Difference: DynaFed (3 vs. 4)

Revision 42017-05-26 - mebert

Line: 1 to 1
 
META TOPICPARENT name="DynaFed"

Dynafed installation and user authentication

Line: 22 to 22
 
    • fetch-crl
    • gridsite
    • edg-mkgridmap
Changed:
<
<
    • ca_*
>
>
    • lcg-CA
 
      • all site certificates
  • disable selinux
  • replace /etc/httpd/conf.d/ssl.conf with an empty file
Line: 58 to 58
 
  • create a file ending with ".conf" in /etc/ugr/conf.d/
  • add the endpoint to this file
Changed:
<
<
glb.locplugin[]
libugrlocplugin_s3.so cc_rjs 2 https://s3-uvic.dev.computecanada.ca/rjsBucket
locplugin.cc_rjs.xlatepfx
/S3-Atlas /
locplugin.cc_rjs.s3.priv_key
PRIVATE KEY GOES HERE
locplugin.cc_rjs.s3.pub_key
PUBLIC KEY GOES HERE
locplugin.cc_rjs.s3.alternate
yes
>
>
glb.locplugin[]
libugrlocplugin_s3.so UGR-ID 2 https://s3-SERVER/Bucket
locplugin.UGR-ID.xlatepfx
/S3-Atlas /
locplugin.UGR-ID.s3.priv_key
PRIVATE KEY GOES HERE
locplugin.UGR-ID.s3.pub_key
PUBLIC KEY GOES HERE
locplugin.UGR-ID.s3.alternate
yes
 
  • restart httpd and memcached
Line: 74 to 74
 
  • restart httpd and memcached

This will allow read and listing of everything under /myfed/S3-Atlas for everyone with a valid Atlas voms proxy.

Changed:
<
<
However, the dynafed endpoint will no longer we usable through a web browser even for Atlas users since dynafed by default does not evaluate certificates.
>
>
However, the dynafed endpoint will no longer be usable through a web browser even for Atlas users since dynafed by default does not evaluate certificates.
 

certificate based authentication

  • works only if SSL is enabled
  • DynaFed doesn't support certificate evaluation by default but it allows python based authentication using own modules
    • needs a grid-mapfile
Changed:
<
<
    • in /etc/ugr/conf.d create the file ugrauth_gridmap.py
      • file needs to be renamed to remove ".txt" at the end
>
>
    • in /etc/ugr/conf.d create the file ugrauth_gridmap.py.txt
      • downloaded file needs to be renamed to remove ".txt" at the end
 
    • add to /etc/ugr/ugr.conf the line:
      glb.authorizationplugin[]: libugrauthplugin_python27.so authplug1 ugrauth_gridmap isallowed
      • depending on OS and python version it needs to be python27 or python26
Line: 93 to 93
 
Added:
>
>
This also works for voms proxy based access on the command line.
 

grid-mapfile generation

  • needs a list of voms server in config files
    • e.g. /etc/edg-mkgridmap-atlas-prod.conf contains2 lines:
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback