[Spread-users] request on clarification of AA policies
Jonathan Stanton
jonathan at cnds.jhu.edu
Sun Jan 25 23:00:20 EST 2004
Hi,
The documentation of these features is a bit scarce, I agree. The
paper (make sure you got the long version -- it should have several
examples in code) is the main source, and the sample modules in the spread
source code are the other.
The only example of the access control is the "permit" policy that is
included. To make a different policy, you can just copy that file, change
the name the policy is registered under, and change the handler functions
to return allowed or denied as you want. The only real trick is that your
handler functiosn must not block or take very long to return an answer, as
the entire spread daemon is blocked while the access control handler is
executing.
Once you have a new policy, you currently have to add a call to it's init
function directly to the spread daemon code. The current policy is loaded
in teh spread.c file. and link your new policy.c file to the spread daemon
(add it to the Makefile.in at the right place)
Then your daemon will have a new policy choice that can be configured in
the spread.conf file.
I hope that helps a bit.
Jonathan
On Thu, Jan 08, 2004 at 12:24:21AM +0200, Anton Zubenko wrote:
> Greetings to all spread community.
>
> I'd like to get more information about authentication and autorization
> engines, implemented in spread.
> The whitepaper "Framework for Authentication and Access Control of Client-Server Group Communication Systems",
> available at documentation section of the website is a good start point.
> However I can't find any helpfull info on implementing the real
> Access Control Policy, any kind of examples or so...
>
> What is the supposed way for spread application developer to go
> when he needs a custom AA policy?
> Does current version of spread of spread allow just IP based authentication?
> If so - what would be the way to expand the list of options?
>
> The situation with access control is even less clear.
> This part of sample.spread.conf doesn't explain the way to build a custtom policy,
> however it gives an idea that this is fiseable...
> -------------
> #Set the current access control policy.
> # This is only needed if you want to establish a customized policy.
> # The default policy is to allow any actions by authenticated clients.
> #AccessControlPolicy = "PERMIT"
> -------------
>
> I hope that someone can explain this to me!
> Thanks for inputs in advance.
>
> All the best, Anton.
--
-------------------------------------------------------
Jonathan R. Stanton jonathan at cs.jhu.edu
Dept. of Computer Science
Johns Hopkins University
-------------------------------------------------------
More information about the Spread-users
mailing list