Difference between revisions of "Using the SCAS"
(6 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
The LCAS/LCMAPS GT4-interface for Globus GridFTPd, Gatekeeper and GSI-OpenSSHd and [[gLExec]] all share the [[LCMAPS]] framework as their mapping back-end. It can be configured to use the [[SCAS]] client LCMAPS plug-in. This will contact the SCAS service to trigger an authorization decision and, on a positive result, return a mapping result. This will then be input for the LCMAPS user mapping back-end of gLExec to continue. | The LCAS/LCMAPS GT4-interface for Globus GridFTPd, Gatekeeper and GSI-OpenSSHd and [[gLExec]] all share the [[LCMAPS]] framework as their mapping back-end. It can be configured to use the [[SCAS]] client LCMAPS plug-in. This will contact the SCAS service to trigger an authorization decision and, on a positive result, return a mapping result. This will then be input for the LCMAPS user mapping back-end of gLExec to continue. | ||
− | |||
== Installation == | == Installation == | ||
− | Add the [http://etics-repository.cern.ch:8080/repository/download/registered/org.glite/org.glite.security.lcmaps-plugins-scas-client | + | Add the [http://etics-repository.cern.ch:8080/repository/download/registered/org.glite/org.glite.security.lcmaps-plugins-scas-client scas-client plugin] to the set of RPMs on your machine. The SCAS client LCMAPS plug-in has a requirement on the [http://etics-repository.cern.ch:8080/repository/download/registered/org.glite/org.glite.security.saml2-xacml2-c-lib SAML2-XACML2 C Library]. |
== Configuration == | == Configuration == | ||
− | + | Configure the LCMAPS You would add to <tt>/opt/glite/etc/lcmaps/lcmaps.db</tt> or <tt>/opt/glite/etc/lcmaps/lcmaps-glexec.db</tt>: | |
− | |||
− | Configure the LCMAPS You would add to <tt>/opt/glite/etc/lcmaps/lcmaps-glexec.db</tt>: | ||
scasclient = "lcmaps_scas_client.mod" | scasclient = "lcmaps_scas_client.mod" | ||
Line 24: | Line 21: | ||
verify_proxy -> scasclient | verify_proxy -> scasclient | ||
scasclient -> posix_enf | scasclient -> posix_enf | ||
+ | |||
+ | Note: This example assumes a verify_proxy and posix_enf plug-in to be configured in the same lcmaps.db file. | ||
+ | |||
+ | == More information == | ||
+ | |||
+ | To test your setup then you can find more information on the page for [[Debugging hints]]. |
Latest revision as of 19:39, 5 February 2010
The LCAS/LCMAPS GT4-interface for Globus GridFTPd, Gatekeeper and GSI-OpenSSHd and gLExec all share the LCMAPS framework as their mapping back-end. It can be configured to use the SCAS client LCMAPS plug-in. This will contact the SCAS service to trigger an authorization decision and, on a positive result, return a mapping result. This will then be input for the LCMAPS user mapping back-end of gLExec to continue.
Installation
Add the scas-client plugin to the set of RPMs on your machine. The SCAS client LCMAPS plug-in has a requirement on the SAML2-XACML2 C Library.
Configuration
Configure the LCMAPS You would add to /opt/glite/etc/lcmaps/lcmaps.db or /opt/glite/etc/lcmaps/lcmaps-glexec.db:
scasclient = "lcmaps_scas_client.mod" " -capath /etc/grid-security/certificates/" " -endpoint https://graszaad.nikhef.nl:8443" " -resourcetype wn" " -actiontype execute-now"
and the following policy execution flow at the end:
# policies glexec_get_account: verify_proxy -> scasclient scasclient -> posix_enf
Note: This example assumes a verify_proxy and posix_enf plug-in to be configured in the same lcmaps.db file.
More information
To test your setup then you can find more information on the page for Debugging hints.