Re: [Fwknop-discuss] Is it possible to dynamically load HMAC and Encryption keys?

Sat, 18 Apr 2015 05:20:07 -0700 

On Fri, Apr 17, 2015 at 10:32 PM, Michael Rash <[email protected]>
wrote:

>
> On Fri, Apr 17, 2015 at 4:05 PM, Trent Hampton <[email protected]>
> wrote:
>
>> Is it currently possible to add client HMAC and Encryption keys to a
>> running instance of fwknopd?
>>
>> For example, suppose you have a server that is running fwknopd and its
>> access.conf has already been configured with HMAC and Encryption keys. Is
>> it possible to add additional HMAC and Encryption keys on the fly without
>> restarting fwknopd?
>>
>> If yes, how?
>>
>
> This feature is supported by fwknopd similarly to other daemons upon
> receipt of a HUP signal. So, the work flow would be:
>
> - have a running fwknopd instance
> - edit the access.conf file or the fwknopd.conf file
> - send the the fwknopd process a HUP signal via "kill -HUP <pid>".
> - the running fwknopd instance will free up the existing configs from
> memory, and re-initialize
>


I should also have mentioned that you can use fwknopd itself to send the
HUP signal to another running fwknopd process with the "-R" or "--restart"
command line arg. This makes things a little easier since you don't need to
grep the process table to find the running fwknopd instance. There is also
test suite support for this, but it doesn't test the new key scenario that
you mentioned (I'll add this).

Thanks,

--Mike


>
> I do see that there isn't test suite support for this feature though, so
> I'll add that to make sure there aren't any bugs. If you try this and see a
> problem, please let me know.
>
> Thanks,
>
> --Mike
>
>
>
>> If no, where would I start to add this capability?
>>
>
>
>
>
>



-- 
Michael Rash | Founder
http://www.cipherdyne.org/
Key fingerprint = 53EA 13EA 472E 3771 894F  AC69 95D8 5D6B A742 839F

------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Fwknop-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss

Reply via email to