Installing the OpenKeyServer
To install the server on your system, you must first uncompress and extract the files from your distribution archive. These operations can be done via the following commands:
# gunzip oks.<distribution-version-number>.tar.gz
# tar xf oks.<distribution-version-number>.tar
This will create the directory oks.<distribution-version-number> containing the following files under the current directory:
oks.<distribution-version-number>/
oks.<distribution-version-number>/CHANGES
oks.<distribution-version-number>/INSTALL
oks.<distribution-version-number>/LICENCE
oks.<distribution-version-number>/README oks.<distribution-version-number>/oks-<distribution-version-number>.tar
oks.<distribution-version-number>/oks_install
Then start the oks_install shell script to install and configure the server. The texts between square brackets are configuration values guessed by the script.
# ./oks_install
OpenKeyServer installation utility
Please enter distribution file: [oks-<distribution-version-number>.tar]
Please enter installation directory: [/usr/local/oks]
"/usr/local/oks" not found. Do you want to create it ? [Yes]
Installing distribution in /usr/local/oks...
At this point, the installation directory contains the keyserver and its gateways without any database. The script begins by configuring some general information about the server.
Configuring OpenKeyServer What is your company name ? This name will be used inside your web pages in order to personalize your OpenKeyServer. Company name :
You must enter here the name of your company. It will be used inside your configuration files and web pages to personalize your server responses.
What is the email address of this keyserver administrator ?
Enter here this email address. This address will also be used into your web pages
as a point of contact for your users.
The script continues now by configuring the OKS database:
Configuring OpenKeyServer Database Server
Bind address: [127.0.0.1]
Enter here the IP address of the database. By default, it listens only on the localhost address because the gateways are often located on the same machine. If you want the OKS database server be accessible by other machines on your network, specify here your host network address ( or 0.0.0.0 to listen on all addresses ).
Bind port: [11372]
Enter here the OKS database server port number. By default and for simplicity, we use the next port following the common keyserver port number.
Syslog facility: [local0]
The keyserver processes use the standard unix syslog service to log their messages for smoother integration with common network management tools. Here you can specify which facility the process will use. Please refer to the syslog.conf man page for more information about configuring syslog. The facility can be one of the following: auth, authpriv, cron, daemon, kern, lpr, mail, news, security, syslog, user, uucp, and local0 through local7.
Database name: [sample]
Type here the name you want to give to your database. This is this name which must be used for further references to your database.
Database directory: [/usr/local/oks/var/db]
Your OKS database server is now configured. The installation script continues now by configuring your gateways.
Configuring OpenKeyServer HTTP gateway
Bind address: [0.0.0.0]
Enter here the IP address of the HTTP gateway. By default, it listens on all the ip addresses of your machine, but some sites would want to restrict it to only one address.
Bind port: [11371]
Common keyservers listen on port 11371. If you want, you can change it here. Please note that on Unix systems, listening on port lower than 1024 requires root privileges.
Syslog facility: [local0]
The keyserver processes use the standard unix syslog service to log their messages for smoother integration with common network managing tools. Here you can specify which facility the process will use. Please refer to the syslog.conf man page for more information about configuring syslog. The facility can be one of the following: auth, authpriv, cron, daemon, kern, lpr, mail, news, security, syslog, user, uucp, and local0 through local7.
SMTP server: [mail.<your-domain-name>]
The OKS HTTP gateway needs an SMTP server to send its synchronization requests. The script tries to guess it but if you want you can specify here your SMTP server fully qualified name or IP address.
What is the base URL of your web server ? Your OpenKeyServer HTTP gateway is provided with a set of web pages you can store on your web server in order to access it through any web browser. This base URL will be used to build links between different web pages and must not contain any reference to any file. Valid base URLs are for instance http://www.some.site.edu and http://www.some.site.edu/keyserver Note that the trailing / must not be introduced. When the installation is done, don't forget to copy the directories located in /usr/local/oks/share/webpages on your web server. Base URL: [http://www.<your-domain-name>]
Enter here this base URL without the trailing /. This field is required, but the installation script tries to guess it with the help of your machine name. At this point, it is necessary you introduce the correct one, otherwise you will have to modify the keyserver web pages by hand. Note that even if you do not want to use the web site provided in this distribution, specifying a URL here will allow the pages generated by the HTTP gateway to reference pages into your current web site.
Configuring OpenKeyServer SMTP gateway
POP3 server: [mail.<your-domain-name>]
The OKS SMTP gateway works by polling from time to time a mailbox located on a mail server and, to access this server, the process uses the POP3 protocol. The script tries to guess it but if you want you can specify here your mail server fully qualified name or IP address.
POP3 login: POP3 password:
In order to access the keyserver's mailbox, you will need a POP3 login and password; please enter here this information.
Mailbox polling interval (in seconds) : [120]
Here you can specify the interval between two checks on the mailbox to process its messages. This delay is specified in seconds.
Syslog facility: [local0]
The keyserver processes use the standard unix syslog service to log their messages for smoother integration with common network managing tools. Here you can specify which facility the process will use. Please refer to the syslog.conf man page for more information about configuring syslog. The facility can be one of the following: auth, authpriv, cron, daemon, kern, lpr, mail, news, security, syslog, user, uucp, and local0 through local7.
SMTP server: [mail.<your-domain-name>]
The OKS SMTP gateway needs an SMTP server to send its synchronization requests.
The script tries to guess it but if you want you can specify here your SMTP server
fully qualified name or IP address.
Your OpenKeyServer gateways are now configured. The installation script continues
now by configuring the synchronization of your keyserver with other ones.
Email address of this keyserver: [pgp-keys@<your-domain-name>]
Keyservers still synchronize through an email-based protocol. It means that each keyserver has one email address to communicate with the others. Enter it here and create if needed this email account on your mail server.
Email address for synchronization errors: [root@<your-domain-name>]
In case of errors, the mail server has to send back the mail message to someone. Specify here the email address of this person.
Email addresses of keyservers to synchronize with:
If you want your server to synchronize with other sites, enter here a list of email addresses separated by spaces.
Saving OpenKeyServer configuration parameters... Please wait The web pages located in your directory /usr/local/share/webpages are now configured. Don't forget to copy them to your web server directory. Press enter...
You OKS database server and gateways are now configured. If you want, the installation script can update your database with your PGP public keyrings.
Do you want to update the OpenKeyServer database now ? [yes]
Enter the path of the PGP public keyring to store:
Enter here the full path to a public PGP keyring to append to your database. This procedure will continue until you don't specify any other one (just press enter).
Database successfully created.
Your OpenKeyServer is now configured and installed on your system.
OpenKeyServer installation done !