Index of /multimedia/projects/meccano/deliverables/d4.3/software/scs/

UCL Secure Conference Store - Installation/configuration details
----------------------------------------------------------------

Kristian Hasler & John Andrews
July 2000


Note
----
The UCL Secure Conference Store is currently available for anyone
to use at UCL http://www-secure.cs.ucl.ac.uk/.   These notes are
a guide for those wishing to run their own Secure Conference
Store.   Details for using the Store are contained elsewhere.

The UCL Secure Conference Store is a set of perl CGI scripts to
produce HTML pages and process forms and maintain simple database
files.  It requires an HTTP-S server, perl, an md5 checksum application
and a mail interface for sending messages, and the MBONE sdr tool.
We have used Apache for the HTTP-S server (including the tools gcache
and htpasswd) and mhmail.   We have also added IPv6 support for
accessing the HTTP-S server over IPv6 and for storing/starting sessions
using IPv6 addresses.  To use user/client certificates, the Apache
buff.h needs #define APACHE_SSL_EXPORT_CERTS TRUE  when built.

The function of the Store in summary is to allow users to manage
groups that only certain other users can access, and to create
sessions within these groups for users to join (using SPAR) by
starting the media tools with the correct addresses/keys.  Users
first need to register with the Store and later authenticate themselves
with a chosen username and password.   A user-certificate can also
be used as well as or in place of the user/pass.


Environment
-----------
The server has been installed and tested under the following environment:

- Apache 1.3.9 with SSL 1.37 Patches:
  ftp://ftp.ox.ac.uk/pub/crypto/SSL/Apache-SSL/apache_1.3.9+ssl_1.37.tar.gz
- Apache IPv6 Patches:
  ftp://ftp.kame.net/pub/kame/misc/apache-139-v6-19990901a.diff.gz
- Open SSL 0.94:
  http://www.openssl.org/source/openssl-0.9.4.tar.gz
- Perl 5.003
- FreeBSD 2.2.8

We have also run the server under:
- Solaris 2.5.1 and 2.7
- Linux RedHat6.1


Installation
-----------
The package should be un-tared in /usr/local to install the "ucsc"
directory tree.  (The path can be changed if required by editing
the various scripts.)   It is recommended a user id be assigned
for the Store and any automatic messages will come from this user.

The Apache HTTP-S server needs to be built and configured - an
example running config is shown in conf/httpsd.conf.ucl.   And a
server certificate needs to be generated.  The UCL Store uses the
DNS name www-secure.cs.ucl.ac.uk for IP4 and www-secure.ip6.cs.ucl.ac.uk
for IP6, but could be changed to use a single name for both if required.
It uses port 80 for normal HTTP; port 443 for HTTPS and port 8069 for
HTTPS with user/client certificates.   It also uses port 8071 for
the Apache "gcache".   All these details can be be changed in the
Apache server config and Store scripts.

The admin mail contact should be set in the httpsd.conf file and
cgi-bin/subs script.

The paths at the top of the perl scripts:

- cgi-bin/run
- cgi-bin2/run
- cgi-bin3/run

may need to be changed to find perl on your system and/or a different
install dir (rootdir).

The paths/settings for your system need to be changed in cgi-bin/subs.
Definitely:

- $adminmail
- $mcastrange
- $mcastrangev6
- $ip4name
- $ip6name

The ip6name can be null if IPv6 access is not required.  The mcastrange
needs to be set to your "glop" range and this requires an AS number for
your organisation.


SDR
---
The MBONE tool sdr should be run on the server machine to create a
cache of announce sessions received that can be presented by the Store.
Normally, sdr can be run without the GUI as "sdr -no_gui" as the Conf
Store userid to create a cache in the user home dir .sdr/cache.
Note: it is not essential to run sdr if only stored session access
is required.


SPAR
----
The SPAR Java applet should be installed in the htdocs/java dir, and
signed as detailed in the SPAR package.   (SPAR is used to start the
media tools on the user's host which must have been previously installed.
In the Store, the plugins database is used to control globally which
tools can be started.)


Implementation
--------------
The UCL Secure Conference Store is implemented as 3 logical servers.
One uses normal HTTP (on port 80) and is only used to present the initial
home page for users that try to access the store without HTTPS.  (We
found that a number of users did not use the correct URL and claimed the
server was down.)    One uses normal HTTPS (on port 443) and is used
to access the Store using a secure link.   And one uses normal HTTPS
(on port 8069) but with user-client certificates.

The HTML "pages" are generated by CGI scripts.  The scripts in cgi-bin3
can be accessed by any of the servers and require no access control.
(The main home/menu pages are generated from scripts here.)   The
scripts in cgi-bin2 require HTTPS (they cannot be accessed using HTTP),
but no access control.  (The user registration and public access pages
are generated from scripts here.)   The scripts in cgi-bin require HTTPS
and user authentication (either by user/pass or client cert).

The data directory contains files used as the Store database and are
maintained by the CGI scripts:

- group (the group member database)
- group.db (the group details database)
- passwd (the username/password database)
- plugins (the SPAR media database, manually configured)
- session.db (the session details database)
- user.db (the user details database)

(The README in the data directory gives the field structure of the
database files.)


      Name            Last modified     Size  Description              

[UP ] Parent directory [   ] README 25-Jul-00 14:41 5K [GZP] spar-1.2.tar.gz 28-Jul-00 12:17 11K [GZP] uscs.tar.gz 25-Jul-00 14:42 27K
3 files