---------------------------------------------------------------------- File Queues: ---------------------------------------------------------------------- This is a quite complicated example. The qserver manages several queues of files. The qclient accesses these queues via RPC. *** Configuration *** You must change qserver.ml in order to configure the qserver. There is one option of interest in the source code: The variable "spooldir" right at the beginning. Set it to the directory where the queues will reside. This directory must exist, and the user running qserver must have read and write permissions. Furthermore, you must set the authentication style: - auth_sys: Insecure "system authentication" (included only for purposes of an example). This is the default. - auth_dh: Secure RPC - needs the keyserv daemon, however, and Secure RPC utilities. - auth_ssl: RPC over SSL. The Makefile variable AUTH_MODULE must be set accordingly (in Makefile.code). See the comments on the authentication modules below. *** Overview *** qclient supports the following commands: qclient queues [ -help | options ] - List queues qclient create [ -help | options ] - Create a new queue qclient destroy [ -help | options ] - Destroy a queue qclient status [ -help | options ] - Show the status of a queue qclient set [ -help | options ] - Set queue parameters qclient list [ -help | options ] - List queue members qclient add [ -help | options ] - Upload a file and add to queue qclient pop [ -help | options ] - Download a file from queue qclient cancel [ -help | options ] - Cancel queue members Note that new files always added at the end of a queue, and that files are popped from the beginning of a queue. You can set the environment variable QCLIENT_HOST to set a default for the host to contact (which server to contact). *** Features *** There may be additional properties with every file. Properties are lists of (key,value) pairs. A number of properties are predefined (see qserver.ml, or just try). The commands will block if the request cannot be immediately fulfilled, but probably in the future. For example, if you try to pop a file from an empty queue, the client blocks until a file is available. It is possible to specify timeouts. The queues can be active and inactive. After creation the queues are inactive (because you may want to set further parameters before starting operation). If inactive, every operation is rejected. An active queue may accept new files or not accept them. In the latter case, the attempt to add a new file blocks the client until the queue accepts files. An active queue may deliver files or do not deliver them. In the latter case, the attempt to download a file blocks the client until delivery is again turned on. It is possible to specify a maximum length for a queue. The client will block if it tries to add further files. You can set the state (active/inactive etc.) and other parameters with "qclient set". *** Authorization *** Everybody ( = every authenticated user) can list the queues and obtain status information. Everybody can create a new queue. Only the owner of a queue can do the other operations. The owner is the creator of a queue. ====================================================================== Authentication module auth_sys ====================================================================== This style of authentication does not use any verification, and is inscure because of this. However, it works out of the box. ====================================================================== Authentication module auth_dh ====================================================================== qserver and qclient authenticate each other by Secure RPC. I made this the default because the example profits from the existing authentication infrastructure, and I don't have to reinvent the wheel. However, you have to make sure: - That the keyserv daemon is running - For every user keylogin has been executed You don't need a working NIS environment, though. (Linux users: Install the nis-utils package.) If you get errors from Rpc_key_service there is a problem with the key server. See also the file README.authdh. The environment variable QCLIENT_NETNAME should be set to the netname of the server, otherwise the client cannot authenticate. By default, the netname "unix.<host>@<domain>" is assumed, but this may be wrong, especially if the server is not run as root. In this case, try "unix.<uid>@<domain>" where <uid> is the numeric user ID of the server. Note that Secure RPC is not supported on all operating systems. Checklist if not working: - the domainname must be set (command "domainname") - keyserv must be running - qserver should run as root - qclient must run as non-privileged user - this user must be logged in at keyserv (using keylogin) - try host -host <hostname> option of qclient ====================================================================== Authentication module auth_ssl ====================================================================== Certificates are used for authentication. You need the following files (all in PEM format): - ca.crt: The root certificate (for both client and server) - server.crt: The server certificate - server.key: The server private key (w/o password) - client.crt: The client certificate - client.key: The client private key (w/o password) Put these files into the current working directory. The DN of the client cert is the user name.