...
The core IdP uses a custom implementation supporting the generation of targeted (or persistent) IDs, backed by a MySQL database. We use the native Red Hat RPMs (5.0), part of the standard NIST install.
...
MySQL initialization
Start up the daemon, and secure the installation:
...
Make sure that you set a firewall rule which allows the peer IdP node to connect to the daemon (on TCP port 3306).
Create database users
Create the shib and (optionally) shibadmin database users, e.g.:
...
Replace PASSWORD and ADMINPASSWORD with the passwords for the shib and shibadmin users, respectively. The shib user will be used by the targeted ID software to access the database. The shibadmin user can be used as an alternative to root to initialize or update the database.
Initialize the Targeted ID database
You must either set up a new (empty) database, or initialize the database from a backup (e.g. a backup created on the peer system).
...
Initialize a new database
...
WARNING: THIS STEP WILL DROP THE TABLES OF ANY EXISTING DATABASE. Proceed to the next section to initialize the database from a backup.
To create a new (empty) database, process the schema file, e.g.:
| No Format |
|---|
# mysql -u root -p < /usr/local/targeted-id/etc/tid-init.sql
|
...
Initialize a Targeted ID database from backup
...
Perform this step to set up the database when adding a new machine to an existing cluster. You should obtain the backup from an existing machine in the cluster.
| No Format |
|---|
# mysql -u root -p < /path/to/most-recent-backup.sql
|
Firewall
Make sure that the additional port used by the IdP are enabled in the firewall. Use the command "iptables --list -n --line-numbers" to determine the proper rule number; the following example assumes we are inserting rules beginning at number 36. Also replace 18.x.y.z with the appropriate IP address of the peer node in the cluster, not the local host.
...