Difference between revisions of "Using the SCAS"
| Line 4: | Line 4: | ||
== Installation == | == Installation == | ||
| − | Add the [http://etics-repository.cern.ch:8080/repository/download/registered/org.glite/org.glite.security.lcmaps-plugins-scas-client | + | Add the [http://etics-repository.cern.ch:8080/repository/download/registered/org.glite/org.glite.security.lcmaps-plugins-scas-client scas-client plugin] to the set of RPMs on your machine, and configure the SCAS client by editing the '''lcmaps.db''' file on your system. |
== Configuration == | == Configuration == | ||
Revision as of 16:40, 5 February 2010
The LCAS/LCMAPS GT4-interface for Globus GridFTPd, Gatekeeper and GSI-OpenSSHd and gLExec all share the LCMAPS framework as their mapping back-end. It can be configured to use the SCAS client LCMAPS plug-in. This will contact the SCAS service to trigger an authorization decision and, on a positive result, return a mapping result. This will then be input for the LCMAPS user mapping back-end of gLExec to continue.
Installation
Add the scas-client plugin to the set of RPMs on your machine, and configure the SCAS client by editing the lcmaps.db file on your system.
Configuration
Configure the LCMAPS You would add to /opt/glite/etc/lcmaps/lcmaps.db or /opt/glite/etc/lcmaps/lcmaps-glexec.db:
scasclient = "lcmaps_scas_client.mod"
" -capath /etc/grid-security/certificates/"
" -endpoint https://graszaad.nikhef.nl:8443"
" -resourcetype wn"
" -actiontype execute-now"
and the following policy execution flow at the end:
# policies glexec_get_account: verify_proxy -> scasclient scasclient -> posix_enf
Note: This example assumes a verify_proxy and posix_enf plug-in to be configured in the same lcmaps.db file.
