Hi Elena/All
The response from the developers is pretty much in line with Mingchao's understanding:
"If the Argus server you've installed is for your site only, then no port need to be opened to the outside world.
Only CREAM CE or glexec+LCMAPS Argus PEP plugin WN should be able to connect to the Argus server, and normally these services are all local to your site.
The Argus server can be configured to pull-down top level banning lists from other Argus servers, but this normally doesn't require the firewall to be opened (outbound connection)."
Jeremy
On 16 Jun 2011, at 12:43, Elena Korolkova wrote:
> thanks, Jeremy
> On 16 Jun 2011, at 12:42, Jeremy Coles wrote:
>
>> Hi Elena
>>
>> We do not have a definitive answer and the information here https://twiki.cern.ch/twiki/bin/view/EGEE/AuthorizationFramework does not answer it either but it does suggest "Argus support (developer, site administrator) questions can be sent directly to the [log in to unmask] mailing list" so I will do that next.
>>
>> Cheers,
>> Jeremy
>>
>>
>>
>>
>> On 16 Jun 2011, at 12:11, Ewan MacMahon wrote:
>>
>>>> -----Original Message-----
>>>> From: Testbed Support for GridPP member institutes [mailto:TB-
>>>> [log in to unmask]] On Behalf Of Christopher J. Walker
>>>>
>>>>
>>>> I thought one of the points of ARGUS was that it had the ability for the
>>>> VO or security team who are offsite) to ban users without waiting for the
>>>> site admin to react. Clearly this would need access from offsite.
>>>>
>>> Not necessarily. I'd rather assume that it would involve the argus
>>> server pulling from central ban list(s), not remote pushes of
>>> configuration onto the argus server.
>>>
>>> Ewan
>
> __________________________________________________
> Dr Elena Korolkova
> Email: [log in to unmask]
> Tel.: +44 (0)114 2223553
> Fax: +44 (0)114 2223555
> Department of Physics and Astronomy
> University of Sheffield
> Sheffield, S3 7RH, United Kingdom
|