Next: VOMS + Gridmap configuration
Up: Authorization Manager configuration file
Previous: Gridmap configuration
The second template, vomsConfig.xml.template, configures the
Authorization Manager to use the VOMS extension of the client certificate as
the default information-source for the authorization of client requests.
It contains two policies:
- vomsPolicy: it is the default policy used to authorize the
incoming requests. The VOMS extension of the client certificate contains a
list of all the roles associated to the client. The Authorization Manager
verifies that the digital signature protecting the VOMS extension is correct
and produced by a valid VOMS server. If the verification is positive the
client can play any role included in the list.
The pathname of the directory containing the VOMS signer certificates is
specified in the vomsdir parameter: substitute
@VOMS.SIGNER.DIRECTORY@ with the name of the directory. The frequency
(in seconds) of reload of the VOMS signer certificates is specified in the
refreshperiod parameter; default value is `600'.
All VOMS signer certificates in the directory are accepted, as specified by
the filter parameter.
- adminPolicy: it is the policy used to authorize requests
addressed to the Administration GUI. A static table is used to store
the DNs of the administrators.
Substitute the parameter @ADMINISTRATOR.DN@ with the DN of the administrator.
Replicate the entry
<param key="@ADMINISTRATOR.DN@" value="Administrator" /> with the
DN of each subject who is administrator of the Authorization Manager.
Next: VOMS + Gridmap configuration
Up: Authorization Manager configuration file
Previous: Gridmap configuration
2004-07-02