This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: First-time usage problem: "Enter new password for systemtap server certificate/key database"

From: Elijah Newren <newren at gmail dot com>
To: Dave Brolley <brolley at redhat dot com>
Cc: systemtap at sourceware dot org
Date: Wed, 26 Aug 2009 20:32:13 -0600
Subject: Re: First-time usage problem: "Enter new password for systemtap server certificate/key database"
References: <51419b2c0908222237o560830b2l57bcdccd044b33fa@mail.gmail.com> <4A92B639.7080001@redhat.com>

Hi,

Was out for a few days, just now catching back up...

On Mon, Aug 24, 2009 at 9:48 AM, Dave Brolley<brolley@redhat.com> wrote:
> This prompt error occurs when systemtap tries to sign the generated kernel
> module for the first time but is unable to generate a password to protect
> the private key for its signing certificate. This should not be happening
> with the latest release (or the latest git) unless you have used the
> --unprivileged option. However some previous systemtap releases did attempt
> to sign all modules. What version of systemtap are you using?

$ rpm -q systemtap
systemtap-0.9.9-3.fc11.x86_64

> In order to sign the module, systemtap generates its own signing certificate
> with a private key that is password protected. Normally the password is
> self-generated and random, since only systemtap ever needs it. The following
> two methods are tried
>
> mkpasswd -l 20
>
> and
>
> apg -a 1 -n 1 -m 20 -x 20
>
> If these fail, then systemtap prompts for a password. I'm interested in the
> response to the above two commands on your system. Can you please try them
> and post the responses?

# mkpasswd -l 20
-bash: mkpasswd: command not found

# apg -a 1 -n 1 -m 20 -x 20
-bash: apg: command not found

(a quick yum search seems to suggest that mkpasswd comes from the
'expect' package, and that apg comes from the 'apg' package, neither
of which do I have installed.)

> If systemtap does prompt for a password, then any old psuedo random string
> will do. You will never need to remember it (in fact, it's probably best if
> you don't!).

And I'm guessing that <Ctrl-C> doesn't count as a pseudo-random
string.  :-)  Okay, I'll try it out.

> Let me know if you have any additional questions or concerns.
>
> Thanks,
> Dave

I'll do that.  Thank you very much for making this software, and for
taking the time to respond and explain.  You guys run your project
better than I have mine.  Very cool.



Thanks,
Elijah

References:
- First-time usage problem: "Enter new password for systemtap server certificate/key database"
  - From: Elijah Newren
- Re: First-time usage problem: "Enter new password for systemtap server certificate/key database"
  - From: Dave Brolley

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]