These are the instructions for building, installing, and running the PGP
public key server.

Choose a location to install the system.  This should be on the local
disk.  If you plan on running with a full key database, you should
have at least 60 megabytes free (yes, the indexes are large).  If you
are planning on running the mail server, you will need to install the
system as root.  Otherwise, you can install it as any user.  For the
rest of these instructions, PREFIX represents the installation path.


** To Build the pgp key server:

In the top level, do

	./configure --prefix=PREFIX
	make

On some systems, you may have to use GNU make.  If you see
dependencies failing, this is the problem.

** To Install the pgp key server:

In the top level, do

	make install

You can look in PREFIX/man for more detailed documentation on the
various programs.  An overview is in pks-intro(8).

As a part of the installation, a template configuration file was
installed in PREFIX/etc/pksd.conf.  This file is fully documented in
pksd.conf(5).  If you don't want to read the manual, the template file
contains comments which describe what you need to change to get your
server to run.

The key server uses syslog for logging.  It logs using the local2
facility, and various priority levels as described in pksd(8).  If you
want to get any logging, you should add an appropriate entry to
/etc/syslog.conf on your machine.

If you have configured the mail server component of the key server,
there is one more step you need to take so that the server can
actually get mail.  In your aliases file (which is in different places
on different platforms, unfortunately), create the following lines

    pgp-public-keys: "|PREFIX/bin/pks-mail.sh PREFIX/etc/pksd.conf"
    pgp: pgp-public-keys

You might also need to add aliases for the mail addresses you
configured in pksd.conf.  You will also need to make sure the
permissions on PREFIX/var/incoming allow both the mailer and whatever
user the pksd runs as to insert and delete files.

If you have configured the web server component of the package, you
will want to install the pks commands web page somewhere.  The key
server does not serve arbitrary HTML files, so you must use another
web server for this.  An example html file can be found in
pks-commands.html in the distribution.

** To Run the pgp key server:

Before running the server, read and familiarize yourself with the
information in the DATABASE ADMINISTRATION section of pks-intro(8)
(PREFIX/man/man8/pks-intro.8), in particular the section on
checkpointing.

To create an empty database, run "PREFIX/bin/pksclient PREFIX/var/db
create".  If a database already exists, this will remove all its
contents.  To initialize the database with the contents of a keyring,
run "PREFIX/bin/pksclient PREFIX/var/db add keyring.pgp".  You can do
this multiple times to add the contents of several keyrings.  Because
of the transaction semantics, adding very large keyrings will be
inefficient.  You should use the PREFIX/bin/pgpsplit program to split
any very large keyrings into chunks (about 10 mb is fine) and add them
individually.  Adding a 20,000 element keyring on a SparcStation 5
running Solaris takes about an hour.  Your system may take more or
less time.  In the current implementation, this may also be a
memory-intensive task.

To have the daemon run when the system boots, you should run the
following programs in your /etc/rc.local or equivalent file.

	PREFIX/bin/pksd PREFIX/etc/pksd.conf & sleep 5; PREFIX/bin/pks-queue-run.sh PREFIX/etc/pksd.conf

You can always run this command by hand if you want.

** For more information:

There is an overview of the system in pks-intro(8)

** If you have any problems, questions, or comments:

I read comp.security.pgp.tech.  That's probably the best forum for
discussion and questions, but you can send me email, too.

** Acknowledgements

Thanks to Michael Helm <helm@fionn.es.net>, Marc Dyksterhouse
<marcd@pgp.com>, "Teun Nijssen" <Teun.Nijssen@kub.nl>, George Ross
<gdmr@dcs.ed.ac.uk>, Marcel Waldvogel <mwa@tik.ee.ethz.ch>, Olaf
Dabrunz <dabrunz@santana.rrz.uni-hamburg.de>, Paul Leyland
<pcl@sable.ox.ac.uk>, Hironobu Suzuki
<hironobu@h2np.suginami.tokyo.jp>, Josef Pojsl
<josef.pojsl@skynet.cz>, and all the other keyserver testers and
maintainers for their help testing the keyserver, reporting bugs, and
especially contributing fixes and new features.

================================================================

Marc Horowitz <marc@mit.edu>

$Id: README,v 1.12 1999/06/02 06:31:29 marc Exp $

Copyright (c) 1996, 1997, 1998, 1999, Marc Horowitz.  All rights reserved.
See the LICENSE file in the release for redistribution information.
