File:           README.TXT
Product:        Secure Entry Client Linux
Manufacturer:   NCP engineering GmbH, Nuremberg, Germany

--------------------------------------------------------------------------------
For Installation and Update of the NCP Secure Entry Client Linux
--------------------------------------------------------------------------------

1.      Installation Prerequisites
1.1     Operating system
1.2     Destination system
1.3     Local System
1.4     Prerequisites for the Strong Security Version
2.      Installation
2.1     Installation Information
2.2     Script-driven Installation
2.2.1   Installation preparation
2.2.2   Call-up install script
2.2.3   Work-through install script
2.2.4   Installation Routine
2.2.4.1 New installation
2.2.4.2 Update
2.2.4.3 Unattended installation
2.2.5   Concluding the Installation
2.3     The installed files
3.      Basic configuration
4.      Releasing a full version
4.1     Popup
4.2     License information
4.3     Licensing
4.4     ncplic
5.      Update and deinstallation
5.1     Update
5.2     Deinstallation
6.      Assistant for initial configuration
7.      Starting the Linux client
8.      Testing the client
8.1     Test connection IPSec native
8.2     Testing with Ping
8.3     Testing with FTP
8.4     Testing web functionality
9.      Appendix


--------------------------------------------------------------------------------
1.    Installation Prerequisites
--------------------------------------------------------------------------------


1.1   Operating system

The present version has been tested under SuSE 9.3 and 10.0 and Fedora Core 3.


1.2   Destination system

The destination system must support one of the following connection types: 
ISDN, PSTN (analog modem), GPRS/UMTS, LAN/WAN over IP, xDSL (PPPoE), xDSL (AVM-
PPP over CAPI.


1.3    Local System

First a tap device (ethertap - older, or tuntap - more recent) must be present, 
either compiled in the kernel, or as a module. This module requires netlink 
support in the kernel. (see -> 3. Basic configuration)

In addition, one of the following communication devices must be installed:

+ ISDN adapter (ISDN)
The ISDN adapter should support either ISDN CAPI 2.0 or a modem emulation. If 
you use PPP Multilink, then the software can bundle up to 8 ISDN channels 
(depending on the number of channels of the adapter).
Please ensure that a link is set to the CAPI library on your system if you want 
to use the CAPI connection (/usr/lib/libcapi20.so).

+ Analog modem (PSTN)
For communication via modem the modem must be correctly installed and modem 
init. string and COM port definition must be assigned. The modem must support 
the Hayes command set.

Likewise mobile telephones can be used for data communication after the 
associated software has been installed that presents itself exactly like an 
analog modem to the client. The serial interface, the IR interface, or Bluetooth 
can be used as interface between mobile phone and PC. Depending on transmission 
type (GSM V.110, GPRS or HSCSD) the other side must have the corresponding dial-
in platform. You can obtain the initialization string that must be entered in 
the modem configuration of the Entry Client from the ISP or the manufacturer of 
the mobile phone.

+ LAN adapter (LAN/WLAN over IP)
In order to operate the client software with the "LAN" connection type in a 
local area network, you cannot install any other adapter in addition to the 
previously installed LAN adapter (Ethernet or token ring). An access router 
establishes the connection of the LAN client to the WAN. 
The only prerequisite: It must be possible to establish an IP connection to the 
destination system. The client software provides VPN functionality.
Adapters for a wireless LAN (WLAN adapters) are handled the same as normal
LAN adapters. For WLAN you must also select "LAN (over IP)" as connection type.

+ xDSL modem (xDSL (PPPoE))
The connection type, PPP over Ethernet, requires installation of an Ethernet 
card to be installed and correct connection of an xDSL modem with splitter. 
Important (if you execute ADSL in the connection variant that bills according to 
connection time): After the client software has been installed then follow the 
instructions in the section "Adapter and protocol for PPPoE".

+ xDSL (AVM - PPP over CAPI)
The connection type "xDSL (AVM - PPP over CAPI)" has been added in the 
"Destination system" configuration field in the telephone book. This connection 
type can be selected if you are using an AVM Fritz! DSL card. In the "number 
(destination)" field in the "Network dial-in" group you can still enter AVM-
specific initialization commands for the connection over CAPI.
When using the AVM Fritz! no additional network card is necessary with this DSL 
card.

+ Multi-Function card /GPRS/UMTS)
If you are using a multi-function card* for UMTS/GPRS/WLAN, then with the NCP
Client software**, special features of the mobile computing can be used 
depending on he card characteristics.
Due to the direct support of the multi-function card for UMTS/GPRS/WLAN through
the Secure Client, installation of management software from the card 
implemented, is not necessary.
The VPN connection is established via the integrated NCP Dialer independent
of the Microsoft data communications network.

* Currently supported multi-function cards:
T-Mobile Multimedia NetCard
Vodafone Mobile Connect Card
KPN Mobile Connect Card

+ Ethernet adapter or xDSL modem for PPTP
When using the Microsoft Point-to-Point Tunnel Protocol an Ethernet adapter or 
an xDSL modem has to be installed.
The remote destinations is an Access Router in the xDSL.


1.4     Prerequisites for the Strong Security Version

If you use the VPN/PKI client software (Strong Security version of the Client), 
which supports certification (X.509), then the following prerequisites must be 
fulfilled:

+ TCP/IP

The network protocol TCP/IP must be installed on the computer.

+ smart card reader (PC/SC-conformant)

If you want to use the "Extended authentication" (strong authentication), then a 
smart card reader must be connected to your system. The client software 
automatically supports all smart card readers that are PC/SC conformant. These 
smart card readers will only be input in the list of the smart card readers, 
after the reader is connected and the associated driver software has been 
installed The client software then recognizes the smart card reader 
automatically after a boot process. You will only be able to select and use the 
installed reader after these procedures have been completed.
Then set the parameters for the smart card reader under "Configuration -> 
Certificates -> User Certificate" after the initial start of the monitor. You 
can 
enter your PIN after you have inserted the smart card in the smart card reader.

+ smart card reader (CT/API conformant)

If you use a CT-API conformant smart card reader, then please note the 
following:
* Drivers for models Kobil B0/B1 and Kobil Kaan are supplied with the current 
software. 
These smart card readers can be set in the monitor under "Connection -> 
Certificates -> Configuration. If the smart card reader does not function with 
the supplied drivers, or if a different smart card reader will be installed, 
then please contact the manufacturer of the smart card reader or consult the 
appropriate website relative to the current hardware drivers in order to obtain 
and install the most up-to-date CT-API driver. Make the following settings in 
the client software:
* The appropriate library file (*.so) must be stored in a directory that is 
searched by the system (usually /usr/lib or it must be settable via the 
environment variable LD_LIBRARY_PATH).
* Edit the file NCPPKI.CONF, located in the /etc/ncp directory, with an ASCII 
editor, by entering the name of the connected smart card reader as "ReaderName" 
and DL_LINUX as the name of the installed driver.

ReaderName  = Kobil B0/B1 (CT-API)
DL_LINUX    = libct_b1.so

ReaderName  = Kobil Kaan (CT-API)
DL_LINUX    = libct_kaan.so 

* After a boot process the "ReaderName" you entered appears in the menu monitor 
under "Configuration -> Certificates -> User Certificate -> Smart card reader". 
Now 
select this smart card reader.

+ Soft certificates und tokens
Instead of smart card readers you can also use soft certificates or tokens.

+ smart cards
The following smart cards are supported:
* Signtrust
* NetKey 2000
* TC Trust (CardOS M4)

+ Soft certificate (PKCS#12)
You can also use soft certificates instead of a smart card.

+ smart cards or tokens (PKCS#11)
Drivers are supplied with the software in the form of a PKCS#11 library (.so) 
for the smart card or the token. This driver software must first be installed. 
Then you must edit the NCPPKI.CONF file. Edit the NCPPKI.CONF, which is located 
in the /etc/ncp directory, with an ASCII editor, by entering the name of the 
connected reader or token as "ReaderName". The name of the installed driver 
(xxx.so) must be entered as PKCS11-DLL. The associated "Slotindex" is 
manufacturer-dependant (standard = 0).
Important: Only those drivers are visible in the list that have been set as 
visible with "visible =1"!
ReaderName = xxxname
PKCS11-DLL = xxx.so
Slotindex  = 

* After restarting the client daemon (rcncpclntd restart) the "Module name" you 
entered appears in the menu monitor under "Connection -> Certificates -> 
Configuration -> Smart card reader". Now select this smart card reader or token.

Please note when installing the NCP Entry Linux Client:
The following placeholders are used for the version designation in the 
description below:
h.uu-bbb ... Version designation (e.g. 2.00-017)
h        ... Main version number
uu       ... sub-version number
bbb      ... Build number

The installation must be executed under the user who will use the client later. 
However the root password is queried during the installation, because parts of 
the installation are only executable with root rights (the switchover occurs 
within the install script).
The software package is supplied as a self-installing script. You receive the 
software for the NCP Entry Server Linux Client on a CD. The installation script 
is on the CD in the directory: 
Products/SecCl/Bin/Linux/h_uu.

You can start the installation script directly from the CD.
Moreover you can also source the software via the NCP FTP access.

However please note in this case that you must have previously assigned 
execution rights to the installation script (chmod +x ncpsecsvr-h.uu-bbb.sh).


--------------------------------------------------------------------------------
2.    Installation
--------------------------------------------------------------------------------

2.1     Installation Information

The following placeholders are used for the version designation in the 
description below:
huu_bbb  ... Version designation (e.g. 200_017)
h        ... Main version number
uu       ... Sub-version number
bbb      ... Build number

Any user can execute the installation. However the root password is queried 
during the installation because parts of the installation are only executable 
with root rights (the switchover occurs within the install script).

The software package is supplied as a self-installing script. You receive the 
software for the NCP Entry Linux Client on a CD. The installation script 
is on the CD in the directory: 
Products/SecEntCl/Bin/Linux/h_uu.
You can start the installation script directly from the CD.

Moreover you can also source the software via the NCP FTP access.

However please note in this case that you must have previously assigned 
execution rights to the installation script (chmod +x 
ncpentrycl_linux_221_014.i386.sh).


2.2     Script-driven Installation

2.2.1   Installation preparation

- mount -t iso9660 /dev/cdrom /mnt-point
- cd /mnt-point/Products/SecEntCl/Bin/Linux/h_uu
After the installation you can unmount the CD drive:
- umount /mnt-point 

2.2.2   Call-up install script

- ncp_entrycl_linux_221_014.i386.sh [u]
- Option u ... unattended installation
                 Unattended installation - the installation
                 is carried out without user entries

2.2.3   Work-through install script

The installation script
- unpacks the integrated archive in the directory ./ncpinst
- changes to this directory
- tests various prerequisites for the installation (see below)
- copies the files to be installed to their target directories and
- starts the Entry Client daemons (ncprwsd, rwsrsud)
The individual installation steps are explained in more detail below.

2.2.4   Installation Routine

There are 3 possible installation variants to differentiate:
- New installation:
  - no Entry Client has been installed prior to the installation, or the Entry 
Client has been completely de-installed previously.
- Update:
  - A version of the Entry Client is already installed.
- Unattended installation (option "u"):
  - Installation is carried out without user entries. Default values are used 
for dialogs.

The installation script checks first for different installation prerequisites 
and system settings like
- is the kernel version greater than or equal to 2.4.10,
- is one of the VPN device modules installed (tun or ethertap),
- is the iptables firewall module installed.
- is a version of the NCP Entry Client already installed,

Thereafter the installation routine decides for one of the 3 variants.

If you do not execute the installation as user "root" (which generally is 
recommended because otherwise the client can only be used as user root with a 
high security risk), then you will always be asked first for the root password.



2.2.4.1 New installation

In this case the license agreement is displayed first. You must agree with it in 
order to continue with the installation.
You can navigate with the keys "space", "enter", "page-up", and "page-down" 
Within the license text.
In the next step you have the option of installing the client as test version or 
as full version.
The test version is valid for 30 days. During this period the software is 
functional without any kind of limitation and can be converted to a full version 
at anytime with an appropriate activation key and a serial number (4.).
Then the installation routine copies the required files (appendix) to the 
appropriate directories, stores links in the system init directories, the 
autostart folder and desktop folder, and starts the client daemons.

2.2.4.2 Update

In this case the currently installed version is displayed and the system asks 
whether you want to replace this version. If the answer is no, then everything 
stays the same. If the answer is yes, then first the installed Entry Client's 
program directory (/usr/local/ncpclnt) is backed up to 
  /var/adm/backup/ncpclnt-update-yymmdd[-l]and then the new files are copied 
into the appropriate directories and links are 
created (see 2.2.4.1).
For an update, the telephone book and the connection management are retained in 
the configuration that was made earlier.

2.2.4.3 Unattended installation

This installation type requires no user entries. The system will either input 
the license setting of the predecessor version (in the case of an update) or a 
30-day test version will be licensed (in the case of new installation).
For an update the old version is backed up to
/var/adm/backup/ncpclnt-update-yymmdd[-l]
without a prompt.
Otherwise the procedure is the same as described under 2.2.4.1.

2.2.5   Concluding the Installation

The installation script automatically deletes the temporary installation 
directory and then ends.


2.3     The installed files

The files are copied in the following folders (see also -> Directory structure):
- Executable files in: /usr/local/ncpclnt/bin
- Links to executable files: /usr/local/bin and /usr/local/sbin
- Configuration files: /etc/ncp (the telephone book in /etc/ncp/rws/cfg)
- Log files: /var/log/ncp

The necessary files are entered in the init or autostart scripts so that the 
client is automatically loaded the next time the system starts:
- SuSE:
  The daemons ncprwsd and rwsrsud are integrated in the init routines of the two
  distributions. They can also be started separately with
  rcncpclntd start|stop|try-restart|retstart|status.
  Links to the two GUI applications ncppopup (Client popup) and ncpmon
  (Client monitor) are entered in the autostart folders of the corresponding 
Windows manager
  (KDE1, KDE2). 

In addition, a link is stored on the desktop.
For other X-Windows managers this must be executed manually, if desired.


--------------------------------------------------------------------------------
3.    Basic configuration
--------------------------------------------------------------------------------

The tuntap device provided by Linux is used for the VPN interface (if tuntap is 
not present the system takes ethertap). All standard installations have 
integrated this device in their kernel. If a kernel has been self-compiled, then 
the following points should be followed to integrate this device.
- after starting the kernel configuration go to the following section: 
"* code maturity level options", there activate:
"* prompt for development or incomplete code/drivers", then go to:
"* Network options", there activate:
"* Netlink device emulation" then go to:
"* Network device support", there activate:
"* Universal TUN/TAP device driver support"

Some basic settings for the VPN device can be carried out via the ncprwsd.conf 
file. After the installation this file is located in the /etc/ncp/rws/cfg 
directory.
The following parameters can be set in this way:
- host:       IP address of the VPN device, if DHCP will not be used.
- mask:       the same for the netmask.
- pppoe_if:   Name of the interface through which the PPP0OE traffic will run.
After the installation all parameters are commented out, e.g. provisional values 
are used for these parameters (the outcommented entries correspond to the 
default values). If you would like to use other parameter settings, then you 
must remove the comment sign at the beginning of the line and enter the desired 
value.


--------------------------------------------------------------------------------
4.    Releasing a full version
--------------------------------------------------------------------------------

4.1   Popup

If up to this point you have been using a test version of the client software 
and now would like to install a full version, then first start the client popup.

4.2     License information

You will find the necessary information to purchase a license under the "info" 
menu item.

4.3     Licensing

You can release the test version using the menu item, "Activation key". A window 
appears before the popup menu graphic for entry of the activation key and serial 
number of your full version. Now enter the activation key and serial number. If 
you have entered them correctly, then you can operate the OK button. This 
releases a full version.

4.4.  ncplic

There is a second possibility for entering the activation key.
Start the "ncplic" program on a root console. The command switch -f opens an 
entry screen. Enter the activation key and the serial number in this screen.
You can also enter both values as parameters with the command switch -1.
- ncplic -l llll-llll-llll-llll-llll ssssssss. 


--------------------------------------------------------------------------------
5.    Deinstallation
--------------------------------------------------------------------------------

To remove the client software, start the script ncpclntdeinstall. 
With deinstallation it also possible to have the telephone book removed 
automatically.


--------------------------------------------------------------------------------
6.      Assistant for initial configuration
--------------------------------------------------------------------------------

After you have successfully installed the software and the license using 
NCPPOPUP, you can start the client monitor, NCPMON. the "Assistant for the 
initial configuration" starts automatically there - if you have installed the 
Entry Client for the first time, or if you have deleted the telephone book (see 
-> Deinstallation).

The "Assistant for initial configuration" offers you the possibility of creating 
a test connection. If you use this possibility, the assistant guides you through 
the configuration of the most important parameters and creates a destination 
system for the test connection in the telephone book according to your 
specifications.

The access data that are described under "Testing the client" are used for the 
telephone book entry that you have created with this assistant. Then you can 
use this entry for testing the software.

If you do not create any test connections and abort the "Assistant for initial 
configuration" then create the initial telephone book entries as described in 
the manual under "Client Monitor" - New entry - Destination system".


--------------------------------------------------------------------------------
7.      Starting the Linux client
--------------------------------------------------------------------------------

The Entry Client consists of the components, VPN device driver (ncprwsd) and 
monitor (ncpclnt). The daemons rwsrsud and rsudlgd are still required for the 
automatic update.
In the SuSE distributions the daemons are loaded at system start because they 
have been integrated here in the system init scripts during the installation. 
For all other distributions you must carry out the integration in the init 
scripts manually, or start the daemon from a root console
(/usr/local/ncpclnt/bin/ncpclntd start).
After each start of the ncprwsd client daemon (e.g. after system start or after 
rcncpclntd) the popup must be called up first, as the license only becomes valid 
through this process. This usually happens automatically when starting the 
system, if links are available to the two GUI programs in the autostart folders.
Manually you can start the GUI programs either via an icon on the workstation, 
or via Alt-F2 for KDE, or from a console. These call-ups must be executed under 
the user who also installed the software; otherwise there may be conflicting 
rights.
For instance, the call up from the console looks like this:
  ncppopup &
  and
  ncpmon &

You can determine the load status of the daemons by using the two call ups 
rcncpclntd status or
/usr/local/ncpclnt/bin/ncpclntd status.
  


--------------------------------------------------------------------------------
8.      Testing the client
--------------------------------------------------------------------------------

The client telephone book includes a pre-configured destination systems for test 
purposes:

"Test Connection IPSec native"

Likewise an "X.509 soft certificate" is included for test purposes. It is stored 
during the installation as PKCS#12 file in the directory:
etc/ncp/certs 
The file name is "user1.p12" and the PIN "1234". This certificate can be used to 
test the strong security of the NCP Secure Entry Client Linux.

8.1   Test connection IPSec native

Access data for IPSec native:
Tunnel IP address (dest.): 62.153.165.36
VPN protocol             : IPSec
XAUTH User ID            : ncpipsecnative
XAUTH Password           : ncpipsecnative


8.2   Testing with Ping

You can ping the IP address with an existing tunnel 
172.16.119.8.

To do this enter the following in a DOS command line:
/ping 172.16.119.8 (<ENTER>)

If the ping is successful you will see the following outputs or similar outputs:

64 bytes from 172.16.119.8: icmp_seq=103 ttl=128 time=66.1 ms
64 bytes from 172.16.119.8: icmp_seq=104 ttl=128 time=66.1 ms
64 bytes from 172.16.119.8: icmp_seq=105 ttl=128 time=66.1 ms
64 bytes from 172.16.119.8: icmp_seq=106 ttl=128 time=66.1 ms
64 bytes from 172.16.119.8: icmp_seq=107 ttl=128 time=66.0 ms
64 bytes from 172.16.119.8: icmp_seq=108 ttl=128 time=66.1 ms
64 bytes from 172.16.119.8: icmp_seq=109 ttl=128 time=66.0 ms
64 bytes from 172.16.119.8: icmp_seq=110 ttl=128 time=65.1 ms
64 bytes from 172.16.119.8: icmp_seq=111 ttl=128 time=66.0 ms

The sent (Tx) data and the received (Rx) bytes are displayed in the monitor.


8.3   Testing with FTP

You can test FTP functionality with an existing tunnel.

Your access data:
IP address       :  172.16.119.8
User             :  ncptest
Password         :  ncptest

Enter the following in a DOS command line to do this:
/ftp 172.16.119.8
Connected to 172.16.119.8
220 Serv-U FTP server v2.3b for WinSock ready...
User (172.16.119.8:(none))    : ncptest
331 User name OK, send password
Password: (enter "ncptest" here)
230 User NCPUSER logged in
Ftp>
Ftp> ls -l
200 PORT Command OK
150 Opening data connection
total 1
drwxr-xr-x  1 User     Group            0 May 27 10:37 test file
226 Transfer complete
Ftp> 139 Bytes received in 0.00 seconds 139000.00KB/sec.
Ftp>bye


8.4   Testing web functionality

Enter the following address in your open web browser:
192.168.1.11

Then the NCP website will be displayed on your screen.


--------------------------------------------------------------------------------
9.    Appendix
--------------------------------------------------------------------------------

Directory structure of the NCP Entry Client

Directory  
Files                 Function                                    Creation

/usr/local/ncpclnt      Binaries of the Client
/usr/local/ncpclnt/bin  GUI apps., daemons, scripts and help routines
Daemons:
ncprwsd               VPN module                                  inst.
rwsrsud               Remote software update (RSU) client         inst.
rsudlgd               Graphic elements of the RSU client          inst.
ncpepsec              End-Point-Security.                               
                      Wird nach Bedarf gestartet.                 inst.
GUI applications:
ncpclnt               Client Monitor
ncppopup              Client Popup: Licensing display             inst.
                      Status and possibility for product activation
ncptrcw               Client tracer (graph. trace display)        inst.

Help routines:
rwscmd                Console program, to enable control          inst.
                      of the clients per script
ncplicclnt            Console licensing tool and possibility      inst.
                      for product activation
ncposlog              Help program for retroactively setting      inst.
                      the log level of the VPN module
ncpkill               Ends processes                              inst.
ipcdel                Resets IPC semaphores if the Entry Client   inst.
                      no longer boots properly
                      after an error

Scripts:
ncpmon                Calls up ncpclnt                            inst.
startncppopup         Calls up ncppopup                           inst.
ncptrace              Calls up ncptrcw                            inst.
                      These 3 scripts set the path previously to
                      the supplied qt library
ncpinststartup        This script allows retroactive              inst.
                      activation or deactivation of the sysV-init
                      script and thus the starting or non-
                      starting of the VPN and RSU module in the
                      boot phase (can only be executed as
                      root)
ncpclntd              SysV init script for starting/stopping the  inst.
                      VPN module of the client
clntdstart            Starts the Entry Client daemons             inst. 
clntdstop             Stops Entry Client daemons                  inst.
clntdstatus           Provides info on the load status of the     inst. 
                      Entry Client daemons
clntdeinst            Deinstallation script;                      inst.

Miscellaneous:
ncpfunc               Script library, that contains generally     inst.
                      valid functions and definitions for the
                      various scripts
clntfilelist          List of the files to be installed dis-      inst.
                      tributed in different variables
ncpclntinst.log   (*) installation log                            generated


-------------------------------------------------------------------------------
/usr/local/ncpclnt/rsudata  download directory for remote update
rwsrsud               Copy from /usr/local/ncpclnt/bin            inst.
rsudlgd               copy from /usr/local/ncpclnt/bin            inst.
                      Is required so that the update daemon can recognize
                      newer versions on its own

-------------------------------------------------------------------------------
/usr/local/ncpclnt/lib  libraries required by the binaries
libbsdntif.so         Link to libbsdntif.so.1.0.0                 inst.
libbsdntif.so.1.0.0   BSD sockets wrapper                         inst.
libct_b1.so           Link to libct_b1.so.1                       inst.
libct_b1.so.1         CT-Api library for Kobil B1 reader          inst.
libct_kaan.so         Link to libct_kaan.so.1                     inst.
libct_kaan.so.1       CT-Api library for Kobil Kaan reader        inst.
libncpcfg.so          Link to libncpcfg.so.1.0.0                  inst.
libncpcfg.so.1.0.0    Functions for encrypted license infos       inst.
libncpcompr.so        Link to libncpcompr.so.1.0.0                inst.
libncpcompr.so.1.0.0  Functions for Compression/Decompression     inst.
                      Compression and Decompression
libncpgacc.so         Link to libncpgacc.so.1.0.0                 inst.
libncpgacc.so.1.0.0   Functions for data exchange between         inst.
libncphwinfo.so       Link to libncphwinfo.so.1.0.0               inst.
libncphwinfo.so.1.0.0 Hardware Certificates                       inst.
libncpmif32.so        Link to libncpmif32.so.1.0.0                inst.
libncpmif32.so.1.0.0  functions for internal MIF buffer admin     inst.
                      and shared memory handling
libncpos.so           Link to libncpos.so.1.0.0                   inst.
libncpos.so.1.0.0     Wrapper for operating system functions      inst.
libncpwlan.so         Link to libncpwlan.so.1.0.0                 inst.
libncpwlan.so.1.0.0   Functions for autom. Hotspot logon          inst.

libqt.so.2            Softlinks to libqt.so.2.2.4                 inst.
libqt.so.2.2.4        Library for graphic elements (is demanded   inst.
libqtintf.so          Softlinks to libqtintf.so.2.2.4             inst.
libqtintf.so.2.2.4    by development environment Kylix)           inst.

-------------------------------------------------------------------------------
/usr/local/sbin       Softlinks to programs starting from root
rcncpclntd            /etc/init.d/ncpclntd                        inst.

-------------------------------------------------------------------------------
/usr/local/bin        Softlinks to programs +script for
                      for deinstallation that the user starts
ncpclntdeinstall  (*) Wrapper for clntdeinst, in order to start   inst.
                      the deinstallation as normal user
ncpmon                /usr/local/ncpclnt/bin/ncpmon               inst.
ncppopup              /usr/local/ncpclnt/bin/startncppopup        inst.
ncptrace              /usr/local/ncpclnt/bin/ncptrace             inst.
ncplic                /usr/local/ncpclnt/bin/ncplicclnt           inst.
ncposlog              /usr/local/ncpclnt/bin/ncposlog             inst.

-------------------------------------------------------------------------------
>HOME_DIR</xxx/Autostart  Softlinks of GUI applications ensure in this
ncpmon                folder that the programs                    inst.
ncppopup              are started automatically                   inst.

>HOME_DIR</yyyDesktop Softlinks of the GUI applications in this
ncpmon                folder ensure that the programs             inst.
ncppopup              can be stored on the desktop                inst.
xxx bzw. yyy          stands for a Windows-Manager specific
                      folder/entry,
                      for KDE2 for instance, is xxx = .kde2 and yyy = K

-------------------------------------------------------------------------------
/etc/ncp              Configuration directory
ncppki.conf           Settings for the PKI module                 inst.
ncppki.conf.update    Backup file                                 generated
card.dat              Connected smart card reader                 shm
cacert0.crt           buffered certificates of the CA             generated
clientcert.crt        of the Client                               generated
svrcert.crt           of the server                               generated

/etc/ncp/certs        Personal, predefined certificates
user1.p12             Predefined user certificate                 inst.

/etc/ncp/cacerts      Root certificates
ncpsupportca.pem      Predefined CA certificate for the           inst.
                      test connection to NCP

/etc/ncp/rws/cfg      Entry Client configuration
german.dat            language files for texts of the GUI         inst.
english.dat           applications (ncpclnt, ncppopup)            inst.
services.dat          Mapping the TCP-/UDP services for GUI apps. inst.
ncprwsd.conf          configuration of the VPN module (ncprwsd)   inst.
ncprwsd.conf.update   Backup file                                 generated 
logo.bmp              Bitmaps for the GUI applications            inst.
info_ncp.bmp                                                      inst.
logoinfo.bmp                                                      inst.
popup.bmp                                                         inst.
gelb.bmp                                                          inst.
gruen.bmp                                                         inst.
rot.bmp                                                           inst.
connect.sh            Scripts called up when establishing         inst.
connect.sh.update     Backup file                                 generated 
disconnect.sh         or disconnecting a connection. With this    inst.
                      the possibility is created to start
                      additional programs
disconnect.sh.update  Backup file                                 generated 
fwmsge.dat            Firewall Log Template                       inst.
pindlg.conf           Pin Dialog individual creating              inst.
pindlg.conf.update    Backup file                                 generated 
ncpphone.bak          Backup file                                 generated 
ncpphone.cfg          Telephone book (is generated, if not        inst./
                      present)                                    generated       
ncpphone.sav          Backup file created by the user             generated
ncpclnt.conf          Client monitor settings (ncpclnt)           generated
reader.ini            The smart card reader is activated          generated
                      according to ncppki.conf  ([Interfaces])
ncpepsec.exe          Endpoint Security                           inst.

-------------------------------------------------------------------------------
/etc/init.d           Directory of the SysV init scripts
ncpclntd              SysV init script for starting/stopping the  inst.
                      VPN module of the client
                      (copy from /usr/local/ncpclnt/bin)

/etc/init.d/rc1.d     Start / stop call-ups for SysV init
/etc/init.d/rc2.d     (see corresponding Linux distribution,
/etc/init.d/rc3.d     as these directories can differ from
/etc/init.d/rc5.d     each other)
Sxxncpclntd           Softlink to /etc/init.d/ncpclntd           generated
Kxxncpclntd           Softlink to /etc/init.d/ncpclntd           generated
                      xx is replaced by a number that specifies
                      the start sequence. The number is assigned
                      by an appropriate tool automatically.

/etc/modules.conf     Entries for tun device or tap device, if present
                      or not yet present.

-------------------------------------------------------------------------------
/var/log/ncp          Log directory
ncpyymmdd.log         Entry Client log                            generated
ncpTraceLog.txt       Text file                                   generated
rwsrsu.log            RSU log file                                generated

/var/log/ncp/log      (if no other directory is configured)
fwyymmdd.log          Firewall Log file                           generated
yymmdd                year, month, day of creation of this
                      directory

-------------------------------------------------------------------------------
/var/run
ncprwsd.pid           pids of these daemons                       generated
rwsrsud.pid                                                       generated

-------------------------------------------------------------------------------
/usr/share/doc/packages/ncpclnt/licger.txt
                      Docu directory
licger.txt            License agreement                           inst.
licengl.txt           License agreement                           inst.
infoger.txt           Info for update to full version             inst.
infoengl.txt          The same in English                         inst.
liesmich.txt     (**) Most recent info in German                  inst.
readme.txt       (**) The same in English                         inst.

-------------------------------------------------------------------------------
/var/adm/backup/ncpclnt-deinst-yymmdd[-l]
                      include the files backed up                  generated
                      during the deinstallation, e.g, this directory
                      is only present after an initial de
                      installation
/var/adm/backup/ncpclnt-update-yymmdd[-l]
                      include the binaries from /usr/local/ncp     generated
                      backed up during an update,
                      e.g. this directory is only present after an
                      initial update (installation on a system
                      on which the Secure Server
                      was already installed)

yymmdd                Year, month, day when the directory was
                      created
l                     Optional consecutive number if the creation
                      takes place on the same day

-------------------------------------------------------------------------------
The scripts listed here are only required for the installation per script
and are not installed as part of the installation:
clntchk               This script checks the installation
                      prerequisites
clntinst              Script that generates the target directories
                      and copies the files

(*)   These files are only required for the installation via script
(**)  Those files will be copied only if they are located on the
      installation medium additionally to the install script.
shm   shared memory = generated


-------------------------------------------------------------------------------
NCP engineering GmbH, February 2006
