		MITSign: A Kerberized PGP Keysigner

			  Derek Atkins
			<warlord@MIT.EDU>
			   17 Dec 1994
Introduction

   MITSign is  a Kerberized PGP Keysigner system  which will allow you
   to use an  installed Kerberos base to  generate a PGP Certification
   Authority.  The MITSign package   contains a  client and  a  server
   which   you  can configure and    install for your   site.  You can
   configure  MITSign  to  accept  multiple  Kerberos realms  and mail
   domains, so that a single Signer Key can sign PGP keys for multiple
   locations.

Configuring MITSign

   To configure MITSign  for your site, you need  to  check two files,
   pgpsign.h and Makefile.  Almost all of the configuration of MITSign
   is in the C header file, pgpsign.h.   In the top  of the file are a
   number of configuration  variables that you  can use to set simple,
   site-specific values.     You should edit  the  file   to  set  the
   appropriate  values for your site before  you attempt  to build the
   MITSign code.

   The Makefile  contains some more  site-specific configuration.  The
   only major configuration done in the  Makefile is to define if your
   site has  Hesiod, and also   setting a flag   if your platform  has
   memset, memcpy, etc.  This  second value can be  added to the  Make
   rule for your target or can be set on the command-line.
   
Configuring the Client

   For clients, there  is only  one  important value, the default  PGP
   Keysigner host.  This is in pgpsign.h, and it defines the host that
   your client will use,  if you either do not  have Hesiod, or if the
   Hesiod lookup fails.

Configuring the Server

   For server configuration,   there is a lot  more  that needs  to be
   configured.  First, you need to  configure the directory  locations
   of your server platform.   In particular, you should  configure the
   path  to the    PGP  program,  the  file  containing  the   PGP key
   passphrase, the location  of the Kerberos  srvtab, and the location
   of the PGP keyring information.

   In addition to configuring    the server structure, you must   also
   configure  the behavior of  the server process.  In particular, you
   need to define  what Kerberos Realm you will  accept, and how those
   realms   will  behave.    This   is   done  by  first   creating  a
   NULL-terminated list  of   Kerberos realms,  which  define all  the
   Kerberos realms that are  accepted by this server.  Only principals
   in these realms will be accepted as valid.

   Next, a NULL-terminated list of  lists is created which defines the
   accepted mail domains for each Kerberos realm.  For example, in the
   Kerberos   realm     ATHENA.MIT.EDU,   valid    mail    domains are
   "Athena.MIT.EDU" and "MIT.EDU".  This   is realized by setting  the
   realm list and mail domains to:

	{"ATHENA.MIT.EDU", ""}

	and

	{
		{"ATHENA.MIT.EDU", "Athena.MIT.EDU", "MIT.EDU", ""}
		{""}
	}

Building the Software

   Once  you have configured the software,  you  can build it for each
   platform at  your site.  The  Makefile that   is included with  the
   distribution will build both the client and the server for MITSign.
   You should  try to use the  make rule for your particular platform.
   If your platform  is not defined in the  makefile, then you can try
   using the default settings.  If those don't  work for you, you will
   have to try to port the software to your platform.  If you get this
   to work, please send email with the make rule you generated.

Setting up the Server

   The server  requires some configuration; it  is designed to run out
   of   inetd.  You need to  add  a line  to the services  file and to
   inetd.conf    to run  the     pgpsign  server.   Also,   given  the
   configuration  done above,  you  need  to  install the  appropriate
   binaries and configuration files on the keysigner.

   The default  configuration expects  a directory /var/pgpsign, which
   contains the following:

	/var/pgpsign/bin - Contains PGPSign binaries
		pgpsignd - MITSign Daemon
		pgp - PGP Program

	/var/pgpsign/control
		passphrase - contains the passphrase to the
			MITSign PGP Key
		srvtab - contains the Kerberos srvtab

	/var/pgpsign/keyring - Contains the Keyserver Keyring
		config.txt - PGP Configuration
		pubring.pgp - Contains the Keyserver Public Key
		randseed.bin - PGP Random Number Generator Seed
		secring.pgp - Contains the Keyserver Secret Key

   Most  of these files  are self-explanatory.  The  PGP Key should be
   generated on the server for the best security, and should be as big
   as  you see  fit.   The  passphrase file  should just  contain  the
   clear-text  passphrase to the  PGP  Key.  The config.txt  file just
   needs   to exist;  it really  does   not  need to  contain anything
   important.  However, it  would probably be  a good thing to  have a
   config.txt that contains:

	MyName = MITSign		# This is who I am!
	Language = en			# English
	tmp = /tmp			# Tempfiles into /tmp
	Armorlines = 0			# Generate a single armorfile

   MITSign is expecting  to authenticate using the  Kerberos principal
   pgpsigner.hostname@REALM.SITE.ORG.   The srvtab  file needs      to
   contain this   key,  so that  the MITSign  Daemon  can  decode  the
   authenticator sent by the client.

   You will need to add these lines to /etc/services and inetd.conf to
   get the MITSign  Daemon to run.  These  are only examples, and  you
   should  modify these to  taste depending on your  site.  At MIT, we
   run  the MITSign Daemon  as it's  own user,  and all the  files are
   owned by this user.

	pgpsigner	2792/tcp	# PGP Key signer

	pgpsigner	stream	tcp	nowait	pgpsign \
		/var/pgpsign/bin/pgpsignd	pgpsignd

Reporting Bugs and Improvements

   If you find any  bugs in the  software, or if you  have to make any
   changes to  get  it to build  on another  platform,  please send me
   mail.  Changes would be best sent as UNIX context diffs, and should
   have any platform-specific   code changes within #ifdefs.   You can
   email me at this address:

	warlord@MIT.EDU
