Changes between Version 124 and Version 125 of Doc/gLite/TemplateCustomization


Ignore:
Timestamp:
Jul 1, 2009, 3:24:41 PM (16 years ago)
Author:
/O=GRID-FR/C=FR/O=CNRS/OU=LAL/CN=Michel Jouvin
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • Doc/gLite/TemplateCustomization

    v124 v125  
    858858__Base template__ : `machine-types/px`.
    859859
    860 A MyProxy server has no specific configuration options, except the VO list defined with `VOS` variable.
    861 
     860MyProxy server configuration consists of defining policies for access to proxies stored on the server and their renewal. There are 2 sets of policiies : explictly authorized policies and default policies. For each set a separate policy can be defined for:
     861 * renewers : list of clients able to renew a proxy. The variables to use are `MYPROXY_AUTHORIZED_RENEWERS` and `MYPROXY_DEFAULT_RENEWERS`.
     862 * retrievers : list of clients able to retrieve a proxy it they have valid credentials and provide the same username/password as the one used at proxy creation. The variables to use are `MYPROXY_AUTHORIZED_RETRIEVERS` and `MYPROXY_DEFAULT_RETRIEVERS`.
     863 * key retrievers : list of clients able to retrieve a proxy, including the private key, it they have valid credentials and provide the same username/password as the one used at proxy creation. The variables to use are `MYPROXY_AUTHORIZED_KEY_RETRIEVERS` and `MYPROXY_DEFAULT_KEY_RETRIEVERS`.
     864 * trusted retrievers : list of clients able to retrieve a proxy without providing valid credentials (but providing the same username/password as the one used at proxy creation if one was used). The variables to use are `MYPROXY_AUTHORIZED_TRUSTED_RETRIEVERS` and `MYPROXY_DEFAULT_TRUSTED_RETRIEVERS`. Clients listed in these variables are automatically added to the corresponding retrievers list (`MYPROXY_AUTHORIZED_RETRIEVERS` or `MYPROXY_DEFAULT_RETRIEVERS`).
     865
     866The list values must be client DNs or regexp matching a client DN. Regexp must be used with caution as they may result in giving a broader access than wanted. For more information about the different policies and the regexp syntax, see the manpage for MyProxy server configuration:
     867{{{
     868man myproxy_server.config
     869}}}
     870
     871In addition to the previous variable, it is possible to use variable `GRID_TRUSTED_BROKERS` to define the WMS which are allowed to use the MyProxy server. The list provided with this variable is merged with `MYPROXY_AUTHORIZED_RENEWERS`.
    862872== VOBOX ==
    863873