Skip to content
Snippets Groups Projects
Commit 75944b3c authored by Filip Strömbäck's avatar Filip Strömbäck
Browse files

Updated the configuration file for the AUTH server. 

Now it also includes the SAND and SAcl clients for sandbox management.
parent a7d51dd6
No related branches found
No related tags found
2 merge requests!8Updated the configuration file for the AUTH server.,!7Merge of PDK, broker, auth
Pipeline #48620 passed
Stage: puppet
Hide whitespace changes
Inline Side-by-side
Showing
with 14 additions and 6 deletions
files/auth/config.json
+ 14
6
View file @ 75944b3c
...@@ -59,6 +59,13 @@ ...@@ -59,6 +59,13 @@
"DB" : { "DB" : {
"message_size" : 1024000, "message_size" : 1024000,
"groups" : [ "", "ADMC", "MS", "AUTH" ] "groups" : [ "", "ADMC", "MS", "AUTH" ]
},
// The sandbox server.
// Note: The auth server needs to be able to talk to the sandbox server when authenticating (anonymous) students.
"SAND" : {
"message_size" : 102400,
"groups" : [ "AUTH", "ADMC", "DB" ]
} }
}, },
...@@ -81,7 +88,8 @@ ...@@ -81,7 +88,8 @@
"ADMC" : [ "admin" ], "ADMC" : [ "admin" ],
// Note: This might not be a good idea in the long run. We should at least // Note: This might not be a good idea in the long run. We should at least
// put "admin" here instead of "staff". // put "admin" here instead of "staff".
"KMGR" : [ "staff" ] "KMGR" : [ "staff" ],
"SAcl" : [ "staff" ]
} }
}, },
...@@ -92,7 +100,7 @@ ...@@ -92,7 +100,7 @@
{ {
// A list of groups that we allow authenticating using this method. This is mandatory // A list of groups that we allow authenticating using this method. This is mandatory
// for all elements in here. // for all elements in here.
"allow" : [ "TEST", "EC", "SC", "MS" ], "allow" : [ "TEST", "EC", "SC", "MS", "ADMC", "SAND" ],
// The debug auth is the simplest. It just allows whatever the connected client // The debug auth is the simplest. It just allows whatever the connected client
// claimed. It is not good to use in production, and is always disabled unless the // claimed. It is not good to use in production, and is always disabled unless the
...@@ -100,7 +108,7 @@ ...@@ -100,7 +108,7 @@
"type" : "debug" "type" : "debug"
}, },
{ {
"allow" : [ "DB", "MS", "KDB" ], "allow" : [ "DB", "MS", "KDB", "SAND" ],
// File system authentication. This works for clients on the same system as the // File system authentication. This works for clients on the same system as the
// authentication server (e.g. DB, ARLA, etc.), and relies on UNIX permissions. This // authentication server (e.g. DB, ARLA, etc.), and relies on UNIX permissions. This
...@@ -118,7 +126,7 @@ ...@@ -118,7 +126,7 @@
}, },
{ {
// Slightly different requirements for ADMC and the Key manager. // Slightly different requirements for ADMC and the Key manager.
"allow" : [ "ADMC", "KMGR" ], "allow" : [ "ADMC", "KMGR", "SAcl" ],
"type" : "fs", "type" : "fs",
"path" : "/tmp", "path" : "/tmp",
"permissions" : "0777", "permissions" : "0777",
...@@ -134,12 +142,12 @@ ...@@ -134,12 +142,12 @@
}, },
{ {
// Allow authenticating SC, EC and AdmC with Kerberos. // Allow authenticating SC, EC and AdmC with Kerberos.
"allow" : [ "EC", "SC", "ADMC" ], "allow" : [ "EC", "SC", "ADMC", "KMGR", "SAcl" ],
"type" : "kerberos" "type" : "kerberos"
}, },
{ {
// Allow TEST, EC, SC, and KMGR with SSH. // Allow TEST, EC, SC, and KMGR with SSH.
"allow" : [ "TEST", "EC", "SC", "KMGR" ], "allow" : [ "TEST", "EC", "SC", "KMGR", "SAcl" ],
"type" : "ssh", "type" : "ssh",
"identity_db" : { "identity_db" : {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment