Changes between Version 24 and Version 25 of FeddConfig


Ignore:
Timestamp:
Jan 16, 2011 8:25:40 PM (14 years ago)
Author:
faber
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • FeddConfig

    v24 v25  
    6666 '''accessdb'''::
    6767  The mapping of three level names to local project and users (for creation and
    68   services).  See below for the format of this DB.
     68  services).  The [FeddDatabases#AccessComponentAccessDB legacy format] is only supported when '''auth_type''' is legacy, and the [wiki:FeddABAC#access_to_abac.py access_to_abac.py] tool will convert to ABAC format.
    6969 '''access_state'''::
    7070  Name of the file where current access state is saved.  This state includes
     
    7474 '''access_type'''::
    7575  The underlying plug-in module to use for access.  Currently '''emulab''', '''dragon''', '''deter_internal''', and '''protogeni''' are understood.  We will be adding more choices as well as dynamic choices in the near future.   The default is '''emulab''', for backward compatibility.
     76 '''auth_type'''::
     77   Access control system used.  Must be '''abac''' or '''legacy''', and obviously '''abac''' is preferred.
     78 '''auth_dir'''::
     79   When '''abac''' is specified for '''auth_type''' this is the diretory that holds the ABAC authorization directory, probably created by [wiki:FeddABAC#access_to_abac.py access_to_abac.py].
    7680 '''cert_file'''::
    7781  Certificate used to assert identity of the access controller.  It uses this
     
    305309
    306310 '''accessdb'''::
    307   Database that indicates who can request services from this `fedd` and what three-level names the `fedd` will attest on their behalf.  The specification is on the [FeddDatabases databases page].
     311  Database that indicates who can request services from this `fedd` and what three-level names the `fedd` will attest on their behalf.  The specification is on the [FeddDatabases databases page].  This is unused and unnecessary when '''auth_type''' is '''abac'''.  It can be converted to ABAC format using [wiki:FeddABAC#fedd_to_abac.py fedd_to_abac.py].
     312 '''auth_type'''::
     313   Access control system used.  Must be '''abac''' or '''legacy''', and obviously '''abac''' is preferred.
     314 '''auth_dir'''::
     315   When '''abac''' is specified for '''auth_type''' this is the diretory that holds the ABAC authorization directory, probably created by [wiki:FeddABAC#access_to_abac.py access_to_abac.py].
    308316 '''cert_file'''::
    309317  Certificate used to assert identity of the experiment control component.  If this field is not present and a '''cert_file''' is present in the [globals] section, the [globals] certificate will be used.
     
    341349
    342350 '''accessdb'''::
    343   [FeddDatabases#GlobalAccessDB Database] indicating which requesters can use the service.
     351  [FeddDatabases#GlobalAccessDB Database] indicating which requesters can use the service.  Unused if '''auth_type''' is '''abac'''.
     352 '''auth_type'''::
     353   Access control system used.  Must be '''abac''' or '''legacy''', and obviously '''abac''' is preferred.
     354 '''auth_dir'''::
     355   When '''abac''' is specified for '''auth_type''' this is the diretory that holds the ABAC authorization directory, probably created by [wiki:FeddABAC#access_to_abac.py access_to_abac.py].
    344356 '''allow_any'''::
    345357  If this boolean is true, any requester may use the service.  The service at !https://users.isi.deterlab.net:23235 has this parameter set.