[LON-CAPA-cvs] cvs: loncom / loncapa.conf loncapa_apache.conf

foxr lon-capa-cvs@mail.lon-capa.org
Thu, 27 May 2004 09:28:38 -0000 

foxr		Thu May 27 05:28:38 2004 EDT

  Modified files:              
    /loncom	loncapa.conf loncapa_apache.conf 
  Log:
  Readjust the secure lonc/lond variables as per the standard.
  
  
  
Index: loncom/loncapa.conf
diff -u loncom/loncapa.conf:1.9 loncom/loncapa.conf:1.10
--- loncom/loncapa.conf:1.9	Wed May 26 06:17:49 2004
+++ loncom/loncapa.conf	Thu May 27 05:28:38 2004
@@ -1,7 +1,7 @@
 ##
 ## loncapa.conf -- Apache HTTP LON-CAPA configuration file
 ##
-## $Id: loncapa.conf,v 1.9 2004/05/26 10:17:49 foxr Exp $
+## $Id: loncapa.conf,v 1.10 2004/05/27 09:28:38 foxr Exp $
 ##
 
 # ======================================= Machine Specific / Perl Configuration
@@ -63,44 +63,3 @@
 # PerlSetVar loncAllowInsecure {[[[[0]]]]}
 PerlSetVar   loncAllowInsecure {[[[[1]]]]}
 
-#
-#   Secure lond/lonc require ssl certificate and private
-#   key files to function correctly.  The certificate
-#   files need not be terribly secure, but the private key files
-#   should be set up so that only www (the lonc/lond effective user)
-#   can read them.
-# 
-#   The definition below is the full path to the directory that
-#   contains the certificate and key files:
-#
-PerlSetVar lonCertificateDirectory {[[[[/home/httpd/lonCerts]]]]}
-
-#
-#  Secure lond/lonc require two certificates and a private host key.
-#  The certificates required are that of the lonCAPA certificate authority
-#  and the certificate that authority issued to this host.
-#  lonnetCertificateAuthority is the name of the file that contains the
-#                            lonCAPA certificate authority's certificate.
-#  lonnetCertificate is the name of the file that contains the certificate
-#                    issued to the host by the certificate authority.
-#  Both of these variables are names of files assumed to be in 
-#  lonCertificateDirectory:
-
-PerlSetVar lonnetCertificateAuthority {[[[[loncapaCA.pem]]]]}
-PerlSetVar lonnetCertificate          {[[[[lonhostcert.pem]]]]}
-
-#
-#  To generate the request for a certificate, and to negotiate the
-#  initial ssl connection, the host requires a private key.  This key
-#  is created at lonCAPA install time.  Did we mention above that it
-#  should be set so that only www can read it?  The variale below
-#  is the name of the file relative to lonnetCertificateDirectory
-#  that has the host's private key.  Did we remember to tell you to
-#  keep the permissions on that file set to rw-------  (0600)?
-#  
-
-PerlSetVar lonnetPrivateKey         {[[[[lonKey.pem]]]]}
-
-# Did we mention that the file described above must have
-# permissions really locked down so that it can't be stolen?
-
Index: loncom/loncapa_apache.conf
diff -u loncom/loncapa_apache.conf:1.78 loncom/loncapa_apache.conf:1.79
--- loncom/loncapa_apache.conf:1.78	Fri Apr 23 19:01:34 2004
+++ loncom/loncapa_apache.conf	Thu May 27 05:28:38 2004
@@ -1,7 +1,7 @@
 ##
 ## loncapa_apache.conf -- Apache HTTP LON-CAPA configuration file
 ##
-## $Id: loncapa_apache.conf,v 1.78 2004/04/23 23:01:34 albertel Exp $
+## $Id: loncapa_apache.conf,v 1.79 2004/05/27 09:28:38 foxr Exp $
 ##
 
 #
@@ -907,6 +907,51 @@
 PerlSetVar       lonhttpdPort  8080
 
 
+#   Parameters used by secure lond/lonc
+
+#
+#   Secure lond/lonc require ssl certificate and private
+#   key files to function correctly.  The certificate
+#   files need not be terribly secure, but the private key files
+#   should be set up so that only www (the lonc/lond effective user)
+#   can read them.
+# 
+#   The definition below is the full path to the directory that
+#   contains the certificate and key files:
+#
+PerlSetVar lonCertificateDirectory /home/httpd/lonCerts
+
+#
+#  Secure lond/lonc require two certificates and a private host key.
+#  The certificates required are that of the lonCAPA certificate authority
+#  and the certificate that authority issued to this host.
+#  lonnetCertificateAuthority is the name of the file that contains the
+#                            lonCAPA certificate authority's certificate.
+#  lonnetCertificate is the name of the file that contains the certificate
+#                    issued to the host by the certificate authority.
+#  Both of these variables are names of files assumed to be in 
+#  lonCertificateDirectory:
+
+PerlSetVar lonnetCertificateAuthority loncapaCA.pem
+PerlSetVar lonnetCertificate          lonhostcert.pem
+
+#
+#  To generate the request for a certificate, and to negotiate the
+#  initial ssl connection, the host requires a private key.  This key
+#  is created at lonCAPA install time.  Did we mention above that it
+#  should be set so that only www can read it?  The variale below
+#  is the name of the file relative to lonnetCertificateDirectory
+#  that has the host's private key.  Did we remember to tell you to
+#  keep the permissions on that file set to rw-------  (0600)?
+#  
+
+PerlSetVar lonnetPrivateKey         lonKey.pem
+
+# Did we mention that the file described above must have
+# permissions really locked down so that it can't be stolen?
+
+
+
 
 # ====================================== Include machine-specific configuration