Using the SCAS

From PDP/Grid Wiki
Jump to navigationJump to search

The LCAS/LCMAPS GT4-interface for Globus GridFTPd, Gatekeeper and GSI-OpenSSHd and gLExec all share the LCMAPS framework as their mapping back-end. It can be configured to use the SCAS client LCMAPS plug-in. This will contact the SCAS service to trigger an authorization decision and, on a positive result, return a mapping result. This will then be input for the LCMAPS user mapping back-end of gLExec to continue.


Installation

Add the scas-client plugin to the set of RPMs on your machine, and configure the SCAS client by editing the lcmaps.db file on your system.

Configuration

Configure the LCMAPS You would add to /opt/glite/etc/lcmaps/lcmaps.db or /opt/glite/etc/lcmaps/lcmaps-glexec.db:

scasclient = "lcmaps_scas_client.mod"
            " -capath /etc/grid-security/certificates/"
            " -endpoint https://graszaad.nikhef.nl:8443"
            " -resourcetype wn"
            " -actiontype execute-now"

and the following policy execution flow at the end:

# policies
glexec_get_account:
verify_proxy  -> scasclient
scasclient -> posix_enf

Note: This example assumes a verify_proxy and posix_enf plug-in to be configured in the same lcmaps.db file.