File: README

package info (click to toggle)
lcas 1.3.20-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 2,356 kB
  • sloc: sh: 4,371; ansic: 2,820; makefile: 192
file content (133 lines) | stat: -rw-r--r-- 5,354 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
 
Release notes for Package edg-lcas
----------------------------------

This package contains the Local Centre Authorization Service (LCAS),
which is be part of the JRA3 software of gLite and the European Datagrid software of WP4.
The goal of the LCAS is to take care of the authorization to the local fabric.
In order to make an authorization decision the LCAS requires the users's
certificate and the job specification in RSL(JDL) format.
The certificate and RSL are passed to (plugin) authorization modules, which grant
or deny the permission to the job request.

Three standard authorization modules are provided with the LCAS:
    1) a module that checks if the user is allowed on the fabric (currently the
       gridmap file is checked)
    2) a module that checks if the user should be banned from the fabric
    3) a module that checks if there is a timeslot available for the fabric.
All three modules get their information from simple configuration files:
"allowed_users.db", "ban_users.db" and "timeslots.db" respectively.
NOTE: In this release the gridmapfile is used instead of "allowed_users.db".

In addition a plugin is provided that decides if the user is authorized based on the VOMS
(VO Membership Service) information stored in the user proxy X509 certificate:
This plugin is driven by a policy file, which can have 3 different formats: plain text, gacl and xacml.

The LCAS provides hooks to additional plugin authorization
modules, which will be provided by other fabric subsystems like e.g. the resource
management subsystem.

In this release the LCAS is a dynamic library, which is contacted by the (for this purpose
modified) globus gatekeeper: edg-gatekeeper.


History
-------
2002-03-27: First release 1.0.0
2002-05-17: modified lcas call --> 1.0.3
2002-05-16: 1.0.2
2002-06-11: Added some debugging and very simple test-program --> 1.0.4
2002-06-17: Moved to LCAS-1.1.0
2002-07-01: fixed minor bugs --> LCAS-1.1.2
2002-07-09: Added apidoc documentation
2002-07-11: Updated documentation --> LCAS-1.1.3
2002-07-17: fixed close(logfp) bug --> LCAS-1.1.4
2002-07-29: lcas_plugin_example.mod included in rpm --> LCAS-1.1.5
2002-08-22: latex documentation created in nonstop-mode/batch mode --> LCAS-1.1.6
2003-02-17: New globus version --> LCAS-1.1.7
2003-04-03: removed "Requires" tags in rpm spec file, added clean_plugin_list() --> LCAS-1.1.8
2003-05-28: LCAS interface(s) packaged separately, --> LCAS-1.1.9, LCAS-interface-1.0.0
2003-08-27: Upgrade of LCAS framework --> version 1.1.10, VOMS plugin added, added header file, interface --> 1.0.1
2003-08-28: Removed header again (lcas_vo_data.h now internal to voms plugin): LCAS-1.1.11, interface-1.0.2
2003-09-10: Updated version of voms2gacl
2003-09-10: Use the right Prefix in specfile --> version 1.1.12
2003-09-11: Added the right gacl dependencies --> version 1.1.13
            Had to increase the api patch version, because wrong install dir --> version 1.0.3
2003-09-16: Added the possibility to accept 'normal' user proxies in the GACL file for the VOMS plugin
            version 1.1.14
2003-09-17: Did the same for the gridmapfile
            version 1.1.15
2003-09-23: New version of voms2gacl: no complaints if VOMS DNs are omitted.
            version 1.1.16
2003-10-07: version 1.1.17 includes a number of bug fixes:
            - ban user list works again (bugzilla #1982)
            - better description of errors returned by the VOMS api (bugzilla #1960, #1962)
            - new version of voms2gacl: further fixes for segfaults and buffer limits
2003-12-03: version 1.1.18
            - edg-lcas-voms2gacl statically linked against new gacllib version (0.9.2)
              This makes the program resistent against DNs, VOnames containing special XML
              characters  (bugzilla #2379)
2004-01-06: included $JOB_REPOSITORY_ID in LCAS logging (is the unique gatekeeper/JM id)
2004-01-15: version 1.1.19
2004-01-23: version 1.1.20 (just a dummy upgrade to link against new VOMS libs)
2004-04-02: version 1.1.21
            - added mechanism to specify if usrlogging and/or syslogging is required
            - switched on a little more syslogging
            - propagate globus build flavor in all Makefiles (also for voms)
2004-04-05: version 1.1.22
            - fixed bug in lcas_log_close()


Where to get this package
-------------------------

This package is available from http://www.glite.org


License:
--------

See LICENSE file


Software Requirements
---------------------

- the gssapi library as provided by globus (flavour gcc32dbg): globus_gssapi_gsi-gcc32dbg

- the patched globus gatekeeper: edg-gatekeeper (version 2.1.0 or higher)

- For RPM building, needs rpm version 3 or above (see http://www.rpm.org).

- GNUmake or a GNU compatible 'make'. Some proprietary make command
  doesn't recognize the ':=' operator.

- To build documentation: doxygen and latex2html


Documentation
-------------

- See http://www.dutchgrid.nl/DataGrid/wp4/lcas.


Building/Installing edg-lcas
-------------------------------

 See file INSTALL


Known bugs and workarounds:
---------------------------


Planned evolution
-----------------

- Standalone LCAS (daemon), which is contacted by the gatekeeper.


Contact
-------

Martijn Steenbakkers <martijn@nikhef.nl>, +31 (0) 20 592 5012
$Id: README,v 2.29 2004-09-17 15:49:42 msteenba Exp $