wiki:CredPrinterDocs

Version 3 (modified by faber, 10 years ago) (diff)

--

Credential Printer

The credential printer service is an XMLRPC service to convert ABAC credentials encoded as X.509 certificates into a text format. While libabac is widely portable through swig, some programming environments cannot import the library, yet would like to see the contents of credentials. The credential printer provides access.

Installing the service

We distribute the credential printer as a python application. It depends on the standard installation and the M2Crypto package, available from several places. It also depends on libabac.

Once the prerequisites are installed, download the credential printer source and untar it, change to the cred_printer-1.00 directory and run the standard python install script (as root):

$ tar xzf cred_printer-1.00.tar.gz
$ cd cred_printer-1.00
$ sudo python ./setup.py install

This will install a python egg into your site-packages and two python scripts, cred_server.py and cred_client.py into your standard biraries directory (/usr/local/bin on FreeBSD or Ubuntu).

Because the installation runs as root, you may need to delete the distribution directory as root:

$ cd ..
$ sudo rm -rf cred_printer-1.00.tar.gz

Running the server

The server takes an optional argument, --cert and a certificate with which to identify itself under SSL/https. If omitted, the server will run under http, unencrypted and unauthenticated. If run under SSL, the server expects clients to supply a certificate, but does not vaildate it's authorization chain. This is for future expansion using ABAC authorization to the server and self-certifying identities.

The server also takes a --port argument defining the port to listen on. By default it listens on port 13232.

Assuming that ./cert.pem contains a certificate and key for the server:

$ cred_server.py --cert ./cert.pem

starts the server under SSL/https listening on port 13232,

$ cred_server.py --port 54321 --cert ./cert.pem

starts the server under SSL/https listening on port 54321

$ cred_server.py --port 54321

starts the server under http listening on port 54321, and

$ cred_server.py

starts the server under http on port 13232.

Attachments (4)

Download all attachments as: .zip