tyler.durden
/
PyKMIP
mirror of https://github.com/OpenKMIP/PyKMIP.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Page: Configuration
Pages
Certificates Configuration FAQ Home Installation Running the Client Running the Server
4 Configuration
Peter Hamilton edited this page 2016-12-01 15:17:30 -05:00
Table of Contents

By default, the PyKMIP client and server look in /etc/pykmip for their configuration files. This directory will not be created during install, so you will need to create it yourself. However, example client and server configuration files, named pykmip.conf and server.conf respectively, are provided under the examples directory in the PyKMIP repository to help get you started.

Client Configuration

The pykmip.conf file contains one or more client configuration sections defining the information the client needs to successfully establish a TLS connection with a KMIP appliance. This configuration section looks like this:

[client]
host=127.0.0.1
port=5696
keyfile=/etc/pykmip/certs/client_private_key.pem
certfile=/etc/pykmip/certs/client_cert.pem
cert_reqs=CERT_REQUIRED
ssl_version=PROTOCOL_SSLv23
ca_certs=/etc/pykmip/certs/server_ca_cert.pem
do_handshake_on_connect=True
suppress_ragged_eofs=True
username=example_username
password=example_password

The "[client]" line at the beginning is the name or label of the configuration block. You can change this label to be whatever you want, which is useful if you have multiple KMIP appliances you need to connect to. For example:

[test]
...

[production]
...

To properly connect with your KMIP appliance, you will need to work with the appliance administrator to get the proper network settings (host and port) and the right certificate files (certfile, keyfile, and ca_certs), otherwise you will not be able to connect. The username and password values may or may not be needed, depending on the appliance's security policy; if they are not needed, just leave them blank:

[client]
...
username=
password=

All of the other settings you can leave as is, unless told otherwise by your networking or appliance administrator. These settings are used to properly set up the client's TLS connection to the appliance. Modifying these improperly may weaken the security of the TLS connection.

Server Configuration

The server.conf file contains the server configuration section defining the information the server needs to successfully establish TLS connections with clients. This configuration section looks like this:

[server]
hostname=127.0.0.1
port=5696
certificate_path=/etc/pykmip/certs/server_cert.pem
key_path=/etc/pykmip/certs/server_private_key.pem
ca_path=/etc/pykmip/certs/server_ca_cert.pem
auth_suite=Basic
policy_path=/etc/pykmip/policies

Each of these options is explained further in the project README (see Server/Configuration). Unlike the client configuration file, the server only expects to find one configuration section in the configuration file. It must be named [server] so do not change it when setting up /etc/pykmip.

Hi Peter, Anyone tried to install the PyKMIP client on Windows? Any issue they are facing while using it?

Thanks, Kiran