srmiregistry
- a non-jdk (secure?) rmiregistry
srmiregistry
itissl-options [<registry-name>]
srmiregistry
is an alternative implementation forrmiregistry
. It is entirely java, and works well together with the ITISSL secure socket layer.According to the documentation of Java 2, ( The Scoop on RMI and SSL), RMI with SSL means simply creating RMI objects wich use custom socket factories. The problem is slightly more complicated, since these objects have to register somewhere (at a
rmiregistry
, for instance). The 'standard'rmiregistry
supplied by Sun is hardcoded does not get along very good with the ITISSL sockets. (I wonder if other Java-ssl implementations have the same problem..).Let's suppose an object successfully registers to a
rmiregistry
. The registry starts to send control messages to the registered objects (which you are never aware of unless you start RMI logging) using the custom SSL of the server. To use these sockets thermiregistry
has to know something about a certificates..
srmiregistry
overcomes these problems in that it uses the 'standard' ITISSL mechanism for finding certificates, namely thesfindcerts
utility to locate CA certificates and (eventually) user certificates and private keys. To understand where to put your ca files, or how to set the appropriate environment variables so as forsrmiregistry
to find them, read the sfindcerts man.
Unlike the classical
rmiregistry
,srmiregistry
is a simple RMI server exporting theRegistry
interface. It requires a normalrmiregistry
on the localhost, to register itself to under the <registry-name> specified on the commandline. Users of thesrmiregistry
have first to obtain its remote reference from thermiregistry
, and then bind/rebind/ etc.srmiregistry
uses an anonymous port. If <registry-name> is not specified, the basename of the command (here:srmiregistry
) is used for registration at the localrmiregistry
.
- <itissl-options>
- See the ITISSL utility options.
All the environment variables of sfindcerts
The ITISSL RMI package