search

SilleBille / pki

Dogtag PKI Issues should be reported to the Dogtag PKI Pagure Issues site
https://pagure.io/dogtagpki/issues
GNU General Public License v2.0
1 stars 1 forks source link

Remove obsolete parameters from TPS configuration #463

Closed SilleBille closed 4 years ago

SilleBille commented 4 years ago

This issue was migrated from Pagure Issue #3026.Originally filed by sumedhs on 2018-05-24

Here is the output of tps-config-show

pki -d /opt/pki/certdb -c Secret123 -p 25080 -n 'PKI TPS Administrator for Example.Org' tps-config-show 
-------------
Configuration
-------------
  Properties:
    applet._000: #########################################
    applet._001: # applet information
    applet._002: # SAF Key:
    applet._003: # applet.aid.cardmgr_instance=A0000001510000
    applet._004: # Stock RSA,KeyRecover applet : 1.4.58768072.ijc 
    applet._005: # RSA/KeyRecovery/GP211/SCP02, SCP03 applet : 1.5.558cdcff.ijc
    applet._006: # Use GP211 applet only with SCP02 card
    applet._007: # For protocol > 1 do this ex: proto 3 : op.format.userKey.update.applet.requiredVersion.prot.3=1.5.558cdcff
    applet._008: #########################################
    applet.aid.cardmgr_instance: A0000000030000
    applet.aid.netkey_file: 627601FF0000
    applet.aid.netkey_instance: 627601FF000000
    applet.aid.netkey_old_file: A000000001
    applet.aid.netkey_old_instance: A00000000101
    applet.delete_old: true
    applet.so_pin: 000000000000
    channel._000: #########################################
    channel._001: # channel.encryption:
    channel._002: #
    channel._003: #   - enable encryption for all operation commands to token
    channel._004: #   - default is true
    channel._005: #  channel.blocksize=224
    channel._006: #  channel.defKeyVersion=0
    channel._007: #  channel.defKeyIndex=0
    channel._008: #
    channel._009: #  Config the size of memory managed memory in the applet
    channel._010: #  Default is 5000, try not go get close to the instanceSize
    channel._011: #  which defaults to 18000:
    channel._012: #
    channel._013: #  * channel.instanceSize=18000
    channel._014: #  * channel.appletMemorySize=5000
    channel._015: #########################################
    channel.blocksize: 224
    channel.defKeyIndex: 0
    channel.defKeyVersion: 0
    channel.encryption: true
    failover.pod.enable: true
    general.applet_ext: ijc
    general.pwlength.min: 20
    general.search.sizelimit.default: 100
    general.search.sizelimit.max: 2000
    general.search.timelimit.default: 10
    general.search.timelimit.max: 10
    general.verifyProof: 1

Of these as per discussion with jmagne cfu edewata some of the parameters are obsolete, such as the following ones:

  1. failover.pod.enable: true
  2. general.search.sizelimit.max param

Please feel free to add to the above list if there are any other parameters to be removed.