Difference between revisions of "Using the SCAS"

From PDP/Grid Wiki
Jump to navigationJump to search
Line 1: Line 1:
gLExec uses LCMAPS as its mapping back-end. It can be configured to use the [[SCAS]] client You can configure
+
The LCAS/LCMAPS GT4-interface for Globus GridFTPd, Gatekeeper and GSI-OpenSSHd and [[gLExec]] all share the [[LCMAPS]] framework as their mapping back-end. It can be configured to use the [[SCAS]] client LCMAPS plug-in. This will contact the SCAS service to trigger an authorization decision and, on a positive result, return a mapping result. This will then be input for the LCMAPS user mapping back-end of gLExec to continue.
  
If you prefer to use LCMAPS with the SCAS service, add the [http://etics-repository.cern.ch:8080/repository/download/registered/org.glite/org.glite.security.lcmaps-plugins-scas-client/0.2.8/ scas-client plugin] to the set of RPMs, and configure the SCAS client. You would add to <tt>/opt/glite/etc/lcmaps/lcmaps-glexec.db</tt>:
+
 
 +
== Installation ==
 +
 
 +
Add the [http://etics-repository.cern.ch:8080/repository/download/registered/org.glite/org.glite.security.lcmaps-plugins-scas-client/0.2.8/ scas-client plugin] to the set of RPMs on your machine, and configure the SCAS client by editing the '''lcmaps.db''' file on your system.
 +
 
 +
== Configuration ==
 +
 
 +
Note: The following example assumes a verify_proxy and posix_enf plug-in to be configured.
 +
 
 +
Configure the LCMAPS You would add to <tt>/opt/glite/etc/lcmaps/lcmaps-glexec.db</tt>:
  
 
  scasclient = "lcmaps_scas_client.mod"
 
  scasclient = "lcmaps_scas_client.mod"

Revision as of 16:23, 5 February 2010

The LCAS/LCMAPS GT4-interface for Globus GridFTPd, Gatekeeper and GSI-OpenSSHd and gLExec all share the LCMAPS framework as their mapping back-end. It can be configured to use the SCAS client LCMAPS plug-in. This will contact the SCAS service to trigger an authorization decision and, on a positive result, return a mapping result. This will then be input for the LCMAPS user mapping back-end of gLExec to continue.


Installation

Add the scas-client plugin to the set of RPMs on your machine, and configure the SCAS client by editing the lcmaps.db file on your system.

Configuration

Note: The following example assumes a verify_proxy and posix_enf plug-in to be configured.

Configure the LCMAPS You would add to /opt/glite/etc/lcmaps/lcmaps-glexec.db: 

scasclient = "lcmaps_scas_client.mod"
            " -capath /etc/grid-security/certificates/"
            " -endpoint https://graszaad.nikhef.nl:8443"
            " -resourcetype wn"
            " -actiontype execute-now"

and the following policy execution flow at the end: 

# policies
glexec_get_account:
verify_proxy  -> scasclient
scasclient -> posix_enf
Retrieved from "https://wiki.nikhef.nl/grid/index.php?title=Using_the_SCAS&oldid=4008"