Difference between revisions of "Using the SCAS"

From PDP/Grid Wiki
Jump to navigationJump to search
Line 8: Line 8:
 
== Configuration ==
 
== Configuration ==
  
Note: The following example assumes a verify_proxy and posix_enf plug-in to be configured.
+
Configure the LCMAPS You would add to <tt>/opt/glite/etc/lcmaps/lcmaps.db</tt> or <tt>/opt/glite/etc/lcmaps/lcmaps-glexec.db</tt>:
 
 
Configure the LCMAPS You would add to <tt>/opt/glite/etc/lcmaps/lcmaps-glexec.db</tt>:
 
  
 
  scasclient = "lcmaps_scas_client.mod"
 
  scasclient = "lcmaps_scas_client.mod"
Line 24: Line 22:
 
  verify_proxy  -> scasclient
 
  verify_proxy  -> scasclient
 
  scasclient -> posix_enf
 
  scasclient -> posix_enf
 +
 +
Note: This example assumes a verify_proxy and posix_enf plug-in to be configured in the same lcmaps.db file.

Revision as of 16:39, 5 February 2010

The LCAS/LCMAPS GT4-interface for Globus GridFTPd, Gatekeeper and GSI-OpenSSHd and gLExec all share the LCMAPS framework as their mapping back-end. It can be configured to use the SCAS client LCMAPS plug-in. This will contact the SCAS service to trigger an authorization decision and, on a positive result, return a mapping result. This will then be input for the LCMAPS user mapping back-end of gLExec to continue.


Installation

Add the scas-client plugin to the set of RPMs on your machine, and configure the SCAS client by editing the lcmaps.db file on your system.

Configuration

Configure the LCMAPS You would add to /opt/glite/etc/lcmaps/lcmaps.db or /opt/glite/etc/lcmaps/lcmaps-glexec.db:

scasclient = "lcmaps_scas_client.mod"
            " -capath /etc/grid-security/certificates/"
            " -endpoint https://graszaad.nikhef.nl:8443"
            " -resourcetype wn"
            " -actiontype execute-now"

and the following policy execution flow at the end:

# policies
glexec_get_account:
verify_proxy  -> scasclient
scasclient -> posix_enf

Note: This example assumes a verify_proxy and posix_enf plug-in to be configured in the same lcmaps.db file.