Advertisement
fmartinelli

dcachesrm-gplazma.policy

Mar 21st, 2013
378
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 3.60 KB | None | 0 0
  1. # ######                   dcachesrm-gplazma.policy                         #######
  2. # ######      gPLAZMA: grid-aware PLuggable AuthoriZation MAnagement.       #######
  3. # ######      gPLAZMAlite Suite: Built-in light-weight services for         #######
  4. # ######       grid legacy mapping & VO Role fine-grain security.           #######
  5. # ######                        Version 0.1-1                               #######
  6.  
  7. # This file contains gPLAZMA module's policy configuration in dCache-SRM.
  8. # Operational with: SRM, GridFTP.
  9.  
  10. # CAUTION: Commenting out a switch|priority|configuration line (with a # sign) in
  11. # this file is equivalent to switching that plugin|service OFF. It is handled, but
  12. # please exercise caution to maintain the marker intact for possible future use.
  13. # Recommended way is to turn plugins|services OFF explicitly - using the switches.
  14.  
  15. # Assertion results in a Disallow|Allow decision.
  16. # Authorization results in a Disallow|Allow decision with Authorization Record.
  17.  
  18. # Switches and Priorities for Loadable Assertion Plugins|Services - Not supported -
  19. # #################################################################################
  20. # #site-assertion=
  21.  
  22. # Switches and Priorities for Loadable Authorization Plugins|Services
  23. # #################################################################################
  24. # A valid switch is from { "OFF" | "ON" }.
  25. # A priority (based on site|VO policies) is required if switch is ON.
  26. # A valid priority is from { "1" | "2" | "3" | "4" } and must be unique.
  27.  
  28. # Please note -
  29. # Each plugin returns a decision based on a different authorization repository|
  30. # service. Priorities are translated into priority of access (as compared to priority
  31. # of denial). A well-defined Over-riding Policy can be enforced while using multiple
  32. # authorization services (multiple switches ON) by defining priorities differently.
  33.  
  34. # Turning all switches OFF leads the running system to a secure quasi-firewall mode.
  35.  
  36. # Switches
  37. xacml-vo-mapping="OFF"
  38. saml-vo-mapping="OFF"
  39. kpwd="ON"
  40. grid-mapfile="OFF"
  41. # gplazmalite-vorole-mapping="OFF"  # 1.8 setting at PSI
  42. gplazmalite-vorole-mapping="ON"
  43.  
  44. # Priorities
  45. xacml-vo-mapping-priority="5"
  46. saml-vo-mapping-priority="4"
  47. kpwd-priority="2"
  48. grid-mapfile-priority="3"
  49. gplazmalite-vorole-mapping-priority="1"
  50.  
  51. # Configurable Options for Plugins|Services
  52. # #################################################################################
  53. # Path to local or remotely accessible authorization repositories|services.
  54. # A valid path is required if corresponding switch is ON.
  55.  
  56. # dcache.kpwd
  57. kpwdPath="/opt/d-cache/etc/dcache.kpwd"
  58.  
  59. # grid-mapfile
  60. gridMapFilePath="/etc/grid-security/grid-mapfile"
  61. storageAuthzPath="/etc/grid-security/storage-authzdb"
  62.  
  63. # XACML-based grid VO role mapping
  64. XACMLmappingServiceUrl="https://fledgling09.fnal.gov:8443/gums/services/GUMSXACMLAuthorizationServicePort"
  65. # Time in seconds to cache the mapping in memory
  66. xacml-vo-mapping-cache-lifetime="180"
  67.  
  68. # SAML-based grid VO role mapping
  69. mappingServiceUrl="https://fledgling09.fnal.gov:8443/gums/services/GUMSAuthorizationServicePort"
  70. # Time in seconds to cache the mapping in memory
  71. saml-vo-mapping-cache-lifetime="180"
  72.  
  73. # Built-in gPLAZMAlite grid VO role mapping
  74. gridVoRolemapPath="/etc/grid-security/grid-vorolemap"
  75. gridVoRoleStorageAuthzPath="/etc/grid-security/storage-authzdb"
  76. # vomsValidation="false" # PSI 1.8 setting
  77. vomsValidation="false"
  78.  
  79. # SAZ Settings
  80. saz-client="OFF"
  81. SAZ_SERVER_HOST="saz-server.oursite.edu"
  82. SAZ_SERVER_PORT="8888"
  83.  
  84. # #################################################################################
  85. # END
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement