Description:

The Implementation Guide, Chapter 3, Section: Install eTPKI for All the Users on a Computer, indicates that when installing ETPKI, the user will have to specify a CallerID on UNIX and Linux. What if the box has both CA SCM server and CA SCM agent installed? Should the user install ETPKKI more than once? If not, which CallerID should be specified? Is the CallerID predefined? In other words, does the user have to use those CallerIDs specified in the implementation guide or can the user come up with his own IDs?

Solution:

Since eTPKI is a common component shared and used by multiple CA products, the eTPKI CallerID is basically a way for ETPKI to determine when the uninstaller can safely remove the ETPKI install when it is no longer needed.

Each time a user runs "setup remove" with a CallerID, the list of ETPKI installs is reduced by that ID. If the internal list of IDs goes empty, then the ETPKI binaries can then be safely removed.

On a particular box, it really needs just one ETPKI installation. If the box has both CA SCM server and CA SCM agent, both of them should reference the same set of ETPKI libraries defined in the same $ETPKIHOME environment variable. In fact, it is not even strictly necessary to invoke the "setup install" request if ETPKI is already installed. However, the user might want to choose to run the installation more than once to use different setup CallerIDs so that the ETPKI install list can be updated.

The name of the ID used doesn't matter a whole lot as long as it is unique. A "setup discover" request can be used by an Administrator to tell what CallerID has already been used. The Implementation Guide gives some recommendations for what CallerIDs to use depending on what is installed, e.g., SCMSERVER, SCMCLIENT, SCMAGENT. However, those CallerIDs are arbitrary and only matter if later there is a need to remove the particular SCM install and reduce the "reference count" of the installations actually using ETPKI.