Difference between revisions of "Lcmaps-plugins-vo-ca-ap"

From PDP/Grid Wiki
Jump to navigationJump to search
(Add info on vo-ca-ap-file from man-page)
Line 32: Line 32:
  
 
== vo-ca-ap-file ==
 
== vo-ca-ap-file ==
 +
=== Format ===
 +
Each line in the vo-ca-ap-file consists of a VO name starting with a leading slash (/) separated by '''white space''' from a '''comma'''-separated list of entries. For VOMS-less proxies, instead of the slash plus VO-name a minus (?) is used. The VO name is matched using a �filename� match, allowing for e.g. * wildchars to match any VO.
 +
 +
Entries can either be an issuer DN (in OpenSSL notation) or the name of a <tt>.info</tt> file which contains the issuer DNs in the value of the ''subjectdn'' key. An issuer DN can optionally be prefixed with ''issuer:'' while a file must be prefixed with ''file:''
 +
 +
When an issuer DN or filename contains spaces, the entry (excluding the ''issuer:'' or ''file:'' prefix) should be enclosed in double quotes. A relative filename is taken with respect to the defined certificate directory or its default (<tt>/etc/grid-security/certificate</tt>).
 +
 
=== Reference WLCG / IGTF VO-CA-AP file ===
 
=== Reference WLCG / IGTF VO-CA-AP file ===
 
The default vo-ca-ap-file as shipped in <tt>/etc/grid-security/vo-ca-ap-file</tt>
 
The default vo-ca-ap-file as shipped in <tt>/etc/grid-security/vo-ca-ap-file</tt>

Revision as of 19:50, 23 February 2017