...
- Apache httpd 2.2 (from stock RHEL httpd RPM)
- mod_ssl (from stock RHEL mod_ssl RPM)
- mod_auth_kerb (from stock RHEL mod_auth_kerb RPM)
- Tomcat 6.0
- JDK 6.0 (from Sun, plus enhanced JCE and security policy)
- Shibboleth IdP 2.1
- terracotta 3.1
- MySQL 5.0 (from stock RHEL RPMs)
In the configuration documented below, the Apache web server will listen on the following TCP ports:
...
| No Format |
|---|
# cp /path/to/run-dgc-if-active.sh /usr/local/shibboleth-idp/bin/
# cp /path/to/run-dgc.cron /etc/cron.d/run-dgc
|
Targeted ID MySQL database
The core IdP uses a custom implementation supporting the generation of targeted (or persistent) IDs, backed by a MySQL database. We use the native Red Hat RPMs (5.0), part of the standard NIST install.
Database initialization
Start up the daemon, and secure the installation:
| No Format |
|---|
# /etc/init.d/mysqld start
# mysql_secure_installation
|
Respond to the prompts to set the root password, remove anonymous users, disallow remote root logins, and remove the test database.
Make sure the daemon starts at boot time:
| No Format |
|---|
# chkconfig mysqld on
|
Firewall
Make sure that the additional port used by the IdP are enabled in the firewall. Use the command "iptables --list -n --line-numbers" to determine the proper rule number; the following example assumes we are inserting rules beginning at number 36. Also replace 18.x.y.z with the appropriate IP address of the peer node in the cluster, not the local host.
...