From f5fe5e48d3e6e3baf7a027c96a376c4bfee523b0 Mon Sep 17 00:00:00 2001 From: Jonas Smedegaard Date: Thu, 26 Dec 2002 01:06:31 +0000 Subject: New script mycert to help merge and encrypt user certificate. --- mycert | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ nfs-ssh-fw | 6 ++++++ 2 files changed, 54 insertions(+) create mode 100755 mycert diff --git a/mycert b/mycert new file mode 100755 index 0000000..fd29db4 --- /dev/null +++ b/mycert @@ -0,0 +1,48 @@ +#!/bin/sh + +RCSID='$Id: mycert,v 1.1 2002-12-26 01:06:31 jonas Exp $' + +# Script for enabling user certificates authorized by CA. +# The user is given a certificate + key and need to merge them into a +# pkcs12 file (understood by Netscape and others) and add a password. +# +# Originally found here: +# http://www.cise.ufl.edu/help/secure-access/ssl-mail-setup.shtml +# adapted to non-YP environment and strings replacable from /etc. +# +# -- Jonas Smedegaard + +help="hostmaster@`cat /etc/mailname 2> /dev/null || hostname -d`" # Email address of technical staff +cadir="/etc/ssl/certs" +caname=`hostname -d` # Abbrev. of organisation + +if [ -f /etc/local/mycert.conf ]; then + . /etc/local/mycert.conf +fi + +if [ ! -f newcert.pem ]; then + echo "No newcert.pem file found in the current directory." + exit 0 +fi +if [ ! -f newreq.pem ]; then + echo "No newreq.pem file found in the current directory." + exit 0 +fi + +uname=`/usr/bin/id | /usr/bin/awk '{print $1}' | /bin/sed -e 's,^.*(,,' -e 's,).*,,'` +if [ "x$uname" = "x" ]; then + echo "ERROR: unable to determine username." + echo " Please email $help for help" + exit 0 +fi + +name=`getent passwd $uname | awk -F : '{print $5}'` +if [ "x$name" = "x" ]; then + echo "ERROR: unable to determine full name from password map." + echo " Please email $help for help" + exit 0 +fi + +/usr/local/bin/openssl pkcs12 -export -in newcert.pem -inkey newreq.pem \ + -certfile $cadir/cacert.pem \ + -name "$name [$caname]" -out newcert.p12 -nodes diff --git a/nfs-ssh-fw b/nfs-ssh-fw index 7866ded..b1258ae 100755 --- a/nfs-ssh-fw +++ b/nfs-ssh-fw @@ -4,6 +4,12 @@ # the article "Encrypted NFS with OpenSSH and Linux" found here: # http://www.samag.com/documents/s=4072/sam0203d/sam0203d.htm # +# Recommended fstab setup: +# master.foo.com:/home /mnt/home nfs rw,hard,intr 0 0 +# +# Read Firewall HOWTO for info on "pinning" RPC daemons to specific portnumbers: +# http://nfs.sourceforge.net/nfs-howto/security.html +# # TODO: Use getopts and configfile # Figure out a way to automount # Figure out a way to automount through PAM -- cgit v1.2.3