diff --git a/files/auth/config.json b/files/auth/config.json
index 465a73855342c28f4fd10e583775f2ea9ee96953..647ce5767696e40d2e35dae3741922f0c770a0bb 100644
--- a/files/auth/config.json
+++ b/files/auth/config.json
@@ -59,6 +59,13 @@
"DB" : {
"message_size" : 1024000,
"groups" : [ "", "ADMC", "MS", "AUTH" ]
+ },
+
+ // The sandbox server.
+ // Note: The auth server needs to be able to talk to the sandbox server when authenticating (anonymous) students.
+ "SAND" : {
+ "message_size" : 102400,
+ "groups" : [ "AUTH", "ADMC", "DB" ]
}
},
@@ -81,7 +88,8 @@
"ADMC" : [ "admin" ],
// Note: This might not be a good idea in the long run. We should at least
// put "admin" here instead of "staff".
- "KMGR" : [ "staff" ]
+ "KMGR" : [ "staff" ],
+ "SAcl" : [ "staff" ]
}
},
@@ -92,7 +100,7 @@
{
// A list of groups that we allow authenticating using this method. This is mandatory
// for all elements in here.
- "allow" : [ "TEST", "EC", "SC", "MS" ],
+ "allow" : [ "TEST", "EC", "SC", "MS", "ADMC", "SAND" ],
// The debug auth is the simplest. It just allows whatever the connected client
// claimed. It is not good to use in production, and is always disabled unless the
@@ -100,7 +108,7 @@
"type" : "debug"
},
{
- "allow" : [ "DB", "MS", "KDB" ],
+ "allow" : [ "DB", "MS", "KDB", "SAND" ],
// File system authentication. This works for clients on the same system as the
// authentication server (e.g. DB, ARLA, etc.), and relies on UNIX permissions. This
@@ -118,7 +126,7 @@
},
{
// Slightly different requirements for ADMC and the Key manager.
- "allow" : [ "ADMC", "KMGR" ],
+ "allow" : [ "ADMC", "KMGR", "SAcl" ],
"type" : "fs",
"path" : "/tmp",
"permissions" : "0777",
@@ -134,12 +142,12 @@
},
{
// Allow authenticating SC, EC and AdmC with Kerberos.
- "allow" : [ "EC", "SC", "ADMC" ],
+ "allow" : [ "EC", "SC", "ADMC", "KMGR", "SAcl" ],
"type" : "kerberos"
},
{
// Allow TEST, EC, SC, and KMGR with SSH.
- "allow" : [ "TEST", "EC", "SC", "KMGR" ],
+ "allow" : [ "TEST", "EC", "SC", "KMGR", "SAcl" ],
"type" : "ssh",
"identity_db" : {