Changes between Version 14 and Version 15 of Doc/gLite/TemplateCustomization/Services


Ignore:
Timestamp:
May 20, 2011, 1:52:59 PM (13 years ago)
Author:
/O=GRID-FR/C=FR/O=CNRS/OU=LAL/CN=Michel Jouvin
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • Doc/gLite/TemplateCustomization/Services

    v14 v15  
    663663The VOBOX is a machine '''dedicated to one VO''' running VO-specific services. In addition to the VO-specific services, this machine runs a service called ''proxy renewal'' in charge of renewing the grid proxy used by VO-specific services.
    664664
    665 This is critical for the security to restrict the number of people allowed access to the VOBOX. By default, only people with the VO SW manager role can log into the VO box. To change this configuration, refer to section on [/wiki/Doc/gLite/TemplateCustomization/General#MappingofVOMS-gridmapfile VOMS groups/roles mapping], but be sure you really need to allow other roles as it can give unwanted users access to privilege services.
     665This is critical for the security to restrict the number of people allowed access to the VOBOX. By default, only people with the VO SW manager role can log into the VO box. To change this configuration, refer to section on [/wiki/Doc/gLite/TemplateCustomization/General#VOMS-gridmapfile VOMS groups/roles mapping], but be sure you really need to allow other roles as it can give unwanted users access to privilege services. It is also possible to [/wiki/Doc/gLite/TemplateCustomization/General#LCAS-LCMAPS ban some users] among those authorized based on their FQANs.
    666666
    667667The configuration templates for the VOBOX enforce there is only one VO configured for acess to VOBOX-specific services. This VO must be declared using the `VOS` variable, as for other machine types. If you want to give other VOs access to the VOBOX for the management and operation of the VOBOX, you need to explicitly allow them using the variable `VOBOX_OPERATION_VOS`. This variable is a list of VOs considered as operation VOs. By default, this list is only VO `ops`. If the VOs listed in this variable are not listed in  `VOS`, they are automatically added.