For the authenticated mode a configured gPlazma
is
required (see also the section called “gPlazma
config example to work with authenticated webadmin”). The user may either authenticate by presenting his grid certificate or
by entering a valid username/password combination. This way it is possible to login even if the user does not have a grid certificate.
For a non-authenticated webadmin
service you just need to start the httpd
service.
For the authenticated mode using a grid certificate the host certificate has to be imported into the dCache-keystore. In the grid world host certificates are usually signed by national Grid-CAs. Refer to the documentation provided by the Grid-CA to find out how to request a certificate. To import them into the dCache-keystore use this command:
[root] #
dcache import hostcert
Now you have to initialise your truststore (this is the certificate-store used for the SSL connections) by using this command:
[root] #
dcache import cacerts
The webadmin
service uses the same truststore as webdav
service, so you can skip this step if you have webdav
configured with SSL.
Since the webadmin
service runs inside the httpd
service you need to enable the httpdDomain in your layout file.
Example:
[httpdDomain] webadminDCacheInstanceName=coolName
The default instance name is the name of the host which runs the httpdDomain and the default http port number is 2288
(this is the default port number of the httpd
service).
Now you should be able to have a read-only access to the webpage http://example.com:2288/webadmin
.
The next step will explain setting for the authenticated mode.
The default value for the webadminHttpsPort
is 8444
. In the following example we will enable the authenticated mode and define the webadminAdminGid
.
Example:
[httpdDomain] webadminDCacheInstanceName=coolName authenticated=true webadminAdminGid=1000
The most important value is webadminAdminGid
, because it configures who is allowed to
alter dCache behaviour, which certainly should not be everyone:
# # When a user has this GID he can become an Admin for the webadmin interface # webadminAdminGid=1000
To see all webadmin specific property values have a look at
/usr/share/dcache/defaults/httpd.properties
.
For information on gPlazma
configuration have a look at
Chapter 10, Authorization in dCache and for a special example
the section called “gPlazma
config example to work with authenticated webadmin”.
After startup of the httpdDomain you can reach the Webadmin in authenticated mode by https://example.com:8444/webadmin
.
You will be asked to login as admin.