Enabled SSL authenticator and PKI realm.

The SSL connection has been configured with clientAuth="want" so
users can choose whether to provide a client certificate or username
and password. The authentication and authorization will be handled
by the SSL authenticator with fallback and PKI realm. New access
control rules have been added for users, groups, and certs REST
services.

Ticket #107

2 files changed, 2 insertions, 1 deletions

diff --git a/base/setup/pki b/base/setup/pki
index a2d5a69d6..90c863f35 100755
--- a/base/setup/pki
+++ b/base/setup/pki
@@ -75,6 +75,7 @@ $ENV{CLASSPATH} = "/usr/share/java/${PRODUCT}/pki-certsrv.jar:"
                 . "/usr/share/java/${PRODUCT}/pki-cms.jar:"
                 . "/usr/share/java/${PRODUCT}/pki-nsutil.jar:"
                 . "/usr/share/java/apache-commons-cli.jar:"
+                . "/usr/share/java/apache-commons-codec.jar:"
                 . "/usr/share/java/apache-commons-lang.jar:"
                 . "/usr/share/java/apache-commons-logging.jar:"
                 . "/usr/share/java/commons-httpclient.jar:"
diff --git a/base/setup/pkicreate b/base/setup/pkicreate
index 6abb73755..cc4ee703f 100755
--- a/base/setup/pkicreate
+++ b/base/setup/pkicreate
@@ -2560,7 +2560,7 @@ LoadModule nss_module  /opt/fortitude/modules.local/libmodnss.so
             $slot_hash{$PKI_EE_SECURE_CLIENT_AUTH_PORT_COMMENT_SERVER_SLOT}    = "";
 
             # Set appropriate "clientAuth" parameter for "Shared Ports"
-            $slot_hash{$PKI_AGENT_CLIENTAUTH_SLOT} = "agent";
+            $slot_hash{$PKI_AGENT_CLIENTAUTH_SLOT} = "want";
 
             # Comment out the "Admin/EE" Ports
             $slot_hash{$PKI_OPEN_SEPARATE_PORTS_COMMENT_SERVER_SLOT}  = $PKI_OPEN_COMMENT;