A Detailed list of the LBL Akenti Servers

/home/itg10/http/htdocs/security/Akenti/private/lbl-servers.html

idcg-ca.lbl.gov (aka akenti) - CA servers

LBNL Netscape Certificate Authority server running on idcg-ca.lbl.gov. Accessible as https://idcg-ca.lbl.gov. It issues Identity Certificates on behalf of Lawrence Berkeley National Laboratory. This machine should not be running a web server. Ideally it would be isolated from net except for the CA.

Old Netscape CA for LBNL (currently used by Akenti)

Server to adminster the CA server

informix backend for the Netscape CA
DOEGrid CA and internal ldap servers
Trouble-shooting
When starting the CA, it rejects the password for the DataBase Server.

idcg-ds.lbl.gov (aka akenti) - LDAP servers version 1.03

LBNL LDAP on idcg-ds.lbl.gov (really idcg-ca). The web gateway server is accessible remotely via http://idcg-ds.lbl.gov/. Anyone can do lookups and searches. Privileged users (e.g. Directory Manager) can enter new users The Netscape CA on idcg-ca stores Identity Certificates in the data base on idcg-ds. The LDAP server also runs on this machine on port 389. Akenti looks up User Certificates via the LDAP protocol, both to verify UserCertificates that have been presented by web clients and to get public keys to verify signers of Attribute Certificates. LDAP web gateway Server to administer the LDAP server

idcg-ds.lbl.gov (aka akenti) - LDAP servers version 4.0b

LBNL LDAP server on idcg-ds.lbl.gov (really idcg-ca).
This is available for testing. The old data base was migrated on 1/25/99. LDAP web gateway (aka administration server)
HTTP interface to add and modify entries. It is also called the adminstration server when accessed via the Netscape Console program. Netscape Console used to administer the LDAP server
Graphic interface to adminster and configure the LDAP server and gateway. This no longer runs as a server. It is run by root from the command line. Note the files named ns-admin now are part of what used to be called the web gateway. Be sure that you have your DISPLAY var set and that you have xhost'ed idcg-ca.

george: MSQL server (sometimes used by Akenti)

It stores attribute certificates. It is contacted by the java application that generates attribute certificates, AttributeCertificateMain.java. The user of this application must have write permission in the MSQL data base, granted by the /usr/local/Hughes/msql.acl file. It may be contacted by Akenti when looking for Attribute Certificates.

imglib.lbl.gov - Akenti servers

Akenti web server on imglib.lbl.gov, https://imglib.lbl.gov Accessing ImgLib via this server gets you an encrypted connection and presents your Identity Certificate to the server.You must have an Identity Certificate issued by IDCG-CA or DieselCert.ca.sandia.gov to access this server Akenti Monitor server
Akenti cache server
Akenti resource definition server - provides the Akenti resource templates to UseCondition Create application

rocky.lbl.gov - Akenti servers

Akenti development secure apache server Akenti Monitor server
Akenti cache server
Akenti resource definition server - provides the Akenti resource templates to UseCondition Create application
Notes on the Akenti servers: The Akenti servers on imglib and rocky share files and directories where possible. The real files live under the production server in http.imglib and the development server links to them. The imglib stuff is updated from rocky at appropriate intervals.

The scripts directory is aliased to akenti-docs/cgi-bin in the conf file. This gets the scripts under the root .htauthority file in akenti-docs but causes the files in this directory to be executed and not displayed.