diff options
| author | Jonas Smedegaard <dr@jones.dk> | 2002-12-26 01:06:31 +0000 |
|---|---|---|
| committer | Jonas Smedegaard <dr@jones.dk> | 2002-12-26 01:06:31 +0000 |
| commit | f5fe5e48d3e6e3baf7a027c96a376c4bfee523b0 (patch) | |
| tree | ea3c1685de48f96a33a3e4f0d8fe0f3fead6314a | |
| parent | 580bfaa50dd660a84d69a0e479b19375748b3303 (diff) | |
New script mycert to help merge and encrypt user certificate.
| -rwxr-xr-x | mycert | 48 | ||||
| -rwxr-xr-x | nfs-ssh-fw | 6 |
2 files changed, 54 insertions, 0 deletions
@@ -0,0 +1,48 @@ +#!/bin/sh + +RCSID='$Id: mycert,v 1.1 2002-12-26 01:06:31 jonas Exp $' + +# Script for enabling user certificates authorized by CA. +# The user is given a certificate + key and need to merge them into a +# pkcs12 file (understood by Netscape and others) and add a password. +# +# Originally found here: +# http://www.cise.ufl.edu/help/secure-access/ssl-mail-setup.shtml +# adapted to non-YP environment and strings replacable from /etc. +# +# -- Jonas Smedegaard <dr@jones.dk> + +help="hostmaster@`cat /etc/mailname 2> /dev/null || hostname -d`" # Email address of technical staff +cadir="/etc/ssl/certs" +caname=`hostname -d` # Abbrev. of organisation + +if [ -f /etc/local/mycert.conf ]; then + . /etc/local/mycert.conf +fi + +if [ ! -f newcert.pem ]; then + echo "No newcert.pem file found in the current directory." + exit 0 +fi +if [ ! -f newreq.pem ]; then + echo "No newreq.pem file found in the current directory." + exit 0 +fi + +uname=`/usr/bin/id | /usr/bin/awk '{print $1}' | /bin/sed -e 's,^.*(,,' -e 's,).*,,'` +if [ "x$uname" = "x" ]; then + echo "ERROR: unable to determine username." + echo " Please email $help for help" + exit 0 +fi + +name=`getent passwd $uname | awk -F : '{print $5}'` +if [ "x$name" = "x" ]; then + echo "ERROR: unable to determine full name from password map." + echo " Please email $help for help" + exit 0 +fi + +/usr/local/bin/openssl pkcs12 -export -in newcert.pem -inkey newreq.pem \ + -certfile $cadir/cacert.pem \ + -name "$name [$caname]" -out newcert.p12 -nodes @@ -4,6 +4,12 @@ # the article "Encrypted NFS with OpenSSH and Linux" found here: # http://www.samag.com/documents/s=4072/sam0203d/sam0203d.htm # +# Recommended fstab setup: +# master.foo.com:/home /mnt/home nfs rw,hard,intr 0 0 +# +# Read Firewall HOWTO for info on "pinning" RPC daemons to specific portnumbers: +# http://nfs.sourceforge.net/nfs-howto/security.html +# # TODO: Use getopts and configfile # Figure out a way to automount # Figure out a way to automount through PAM |