dCache.Org eagle
black_bg
home | documentation | downloads | feedback | search | imprint
black_bg
release notes | Book: 1.9.5, 1.9.12 (opt, FHS), 2.0 (opt, FHS), 2.1 (opt, FHS), | Wiki | Q&A | Client API | dccp
black_bg
Web: Multi-page, Single page | PDF: A4-size, Letter-size | eBook: epub
black_bg
An example policy file
Prev Chapter 12. gPlazma authorization in dCache Next
The dCache Book > Configuration of dCache > gPlazma authorization in dCache > An example policy file

An example policy file

Here is an example of how a policy file might be set up. 

saml-vo-mapping="ON"
kpwd="ON"
grid-mapfile="OFF"
gplazmalite-vorole-mapping="OFF"
saml-vo-mapping-priority="1"
kpwd-priority="3"
grid-mapfile-priority="4"
gplazmalite-vorole-mapping-priority="2"
kpwdPath="/opt/d-cache/etc/dcache.kpwd"
gridMapFilePath="/etc/grid-security/grid-mapfile"
storageAuthzPath="/etc/grid-security/storage-authzdb"
mappingServiceUrl="https://fledgling09.fnal.gov:8443/gums/services/GUMSAuthorizationServicePort"
saml-vo-mapping-cache-lifetime="60"
gridVoRolemapPath="/etc/grid-security/grid-vorolemap"
gridVoRoleStorageAuthzPath="/etc/grid-security/storage-authzdb"

In this case, gPlazma will attempt to authorize first through a GUMS server, and fall back to using dcache.kpwd. The mappingServiceUrl would have to be changed to a GUMS server appropriate for the site.

Prev Up Next
Configuring the xacml-vo-mapping Plugin Home The Setup Files
black_bg
Copyright dCache.org © 2003 - 2012