File:  [LON-CAPA] / loncom / loncapa.conf
Revision 1.9: download - view: text, annotated - select for diffs
Wed May 26 10:17:49 2004 UTC (19 years, 10 months ago) by foxr
Branches: MAIN
CVS tags: HEAD
Add variable definitions for secure lonc/lond.

##
## loncapa.conf -- Apache HTTP LON-CAPA configuration file
##
## $Id: loncapa.conf,v 1.9 2004/05/26 10:17:49 foxr Exp $
##

# ======================================= Machine Specific / Perl Configuration
#
# ------------------------ The variable values are also read and shared by lond

# LON-internal HostID of this machine

PerlSetVar       lonHostID    {[[[[lonHostID]]]]}
 
# Role of this machine: library, access

PerlSetVar       lonRole      {[[[[lonRole]]]]}

# Server Administration

PerlSetVar       lonAdmEMail  {[[[[lonAdmEMail]]]]}

# Default domain

PerlSetVar       lonDefDomain {[[[[lonDefDomain]]]]}

# Load Limit ( 100% loadavg )

PerlSetVar       lonLoadLim   {[[[[lonLoadLim]]]]}

# User Load Limit ( 100% loadavg )

PerlSetVar       lonUserLoadLim   {[[[[lonUserLoadLim]]]]}

# Expiration for local copies and tokens in seconds

PerlSetVar       lonExpire    {[[[[lonExpire]]]]}

# Key to issue receipts
 
PerlSetVar	 lonReceipt   {[[[[lonReceipt]]]]}

#
#   The variables below control the behavior of secure lond:
#
#

#  londAllowInsecure allows lond to fall back to insecure connections
#  in the event its peer is not yet updated to secure lonc.
#  If you are certain all the systems you are communicating with
#  are using secure lonc, uncomment the first definition and
#  comment the second.

# PerlSetVar londAllowInsecure {[[[[0]]]]}
PerlSetVar londAllowInsecure {[[[[1]]]]}

# loncAllowInsecure allows lonc to fall back to negotiating an insecure
# connection with lond in the event the peer is not yet a secure lond.
# If you are certain that all systems you are communicating with 
# are using secure lond, uncomment the next line and comment the
# second:

# PerlSetVar loncAllowInsecure {[[[[0]]]]}
PerlSetVar   loncAllowInsecure {[[[[1]]]]}

#
#   Secure lond/lonc require ssl certificate and private
#   key files to function correctly.  The certificate
#   files need not be terribly secure, but the private key files
#   should be set up so that only www (the lonc/lond effective user)
#   can read them.
# 
#   The definition below is the full path to the directory that
#   contains the certificate and key files:
#
PerlSetVar lonCertificateDirectory {[[[[/home/httpd/lonCerts]]]]}

#
#  Secure lond/lonc require two certificates and a private host key.
#  The certificates required are that of the lonCAPA certificate authority
#  and the certificate that authority issued to this host.
#  lonnetCertificateAuthority is the name of the file that contains the
#                            lonCAPA certificate authority's certificate.
#  lonnetCertificate is the name of the file that contains the certificate
#                    issued to the host by the certificate authority.
#  Both of these variables are names of files assumed to be in 
#  lonCertificateDirectory:

PerlSetVar lonnetCertificateAuthority {[[[[loncapaCA.pem]]]]}
PerlSetVar lonnetCertificate          {[[[[lonhostcert.pem]]]]}

#
#  To generate the request for a certificate, and to negotiate the
#  initial ssl connection, the host requires a private key.  This key
#  is created at lonCAPA install time.  Did we mention above that it
#  should be set so that only www can read it?  The variale below
#  is the name of the file relative to lonnetCertificateDirectory
#  that has the host's private key.  Did we remember to tell you to
#  keep the permissions on that file set to rw-------  (0600)?
#  

PerlSetVar lonnetPrivateKey         {[[[[lonKey.pem]]]]}

# Did we mention that the file described above must have
# permissions really locked down so that it can't be stolen?


FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>