Andrew Washbrook wrote:
> Hi,
>
> Just a quick question regarding ARGUS installation - does anyone know if the ARGUS Yaim variable PAP_ADMIN_DN can be used to define multiple DNs? If this restricts who can run pap-admin (and consequently who can ban/unban users etc.) then it would be good to define multiple administrators to eliminate single points of failure. If this is not how it works then please ignore my question!
>
> Thanks for your help,
> Andy.
>
Hi Andrew,
This document lays it out what can go in there (see ACE)
https://twiki.cern.ch/twiki/bin/view/EGEE/AuthZPAPConfig
I checked this by greping for PAP_ADMIN_DN in the yaim function. No
splitting is done,
so the ARGUS Yaim variable PAP_ADMIN_DN must contain one of:|
|* |ANYONE|, to assign privileges to any authenticated user (i.e., any
user that presents a trusted certificate).
* a VOMS FQAN, e.g., |/atlas/Role=VO-Admin|
* a *quoted* X509 certificate subject, e.g., |"/C=IT/O=INFN/OU=Personal
Certificate/L=CNAF/CN=Andrea Ceccanti"
|On your server, the config will show up in
/opt/argus/pap/conf/pap_authorization.ini
Steve
--
Steve Jones [log in to unmask]
System Administrator office: 220
High Energy Physics Division tel (int): 42334
Oliver Lodge Laboratory tel (ext): +44 (0)151 794 2334
University of Liverpool http://www.liv.ac.uk/physics/hep/
|