Re: Jona Initialization and Config

Fred R. Buck <frbuck <at> lucent.com> writes:
> I've built the Jonah components, put everything in its proper place and
run
> each of the three subsystems (ee, ra, ca).  But, that is as far as I can
> get.  It's not clear, to me, what to put in the ini files so that the
> individual components know where the other servers are.
The really important ini file (for server communications) is the one for
the
RA (jonahra.ini). When the RA creates the pre-registration record it tells
the
End Entity how to talk to it. The pre-registration record delivery is an
out-of-band
process.

If you look at the jonahra.ini that is included in src/sampleini,
in the General section there is a Issuer1URL1 which tells the
RA how to talk to the CA (for now, we only support one CA per RA, and
each CA only has one way to talk to it)

The RA ini file should also have defined in the General section a
definition for
the NetworkName of the machine that the RA is running on. If one is not
specified
it defaults to "localhost".

If you want the CA or RA to run the service on a port other then 829 you
need to specify the TCPPort in the Transport section of the ini file. If
you
change this value on the CA you need to update the Issuer1URL1 setting on

Build Error - Plus NET USE tidbit

Re: Build Error - Plus NET USE tidbit

John,
Did you get the PKCS #11 files from RSA?

Thanks - Mark
______________________________________________________________
Mark C Davis/Raleigh/IBM, DSS Network Security, davismc <at> us.ibm.com
(919)254-7876, pager 1(800)946-4646 PIN 6066244,  FAX (919)254-5710

owner-imc-pfl <at> imc.org on 11/09/98 05:29:13 PM
Please respond to owner-imc-pfl <at> imc.org
To: imc-pfl <at> imc.org
cc:
Subject: Build Error - Plus NET USE tidbit

Greetings...

Before I get into my current problem I'd like to thank Fred R. Buck for his
initial response to my offline "getting started" note.

I'd also like to share a tid bit I found out visa vie the NET USE command.

Background: I had problems executing pseudosb due to a failure I'd get
attempting to map the X: and Y: drives to the jonah shared folder. I am
working  on a standalone machine, mostly from my home office.

when I manually issued NET USE Y: \\ jonaserv\jonah or any other variant I'd ge
t a wierd system error 67. it either could not find my network name or would
give me  a path error. I sought local support help at IBM poughkeepsie, and as
it turns out I had to be lan attached(at the "office" office) to get these
commands to work.

A message like Net Bios not operational might have been a better clue.
Anyway, support folks helped me define a netbios over tcp option in my IBM
dialer so I could get this mapping to work from my remote dial-in standalone
machine.

Which begs the question: will we ever get a build that does not need a network
hop to find my local jonah directory?

My current error:

I build as far as the make of  PKCSMAIN.C. I encoutered the following errors:

** hand retyped, (not pasted) with shortcuts:

pkcsmain.c<85> : C2065: 'CKR_CRYPTOI_NOT_INITIALIZED' : undeclared identifier

    <226> : error C2039> : 'C_WaitForSlotEvent' : is not a member of
'CK_FUNCTION_LIST'

/src/include\pkcs11.h<89> : see declaraton of 'CK_FUNCTION_LIST'

<296> : error C2373: 'C_WaitForSlotEvent' : redefinition;different type
modifiers

<309> : error C2065: 'CKF_DONT_BLOCK' : undeclared identifier

<310> : error C2065: 'CKR_NO_EVENT' : undeclared identifier

make: error code 2

make: error code 255

make error code 255

go to EOF

I figure I'm missing some include files. Identification of the same would be
appreciated.

Regards,

John Wiley

Senior Software Engneer, IBM Poughkeepsie

Re: Build Error

This looks vaguely familiar. Make sure you picked up the right include
files. The instructions specify exactly which version link to follow off
the RSA pages to pick up the right set of include files. If you follow the
highest link in the page, as opposed to the version specified, you get
errors something like this (one of our testers did that, which I told him
at the time would be useful because it's an obvious error to make!).
     Mez

Mark C Davis <davismc <at> us.ibm.com> on 11/09/98 05:49:10 PM

                                                              

                                                              
 To:      imc-pfl <at> imc.org                                     

 cc:      (bcc: Mary Ellen Zurko/Iris)                        

                                                              

 Subject: Re: Build Error - Plus NET USE tidbit               

John,
Did you get the PKCS #11 files from RSA?

Thanks - Mark
______________________________________________________________
Mark C Davis/Raleigh/IBM, DSS Network Security, davismc <at> us.ibm.com
(919)254-7876, pager 1(800)946-4646 PIN 6066244,  FAX (919)254-5710

owner-imc-pfl <at> imc.org on 11/09/98 05:29:13 PM
Please respond to owner-imc-pfl <at> imc.org
To: imc-pfl <at> imc.org
cc:
Subject: Build Error - Plus NET USE tidbit

Greetings...

Before I get into my current problem I'd like to thank Fred R. Buck for his
initial response to my offline "getting started" note.

I'd also like to share a tid bit I found out visa vie the NET USE command.

Background: I had problems executing pseudosb due to a failure I'd get
attempting to map the X: and Y: drives to the jonah shared folder. I am
working  on a standalone machine, mostly from my home office.

when I manually issued NET USE Y: \\ jonaserv\jonah or any other variant
I'd ge
t a wierd system error 67. it either could not find my network name or
would
give me  a path error. I sought local support help at IBM poughkeepsie, and
as
it turns out I had to be lan attached(at the "office" office) to get these
commands to work.

A message like Net Bios not operational might have been a better clue.
Anyway, support folks helped me define a netbios over tcp option in my IBM
dialer so I could get this mapping to work from my remote dial-in
standalone
machine.

Which begs the question: will we ever get a build that does not need a
network
hop to find my local jonah directory?

My current error:

I build as far as the make of  PKCSMAIN.C. I encoutered the following
errors:

** hand retyped, (not pasted) with shortcuts:

pkcsmain.c<85> : C2065: 'CKR_CRYPTOI_NOT_INITIALIZED' : undeclared
identifier

    <226> : error C2039> : 'C_WaitForSlotEvent' : is not a member of
'CK_FUNCTION_LIST'

/src/include\pkcs11.h<89> : see declaraton of 'CK_FUNCTION_LIST'

<296> : error C2373: 'C_WaitForSlotEvent' : redefinition;different type
modifiers

<309> : error C2065: 'CKF_DONT_BLOCK' : undeclared identifier

<310> : error C2065: 'CKR_NO_EVENT' : undeclared identifier

make: error code 2

make: error code 255

make error code 255

go to EOF

I figure I'm missing some include files. Identification of the same would
be
appreciated.

Regards,

John Wiley

Senior Software Engneer, IBM Poughkeepsie

Re: Jonah on UN*X? (fwd)

Hello there,

Are there any plans of making a Java (JDK 1.1 or 1.2)
package available for PKIX reference implementation?
Do you know if any other organization is planning to
do so?

thanks.

------------- attachment alluded to the above ------------
We have announced that we will also be making a port to
Solaris available. We've been talking about December but,
realisitically, it's the last thing on our current schedule, and
we're resource constrained, so I wouldn't be surprised if that
slipped. But we are keeping it in mind because we believe we
need to do it to help promote the standards, so we're attempting
to minimize and segregate the NT specific areas of code as
we go. We have whining Unix users on the team , so you're
not alone.
     Mez

--

-- 
Zahid Ahmed                     Veo Systems Inc.(formerly CNgroup, Inc.)
Commerce Security Arhcitect
zahmed <at> veosystems.com           http://www.veosystems.com
v:(650) 623-2814                2440 West El Camino Real, Floor 7 
fax:(650) 938-8055              Mountain View, CA 94040

Re: Jonah on UN*X? (fwd)

Hi 

At DSTC here, we have implemented most of the PKIX draft standard.  We
have implementation in both Java and C++.  At the moment, we have only
tested on Solaris and Linux.   Note, however, we haven't implemented
Certificate Management Protocol.

The beta version is available to download via:
http://oscar.dstc.qut.edu.au

Cheers...
Eddy

Research Scientist
DSTC Security Unit
Level 12, S Block
QUT Garden Point
Queensland Australia

On Tue, 10 Nov 1998 zahmed <at> veosystems.com wrote:

>Date: Tue, 10 Nov 1998 19:29:02 -0800 (PST)
>From: zahmed <at> veosystems.com
>To: imc-pfl <at> imc.org
>Subject: Re: Jonah on UN*X? (fwd)
>
>
>Hello there,
>
>Are there any plans of making a Java (JDK 1.1 or 1.2)
>package available for PKIX reference implementation?
>Do you know if any other organization is planning to
>do so?
>
>thanks.
>
>------------- attachment alluded to the above ------------
>We have announced that we will also be making a port to
>Solaris available. We've been talking about December but,
>realisitically, it's the last thing on our current schedule, and
>we're resource constrained, so I wouldn't be surprised if that
>slipped. But we are keeping it in mind because we believe we
>need to do it to help promote the standards, so we're attempting
>to minimize and segregate the NT specific areas of code as
>we go. We have whining Unix users on the team , so you're
>not alone.
>     Mez
>
>
>
>-- 
>Zahid Ahmed                     Veo Systems Inc.(formerly CNgroup, Inc.)
>Commerce Security Arhcitect
>zahmed <at> veosystems.com           http://www.veosystems.com
>v:(650) 623-2814                2440 West El Camino Real, Floor 7 
>fax:(650) 938-8055              Mountain View, CA 94040
>
>
>

Re: Jonah on UN*X? (fwd)

The Jonah UI is in Java (for portability); the rest is in C++ (for
portability and speed). I'd be interested in knowing what aspects of
Java you'd like to take advantage of in a PKIX source code base.
     Mez

Re: Jonah on UN*X? (fwd)

> The Jonah UI is in Java (for portability); the rest is in C++ (for
> portability and speed). I'd be interested in knowing what aspects of
> Java you'd like to take advantage of in a PKIX source code base.

Portability is the number one aspect for us - i.e. we'd like to be able
to run it on Solaris.  Since the source can currently only be built on
WinNT, we are not able to make use of it.

ejp

Re: Jonah on UN*X? (fwd)

We've announced our intent to release a Solaris port of the code around the
time of the final NT release, so if you can wait until then, Jonah still
might work for you.

John

Ed Posnak <ejp <at> xetex.com> <at> imc.org on 11/11/98 11:26:55 AM

Sent by:  owner-imc-pfl <at> imc.org

To:   Mary_Ellen_Zurko <at> iris.com
cc:   zahmed <at> veosystems.com, imc-pfl <at> imc.org, Ajit George <gajit <at> xetex.com>

Subject:  Re: Jonah on UN*X? (fwd)

> The Jonah UI is in Java (for portability); the rest is in C++ (for
> portability and speed). I'd be interested in knowing what aspects of
> Java you'd like to take advantage of in a PKIX source code base.

Portability is the number one aspect for us - i.e. we'd like to be able
to run it on Solaris.  Since the source can currently only be built on
WinNT, we are not able to make use of it.

ejp

Re: Jonah on UN*X? (fwd)

John_Wray <at> iris.com wrote:

> We've announced our intent to release a Solaris port of the code around the
> time of the final NT release, so if you can wait until then, Jonah still
> might work for you.

John's comment succinctly captures the reason why people are looking for a pure
Java implementation: so they won't have to wait for a port to their operating
system.  Also so they won't have to compile the code if they don't want to.

ejp