Running Your Own Auth Service.

So, you want to run an Auth service. Do you really need to?

Required Software

Installation

  1. Unpack the NoCatAuth tarball. You probably already did this if you're reading this file.

      $ tar zvxf NoCatAuth-x.xx.tar.gz 
  1. Edit the Makefile, if necessary. The only real option at present is INST_PATH, which determines where NoCatAuth gets installed to. The default is [=/usr/local/nocat], so if that's okay with you, you can skip this step.

  2. From the NoCatAuth directory, run make authserv. This will install the important pieces of the Auth service.

  3. Run make pgpkey. The defaults should be fine for most purposes. IMPORTANT: do NOT enter a passphrase! Otherwise, you will get strange messages when the auth service attempts to encrypt messages, and tries to read your passphrase from a non-existent tty.

  4. Edit the /usr/local/nocat/nocat.conf file to suit. These parameters are required:

    • DataSource: Currently, must be DBI or Passwd. Use DBI for MySQL, or Passwd for local file-based authentication. If you're using DBI, then 'Database', 'DB_User', and 'DB_Passwd' are required. Database can be set to a full dbi string, like this:

      • dbi:mysql:database=nocat;host=my.dbhost.net

      DB_User and DB_Passwd define the db user's name and password, respectively (on the line below dbi:).

      If you're using Passwd as a DataSource, 'UserFile', 'GroupUserFile', and 'GroupAdminFile' are required (and the defaults are probably sane enough.)

    Also, if you intend to run the Auth service on the same subnet (or the same machine) as your gateway, then set LocalGateway to the IP address of the gateway. Currently, only one gateway is supported when running in this mode. This is really only useful for running the whole system behind a NAT, or on a network without internet access. Note that this option requires the Net::Netmask perl module (available from CPAN). We *strongly* recommend running your auth service on some machine other than your gateway box. We have tried to cover every eventuality, but the fact remains that a gateway allows anonymous, non-present people to interact with your server. As the whole security of the auth system is hinging on keeping your SSL and gpg private keys secure, please consider whether you really want to directly connect a radio to the box that they're housed on. The Auth system machine should be treated as you would any other server that houses sensitive data.

  5. Make sure that /usr/local/nocat/pgp and pgp/ are owned by the user that your web server runs as (usually 'www', or sometimes 'nobody'). If not, you will get odd gpg permissions errors when running the auth service.

  6. Add etc/httpd.conf (from the distribution) to your Apache's httpsd.conf. You can use a regular 'Include' line, if you like. If you're not using Apache, add the equivalent to your server's configuration file.

    Check the paths in etc/httpd.conf, and read the comments. Also make sure that [=/usr/local/nocat/cgi-bin] is served from somewhere on your webserver (probably on a VirtualHost, if you're using Apache.)

  7. Create your authentication source, and add some users.

    8a. DBI: First, make a new database (with 'mysqladmin create nocat', for example.) Then, import the table schemas from etc/nocat.schema like this:

      $ mysql nocat < etc/nocat.schema 

/Thanks to Sameer Verma, Michael Bailey, Jonathan Dopazo and everyone else who has posted installation problems and suggestions. We're nearing 1.0!/


[CategoryNoCat][CategorySoftware][CategoryHistorical]