[Spread-users] request on clarification of AA policies

Jonathan Stanton jonathan at cnds.jhu.edu
Sun Jan 25 23:00:20 EST 2004


Hi,

The documentation of these features is a bit scarce, I agree. The 
paper (make sure you got the long version -- it should have several 
examples in code) is the main source, and the sample modules in the spread 
source code are the other. 

The only example of the access control is the "permit" policy that is 
included. To make a different policy, you can just copy that file, change 
the name the policy is registered under, and change the handler functions 
to return allowed or denied as you want. The only real trick is that your 
handler functiosn must not block or take very long to return an answer, as 
the entire spread daemon is blocked while the access control handler is 
executing. 

Once you have a new policy, you currently have to add a call to it's init 
function directly to the spread daemon code. The current policy is loaded 
in teh spread.c file. and link your new policy.c file to the spread daemon 
(add it to the Makefile.in at the right place)

Then your daemon will have a new policy choice that can be configured in 
the spread.conf file. 

I hope that helps a bit. 

Jonathan

On Thu, Jan 08, 2004 at 12:24:21AM +0200, Anton Zubenko wrote:
> Greetings to all spread community.
> 
> I'd like to get more information about authentication and autorization
> engines, implemented in spread.
> The whitepaper "Framework for Authentication and Access Control of Client-Server Group Communication Systems", 
> available at documentation section of the website is a good start point. 
> However I can't find any helpfull info on implementing the real
> Access Control Policy, any kind of examples or so...
> 
> What is the supposed way for spread application developer to go
> when he needs a custom AA policy?
> Does current version of spread of spread allow just IP based authentication?
> If so - what would be the way to expand the list of options?
> 
> The situation with access control is even less clear.
> This part of sample.spread.conf doesn't explain the way to build a custtom policy,
> however it gives an idea that this is fiseable...
> -------------
> #Set the current access control policy.
> # This is only needed if you want to establish a customized policy.
> # The default policy is to allow any actions by authenticated clients.
> #AccessControlPolicy = "PERMIT"
> -------------
> 
> I hope that someone can explain this to me!
> Thanks for inputs in advance.
> 
> All the best, Anton.

-- 
-------------------------------------------------------
Jonathan R. Stanton         jonathan at cs.jhu.edu
Dept. of Computer Science   
Johns Hopkins University    
-------------------------------------------------------




More information about the Spread-users mailing list