Changes between Version 1 and Version 2 of CertificatesAndAccountsManagement


Ignore:
Timestamp:
Mar 26, 2011, 5:20:00 PM (7 years ago)
Author:
James O'Gorman
Comment:

s/bin/sbin/

Legend:

Unmodified
Added
Removed
Modified
  • CertificatesAndAccountsManagement

    v1 v2  
    1919To setup the basic key structure, do the following:
    2020{{{
    21 /usr/local/bin/bbstored-certs ca init
     21/usr/local/sbin/bbstored-certs ca init
    2222}}}
    2323(See [wiki:OpenSSLNotes] if you get an OpenSSL error)
     
    2929When you use the ''bbstored-config'' script to set up a config file for a server, it will generate a certificate request (CSR) for you. Transfer it to the machine with your CA, then do the following:
    3030{{{
    31 /usr/local/bin/bbstored-certs ca sign-server hostname-csr.pem
     31/usr/local/sbin/bbstored-certs ca sign-server hostname-csr.pem
    3232}}}
    3333which signs the certificate for the server. Follow the instructions in the output on which files to install on the server. The CSR file is now no longer needed. Make sure you run this command from the directory above the directory 'ca'.
     
    3737Choose an account number for the user. This must be unique on the server, and is presented as a 31 bit number in hex greater than 0, for example, 1 or 75AB23C. Then on the backup store server, create the account with the following:
    3838{{{
    39 /usr/local/bin/bbstoreaccounts create 75AB23C 0 4096M 4505M
     39/usr/local/sbin/bbstoreaccounts create 75AB23C 0 4096M 4505M
    4040}}}
    4141This looks complicated. The numbers are, in order...
     
    6262Sign this CSR with the following command:
    6363{{{
    64 /usr/local/bin/bbstored-certs ca sign 75AB23C-csr.pem
     64/usr/local/sbin/bbstored-certs ca sign 75AB23C-csr.pem
    6565}}}
    6666Don't forget to check that the embedded account number is correct! Then send the two files back to the user, as instructed by the script.
     
    7272To display the space used on the server for an account, use the following command:
    7373{{{
    74 /usr/local/bin/bbstoreaccounts info 75AB23C
     74/usr/local/sbin/bbstoreaccounts info 75AB23C
    7575}}}
    7676To adjust the soft and hard limits on an account, use the following:
    7777{{{
    78 /usr/local/bin/bbstoreaccounts setlimit 75AB23C new-soft-limit new-hard-limit
     78/usr/local/sbin/bbstoreaccounts setlimit 75AB23C new-soft-limit new-hard-limit
    7979}}}
    8080You do not need to restart the server if the limits are changed.
     
    8484To remove an account, deleting all the stored files on the server and removing the account information which allows a client to log in, use the following command:
    8585{{{
    86 /usr/local/bin/bbstoreaccounts delete 75AB23C
     86/usr/local/sbin/bbstoreaccounts delete 75AB23C
    8787}}}
    8888This will ask for confirmation. Append ''yes'' to the command to delete without confirmation.
     
    9292To check that a store account is not corrupt, and optionally fix any errors, use the following commands:
    9393{{{
    94 /usr/local/bin/bbstoreaccounts check 75AB23C
    95 /usr/local/bin/bbstoreaccounts check 75AB23C fix
     94/usr/local/sbin/bbstoreaccounts check 75AB23C
     95/usr/local/sbin/bbstoreaccounts check 75AB23C fix
    9696}}}
    9797The second command will fix any errors it finds, the first will merely report them.