, cn=Tomasz Haupt. But, My system administrator has some problem for assigning the ownership. For example, o=npac.syr.edu | | --------------- | | | | ou=People ou=Gateway As above ficture, he is managing several organization units(ou). He want me to manage the "ou=Gateway" directory. But, he told me not to assign the ownership for me. And he recommended me to look for some matrials on the web for assigning the ownership. When I looked at the documentation of Netsvcape Directory Server, I have read the "managing access control". But, I don't know how to use it. Please let me know if you know how the system administrator does it. Thanks. Choonhan youn