diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/setup | 8 | ||||
| -rw-r--r-- | docs/stanford-naming | 38 |
2 files changed, 35 insertions, 11 deletions
@@ -64,10 +64,10 @@ Wallet Configuration On the wallet server, install remctld. Then, install the configuration fragment in config/wallet in the remctld configuration. - You can do this either by adding the one non-comment line of that file - to your remctl.conf or, if your remctl.conf includes a directory of - configuration fragments, drop config/wallet into that directory. You - may need to change the path to wallet-backend. + You can do this either by adding the two non-comment lines of that + file to your remctl.conf or, if your remctl.conf includes a directory + of configuration fragments, drop config/wallet into that directory. + You may need to change the path to wallet-backend. Note that the default wallet configuration allows any authenticated user to run the wallet backend and relies on the wallet's ACLs for all diff --git a/docs/stanford-naming b/docs/stanford-naming index f887a69..f2a45a7 100644 --- a/docs/stanford-naming +++ b/docs/stanford-naming @@ -70,13 +70,6 @@ Object Naming Then, we use the following naming conventions for different types of objects: - <group>-<service>-db-<name> - - Stores the database password for the database named <name>. This - may be a file containing only the database password or a Perl - AppConfig configuration file with the database connection - information including the password. - <group>-<server>-htpasswd-<app> An .htpasswd file for HTTP Basic Authentication for special-case @@ -109,6 +102,30 @@ Object Naming The public certificate we manage external to wallet since it doesn't need to be protected or encrypted. + <group>-<server>-tivoli-key + + The Tivoli backup encryption key for this server. This is stored + in the same file as the password used to connect to the Tivoli + server, so both are stored together. This file is found at + /etc/adsm/TSM.PWD. It must be base64-encoded before being stored + in the wallet. + + <group>-<service>-config-<name> + + A configuration file named <name> that contains some secure + information, such as a database password. Ideally, the secure + data should be stored in a separate file and assembled into the + configuration file, but that isn't always the path of least + resistance. Only use this naming convention if there is not a + more specific one below. + + <group>-<service>-db-<name> + + Stores the database password for the database named <name>. This + may be a file containing only the database password or a Perl + AppConfig configuration file with the database connection + information including the password. + <group>-<service>-gpg-key Stores the GnuPG private key for a service that needs to do GnuPG @@ -122,6 +139,13 @@ Object Naming sometimes it's too hard to separate out chunks of a properties file. + <group>-<service>-puppetconf + + A puppet.conf configuration file for Puppet that contains some + secure data (such as SSL key passwords or database passwords). + Ideally the secure data should be stored in separate files, but + Puppet likes to use a single configuration file. + <group>-<service>-shibboleth The shibboleth.xml configuration file for a service, when it |