sort of maturity that this project has not reached yet.
-First-time setup
+First-time build
----------------
Create a user and group "tlspool" if you wish to drop privileges to a
separate account.
-Run the script bootstrap.sh to initiate the autotools environment::
-
- sh bootstrap.sh
-
-Then, continue as always::
+Use the common building approach:
./configure
make
private keys. Then you can fill PKCS #11 and the databases.
-Building
---------
+Build details
+-------------
There are three sub-targets with their own Makefiles:
The source package includes a "testdata" directory that can be filled
with databases that you can use for a quick and dirty test. You will
-need to setup a PKCS #11 repository; we suggest to use SoftHSM from the
+need to setup a PKCS #11 repository; we suggest to use SoftHSMv2 from the
OpenDNSSEC project to get started, you can always try hardware-based
tokens later on. The idea of PKCS #11 is that such choices are pluggable.
-To create a SoftHSMv2 token, you can use the following command::
+To create a SoftHSM token, you can use the following command::
softhsm2-util --init-token --free --label 'TLS_Pool_dev_data'
chown -R tlspool:tlspool /var/lib/softhsm/tokens/XXX
+To setup Kerberos authentication, you need to install the basic package,
+usually named `krb5-user` or `krb5-client`, depending on your distro.
+In `/etc/krb5.conf`, be sure to have this entry to guide the test
+domain names to our KDC::
+
+ [domain_realm]
+ # ...other entries...
+ tlspool.arpa2.lab = ARPA2.NET
+
The following test demonstrates proper working of the TLS Pool based on
the testdata and under the warnings above: