cool -FC8/9?- Re: First announcment

Jaromír Talíř jaromir.talir at nic.cz
Thu Jul 17 15:39:49 CEST 2008


Jacob Mtui píše v Čt 17. 07. 2008 v 12:15 +0000:
> This is good development ; 
> 
> a. On the documentation ; Probably More info on certificates
> generation and security model would be appreciated. I am not sure if
> the new script takes care of certificate management or not!

We now that certificate management is little bit complicated, but in our
setup it's just 1/3 of our security. We use this security setup:

1. Firewall block access to EPP server just for registrars IP adresses
2. Each registrar has client ssl certificate
3. Each registrar has a password for log into EPP server

You can implement any combination of these.

New script and new installation process use one self-signed test
certificate bundled with fred-client and fred-mod-eppd packages. It is
used as a client certificate and also as a server CA certificate. This
way you don't need to worry about certificates until you will try to
implement security feature 2. 

> b. Probably a PHP based front-end would also be a plus ... 

We thought about it in the past and implemented simple feature into our
fred-client. You can use fred-client as a script engine with parameter
-d 'command' and you can change output with parameter -o php. This way
it will generate output that can be evaluated inside php script and you
can than use results of EPP call as normal php variables.

> Again, it is my hope that the FRED would be running most of registry
> around the world; Good work guys

Maybe one day :)

Regards,
Jaromir

> 
> Regards
> 
> JM
> 
> On Thu, Jul 17, 2008 at 11:55 AM, Jaromír Talíř <jaromir.talir at nic.cz>
> wrote:
>         
>         Dr Paulos Nyirenda píše v Út 15. 07. 2008 v 16:31 +0200:
>         > Jaromir,
>         >
>         > Great news. The .mw ccTLD is really interested in test
>         running FRED
>         > but we were dismayed at the frequest references and
>         preferences to
>         > Debian in the documentation that we found during the recent
>         Paris
>         > ICANN conference.
>         >
>         > Our systems are running on Fedora on which we have invested
>         a lot.
>         >
>         > We are therefore encouraged to see here that you say that
>         "FRED on
>         > Fedora (8,9)" is now this easy to install. Is there anything
>         that we
>         > should look out for?
>         
>         
>         You should probably check out our rpms repository for Fedora.
>         Fred
>         installation is described at http://fred.nic.cz/wiki/download
>         in section
>         "Binary packages". The process of starting fred is easy after
>         that:
>         
>         /etc/init.d/postgresql initdb # if never called
>         /etc/init.d/postgresql start
>         /etc/init.d/omniNames start
>         /etc/init.d/fred-server start
>         /etc/init.d/fred-webadminserver start
>         
>         > Have the documentation and howto now been updated as well?
>         
>         
>         We should definitely update HOWTO because there are things
>         that are not
>         true or now work at all in new versions. Documentation update
>         is, I'am
>         afraid. long term process. Maybe subscribers of this list
>         should help us
>         with making some FAQ. What are the main things you would like
>         to now
>         about FRED?
>         
>         Regards,
>         Jara
>         
>         
>         >
>         > Great work guys.
>         >
>         > Regards,
>         >
>         > Paulos
>         > ======================
>         > Dr Paulos B Nyirenda
>         > .mw ccTLD
>         > http://www.registrar.mw
>         >
>         >
>         > On 15 Jul 2008 at 16:07, Jaromír Talír wrote:
>         >
>         > > Hello,
>         > >
>         > > this is probably first message from us to this list after
>         it's creation.
>         > > That's not good, but hopefully this will change in near
>         future. I always
>         > > waited to some interesting thing to announce and found all
>         changes till
>         > > now not so much interesting ;)
>         > >
>         > > Actually we have interesting web pages http://fred.nic.cz
>         full of useful
>         > > information. I will try at least announce here new changes
>         on these web
>         > > pages such source update, documentation update etc.
>         > >
>         > > Right now with a release of new version 1.10 of our
>         registration system
>         > > I found one thing really cool to announce. This is
>         completely rewritten
>         > > build system of all components of FRED. It was never so
>         easy to install
>         > > FRED from sources. To support this installation I uploaded
>         there little
>         > > bash script fred-manager
>         (http://fred.nic.cz/sources/fred-manager).
>         > > Everyone should be able to install fred in this few steps:
>         > >
>         > > wget http://fred.nic.cz/sources/fred-manager
>         > > chmod a+x fred-manager
>         > > ./fred-manager download
>         > > ./fred-manager install
>         > > ./fred-manager start
>         > >
>         > > This will download and unpack sources, build all
>         compoments in build
>         > > subdirectory of your current directory and install all
>         results into root
>         > > subdirectory. Command start will run all necessary servers
>         that include
>         > > apache and postgres. They don't interfere at all with your
>         system wide
>         > > proceses of the same name. All is installed into your
>         current directory,
>         > > all is running under privileges of your current user.
>         Servers will
>         > > allocate about 10 ports to listen on.
>         > >
>         > > After that you can test client by running script
>         > > at ./root/bin/fred-client. You can check zone generation
>         by
>         > > calling ./root/bin/genzone-client.  You can check web
>         applications by
>         > > pointing your browser to localhost:22354.
>         > >
>         > > You can also just check this script instead, to find out
>         how to install
>         > > FRED.
>         > >
>         > > One thing will be probably a little bit painful - to
>         satisfy all
>         > > dependencies. Configuration script will fail when they
>         find some missing
>         > > dependency. Then you have to manually install it. We tried
>         successfuly
>         > > to install FRED on Fedora (8,9), Ubuntu (Dapper) and
>         Gentoo. Except from
>         > > omniORB all dependencies should be in distribution
>         repositories. We
>         > > created a overall schema of this dependencies
>         > >
>         http://fred.nic.cz/attachment/wiki/attachments/component_schema.png
>         > >
>         > > Hope that traffic on this lists will arise a little bit
>         since now.
>         > >
>         > > Enjoy our work! ;)
>         > >
>         > > Jaromir
>         > >
>         >
>         >
>         >
>         
>         
>         _______________________________________________
>         Fred-users mailing list
>         Fred-users at lists.nic.cz
>         https://lists.nic.cz/mailman/listinfo/fred-users
>         
> 
> 
> _______________________________________________
> Fred-users mailing list
> Fred-users at lists.nic.cz
> https://lists.nic.cz/mailman/listinfo/fred-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3870 bytes
Desc: not available
Url : http://lists.nic.cz/pipermail/fred-users/attachments/20080717/36ec6a96/attachment-0001.bin 


More information about the Fred-users mailing list