From 75944b3c73cf823504772b00dd76525517f9c2be Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Filip=20Str=C3=B6mb=C3=A4ck?= <filip.stromback@liu.se>
Date: Fri, 18 Jun 2021 09:48:01 +0200
Subject: [PATCH] Updated the configuration file for the AUTH server.

Now it also includes the SAND and SAcl clients for sandbox management.
---
 files/auth/config.json | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/files/auth/config.json b/files/auth/config.json
index 465a738..647ce57 100644
--- a/files/auth/config.json
+++ b/files/auth/config.json
@@ -59,6 +59,13 @@
 	"DB" : {
 	    "message_size" : 1024000,
 	    "groups" : [ "", "ADMC", "MS", "AUTH" ]
+	},
+
+	// The sandbox server.
+	// Note: The auth server needs to be able to talk to the sandbox server when authenticating (anonymous) students.
+	"SAND" : {
+	    "message_size" : 102400,
+	    "groups" : [ "AUTH", "ADMC", "DB" ]
 	}
     },
 
@@ -81,7 +88,8 @@
 	    "ADMC" : [ "admin" ],
 	    // Note: This might not be a good idea in the long run. We should at least
 	    // put "admin" here instead of "staff".
-	    "KMGR" : [ "staff" ]
+	    "KMGR" : [ "staff" ],
+	    "SAcl" : [ "staff" ]
 	}
     },
 
@@ -92,7 +100,7 @@
 	{
 	    // A list of groups that we allow authenticating using this method. This is mandatory
 	    // for all elements in here.
-	    "allow" : [ "TEST", "EC", "SC", "MS" ],
+	    "allow" : [ "TEST", "EC", "SC", "MS", "ADMC", "SAND" ],
 
 	    // The debug auth is the simplest. It just allows whatever the connected client
 	    // claimed. It is not good to use in production, and is always disabled unless the
@@ -100,7 +108,7 @@
 	    "type" : "debug"
 	},
 	{
-	    "allow" : [ "DB", "MS", "KDB" ],
+	    "allow" : [ "DB", "MS", "KDB", "SAND" ],
 
 	    // File system authentication. This works for clients on the same system as the
 	    // authentication server (e.g. DB, ARLA, etc.), and relies on UNIX permissions. This
@@ -118,7 +126,7 @@
 	},
 	{
 	    // Slightly different requirements for ADMC and the Key manager.
-	    "allow" : [ "ADMC", "KMGR" ],
+	    "allow" : [ "ADMC", "KMGR", "SAcl" ],
 	    "type" : "fs",
 	    "path" : "/tmp",
 	    "permissions" : "0777",
@@ -134,12 +142,12 @@
 	},
 	{
 	    // Allow authenticating SC, EC and AdmC with Kerberos.
-	    "allow" : [ "EC", "SC", "ADMC" ],
+	    "allow" : [ "EC", "SC", "ADMC", "KMGR", "SAcl" ],
 	    "type" : "kerberos"
 	},
 	{
 	    // Allow TEST, EC, SC, and KMGR with SSH.
-	    "allow" : [ "TEST", "EC", "SC", "KMGR" ],
+	    "allow" : [ "TEST", "EC", "SC", "KMGR", "SAcl" ],
 	    "type" : "ssh",
 
 	    "identity_db" : {
-- 
GitLab