Content-type: text/html Manpage of SCAS

SCAS

Section: gLite (5)
Updated: Nov 2008
Index Return to Main Contents

 

NAME

scas.conf - Configuration file for the Site Central Authorization Service

 

SYNOPSIS

/opt/glite/etc/scas.conf

 

DESCRIPTION

The Site Central Authorization Service (SCAS) is a Web Service that allows client programs to query for an authorization decision based upon user credentials to access a particular resource. The result of the query will either be an allow or deny. When the service decided to send an allow message to its requesting client it may include obligations. These obligations are undeniable and MUST be processed. The returned obligations can tell the client on which terms the credentials were allowed. In our case with the SCAS (and also with GUMS/PRIMA/gPlazma use cases) this will be Unix account mapping obligations (and other use case specific attributes).

When a SCAS is queried for a authorization decision it receives user credentials among other pieces of information that tells the SCAS more about the query's origin. The SCAS is mostly interested in the user credentials. The user credentials are extracted from the query and processed in Local Centre Authorization Service (LCAS) and Local Credential Mapping Service (LCMAPS).

On the return of the allow message from the SCAS back to the client, the LCMAPS mapping result will be transported back to the client in the form of an obligation that holds sufficient information to perform an LCMAPS mapping on the client side. The type of obligations may be extended to support other type of clients. But for now all LCMAPS based clients are supported (like the GT4 gatekeepers with LCMAPS and gLExec). This will be extended to GUMS/PRIMA/gPlazma in time because they will require the support for other XACML obligations.

 

OPTIONS - The options are name = value pairs

scas_port
TCP portnumber for the SCAS service to listen on

scas_log_file
SCAS log file

scas_log_type
Type of logging: 'file' or 'syslog'. This feature is not implemented yet. Currently it only logs to file.

scas_log_string
All log entries will be prefixes with the value.

scas_debug_level
Debug level (0-5)

scas_log_level
Log level (0-5)

scas_hostcert
Host certificate of the SCAS service

scas_hostkey
Private key file that's with the host certificate of the SCAS service

scas_capath
CA certificate directory that contains the CRL files and the CA root certificates

vomsdir
VOMS Directory, holds the .lsc files and/or VOMS host/service certificates

LCAS_LOG_FILE: Name and location of the logfile LCAS_LOG_TYPE: Type of logging (logfile, syslog, both or none) LCAS_LOG_STRING: Log string to be prepended to the logging lines LCAS_LOG_LEVEL: Log level (0-5) LCAS_DB_FILE: Name of the lcas policy file
        else if ((strcasecmp (cnv[i].name, "lcas_log_level") == 0) && (cnv[i].value)) LCAS_DEBUG_LEVEL: Debug level (0-5) LCAS_MOD_DIR: Location of the LCAS library LCAS_DIR: Location of the LCAS config files LCAS_ETC_DIR: Location of the LCAS config files (=LCAS_DIR)


        else if ((strcasecmp (cnv[i].name, "lcmaps_mapdir") == 0) && (cnv[i].value)) LCMAPS_LOG_FILE: Name and location of the logfile LCMAPS_LOG_TYPE: Type of logging (logfile, syslog, both or none) LCMAPS_LOG_STRING: Log string to be prepended to the logging lines LCMAPS_DB_FILE: Name of the lcmaps policy file LCMAPS_LOG_LEVEL: Log level (0-5) LCMAPS_DEBUG_LEVEL: Debug level (0-5) LCMAPS_MOD_DIR: Location of the LCMAPS library LCMAPS_DIR: Location of the LCMAPS config files LCMAPS_ETC_DIR: Location of the LCMAPS config files (=LCMAPS_DIR) LCMAPS_POLICY_STRING The list of policies (default = NULL) LCMAPS_POLICY_ACQ_STRING The list of acquisition policies (default = acquisition_policy) LCMAPS_POLICY_ENF_STRING The list of enforcement policies (default = enforcement_policy)

 

FILES

/opt/glite/etc/scas.conf

 

SEE ALSO

scas(3), lcas(1), lcmaps(1), x509(1), glexec(1), glexec.conf(5)

 

AUTHOR

Writen by Oscar Koeroo <okoeroo@nikhef.nl>

 

COPYRIGHT

Copyright © 2008, EGEE


 

Index

NAME
SYNOPSIS
DESCRIPTION
OPTIONS - The options are name = value pairs
FILES
SEE ALSO
AUTHOR
COPYRIGHT

This document was created by man2html, using the manual pages.
Time: 10:42:29 GMT, May 15, 2009