Difference between revisions of "Lcmaps-plugins-vo-ca-ap"
From PDP/Grid Wiki
Jump to navigationJump to search (Add info on vo-ca-ap-file from man-page) |
|||
| Line 32: | Line 32: | ||
== vo-ca-ap-file == | == vo-ca-ap-file == | ||
| + | === Format === | ||
| + | Each line in the vo-ca-ap-file consists of a VO name starting with a leading slash (/) separated by '''white space''' from a '''comma'''-separated list of entries. For VOMS-less proxies, instead of the slash plus VO-name a minus (?) is used. The VO name is matched using a �filename� match, allowing for e.g. * wildchars to match any VO. | ||
| + | |||
| + | Entries can either be an issuer DN (in OpenSSL notation) or the name of a <tt>.info</tt> file which contains the issuer DNs in the value of the ''subjectdn'' key. An issuer DN can optionally be prefixed with ''issuer:'' while a file must be prefixed with ''file:'' | ||
| + | |||
| + | When an issuer DN or filename contains spaces, the entry (excluding the ''issuer:'' or ''file:'' prefix) should be enclosed in double quotes. A relative filename is taken with respect to the defined certificate directory or its default (<tt>/etc/grid-security/certificate</tt>). | ||
| + | |||
=== Reference WLCG / IGTF VO-CA-AP file === | === Reference WLCG / IGTF VO-CA-AP file === | ||
The default vo-ca-ap-file as shipped in <tt>/etc/grid-security/vo-ca-ap-file</tt> | The default vo-ca-ap-file as shipped in <tt>/etc/grid-security/vo-ca-ap-file</tt> | ||
