srmiregistry - a non-jdk (secure?) rmiregistry
srmiregistry itissl-options [<registry-name>]
srmiregistryis an alternative implementation forrmiregistry. It is entirely java, and works well together with the ITISSL secure socket layer.According to the documentation of Java 2, ( The Scoop on RMI and SSL), RMI with SSL means simply creating RMI objects wich use custom socket factories. The problem is slightly more complicated, since these objects have to register somewhere (at a
rmiregistry, for instance). The 'standard'rmiregistrysupplied by Sun is hardcoded does not get along very good with the ITISSL sockets. (I wonder if other Java-ssl implementations have the same problem..).Let's suppose an object successfully registers to a
rmiregistry. The registry starts to send control messages to the registered objects (which you are never aware of unless you start RMI logging) using the custom SSL of the server. To use these sockets thermiregistryhas to know something about a certificates..
srmiregistryovercomes these problems in that it uses the 'standard' ITISSL mechanism for finding certificates, namely thesfindcertsutility to locate CA certificates and (eventually) user certificates and private keys. To understand where to put your ca files, or how to set the appropriate environment variables so as forsrmiregistryto find them, read the sfindcerts man.
Unlike the classical
rmiregistry,srmiregistryis a simple RMI server exporting theRegistryinterface. It requires a normalrmiregistryon the localhost, to register itself to under the <registry-name> specified on the commandline. Users of thesrmiregistryhave first to obtain its remote reference from thermiregistry, and then bind/rebind/ etc.srmiregistryuses an anonymous port. If <registry-name> is not specified, the basename of the command (here:srmiregistry) is used for registration at the localrmiregistry.
- <itissl-options>
- See the ITISSL utility options.
All the environment variables of sfindcerts
The ITISSL RMI package