Here are some questions, asked frequently about I2A2, and answers to them.
The questions and answers have no formal organization. Please click on a
question to see it's answer
-
What is I2A2?
I2A2 stands for the Infrastructure for Identification, Authentication, and
Authorization.
"I2" represents the two 'I' letters in Infrastructure and Identification; "A2"
represents the first two 'A' letters in Authentication and Authorization.
The purpose of I2A2 is to provide support and a framework whereby electronic
systems at Purdue can determine identity, establish its proof, and determine if
it has characteristics associated with it that permit access to some resource.
-
Why do I get an SSL random number generator error message from the PUIDCL library?
Your system probably lacks an entropy gathering daemon or a /dev/random.
You may see this error message when you try to make an SSL connection with
the PUIDCL library:
-
error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded
This error message indicates an unseeded SSL pseudo-random number generator
(
PRNG).
The PUIDCL library assumes that the UNIX system on which it runs runs an entropy gathering
daemon or has the /dev/random device.
The OpenSSL documentation has information on the
entropy gathering daemon.
(Also see the
OpenSSL FAQ.) A
freeware /dev/random package is also available
for Solaris.
You might also consider using a variant of
this Solaris code.
/*
* Set SSL random seed.
*/
{
struct stat dnsb;
union {
u_longlong_t ull[4];
ulong_t ul[8];
} seed;
seed.ull[0] = (u_longlong_t)gethrtime() * (u_longlong_t)Mypid;
(void) stat("/dev/null", &dnsb);
seed.ul[2] = (ulong_t)time(NULL);
seed.ul[3] = (ulong_t)dnsb.st_atime;
(void) stat("/usr/bin/ls", &dnsb);
seed.ull[1] ^= (u_longlong_t)gethrtime();
seed.ull[2] = seed.ull[0] ^ seed.ull[1]
| (u_longlong_t)gethrtime();
seed.ul[6] = (ulong_t)dnsb.st_atime;
seed.ul[7] = (ulong_t)&dnsb;
seed.ull[3] ^= seed.ull[1] | seed.ull[2];
(void) RAND_seed((uchar_t *)&seed, sizeof(seed));
if (!RAND_status()) {
/*
* The PNRG isn't seeded to OpenSSL's satisfaction. Take
* appropriate error action.
*/
}
}
If you use it on a UNIX dialect other than Solaris, you will probably have to
find alternatives for its gethrtime() and stat() calls.
-
Why does the I2A2 LDAP protocol converter say "no search criteria"?
Usually that means there is no cn attribute and value in the RDN or the filter.
This message is issued by the I2A2 LDAP protocol converter when a search request contains no key that the
converter can supply to an I2A2 DBM for a lookup operation. While a missing common name (cn) isn't the
sole cause of a "no search criteria" error reply, it is by far the most common
-
Why does the net daemon or DBM complain about a missing key?
If a key field contains only spaces -- e.g., "a " or "p " -- the net daemons and DBM ignore it. That's because
the net daemons and the DBM remove leading and trailing spaces from all but message ('M') fields. If a field that
contains only spaces is a key and a key is required by the command, after the net daemons and DBMs have trimmed
leading and trailing spaces, they will complain that the key is missing.
