FeSL Installation

Prerequisites

FeSL Authentication (AuthN) and Authorisation (AuthZ) are separate components, and can be selected as separate installation options (see below).

FeSL Authorization uses Oracle Berkeley DB XML (DBXML) for its policy data store. In order to enable FeSL Authorization in during Fedora installation, DBXML must first be installed.

If you only wish to enable FeSL Authentication, you do not need to install DBXML. FeSL AuthN is the default Fedora authentication mechanism.

Oracle Berkeley DB XML

FeSL has been tested with DBXML 2.5.13, which is available from http://www.oracle.com/technology/software/products/berkeley-db/xml/index.html. 32-bit Windows users can use the .msi installer, but other platforms will require a build from source, e.g.:

./buildall.sh --prefix=/usr/local/dbxml-2.5.13 --enable-java

After installing DBXML, the DBXML_HOME, LD_LIBRARY_PATH and DYLD_LIBRARY_PATH environment variables must be set, e.g.:

export DBXML_HOME=/usr/local/dbxml-2.5.13
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${DBXML_HOME}/lib
export DYLD_LIBRARY_PATH=${DBXML_HOME}/lib:$DYLD_LIBRARY_PATH

(DYLD_LIBRARY_PATH might only be necessary for OS X)

On Windows, the PATH and CLASSPATH environment variables need to be updated to reference DBXML - dbxmlvars.bat in the DBXML home directory should be run to do this.

Installation

FeSL is a custom option in the Fedora Installer. See the Installation and Configuration Guide for a detailed description of general Fedora installation options. Set "Enable FeSL AuthN" to "true" to enable FeSL Authentication in your Fedora installation, and set "Enable FeSL AuthZ" to true to enable FeSL Authorization (ensuring you have already installed DBXML).

By default, Fedora will load any policies located in FEDORA_HOME/pdp/policies on startup.