nordugrid-arc-arex 1.1.1-1 / usr / share / arc / examples / a-rex / arex_secure.xml.example

This file is indexed.

/usr/share/arc/examples/a-rex/arex_secure.xml.example is in nordugrid-arc-arex 1.1.1-1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
<?xml version="1.0"?>
<ArcConfig
  xmlns="http://www.nordugrid.org/schemas/arcconfig/2009/08"
  xmlns:loader="http://www.nordugrid.org/schemas/loader/2009/08"
  xmlns:tcp="http://www.nordugrid.org/schemas/tcp/2009/08"
  xmlns:tls="http://www.nordugrid.org/schemas/tls/2009/08"
  xmlns:authz="http://www.nordugrid.org/schemas/arcauthz/2009/08"
  xmlns:idmap="http://www.nordugrid.org/schemas/identitymap/2009/10"
  xmlns:spdp="http://www.nordugrid.org/schemas/simplelistpdp/2009/08"
  xmlns:arex="http://www.nordugrid.org/schemas/a-rex/2009/08"
>
  <!-- Common configuration of the daemon -->
  <Server>
    <PidFile>/var/run/arched.pid</PidFile>
    <Logger>
      <Level>DEBUG</Level>
      <File>/var/log/arc/arched.log</File>
    </Logger>
  </Server>
  <!-- Where to find plugins -->
  <loader:ModuleManager>
    <loader:Path>/usr/lib/arc/</loader:Path>
  </loader:ModuleManager>
  <!-- Simply load all needed plugins -->
  <loader:Plugins>
    <loader:Name>mcctcp</loader:Name>
    <loader:Name>mcctls</loader:Name>
    <loader:Name>mcchttp</loader:Name>
    <loader:Name>mccsoap</loader:Name>
    <loader:Name>arcshc</loader:Name>
    <loader:Name>identitymap</loader:Name>
    <loader:Name>arex</loader:Name>
  </loader:Plugins>
  <!-- Create a chain -->
  <loader:Chain>
    <!-- TCP listening socket -->
    <loader:Component name="tcp.service" id="tcp">
      <loader:next id="tls"/>
      <tcp:Listen><tcp:Port>60000</tcp:Port></tcp:Listen>
    </loader:Component>
    <!-- Transport-level security -->
    <loader:Component name="tls.service" id="tls">
      <loader:next id="http"/>
      <!-- Location of server's security keys -->
      <tls:KeyPath>/etc/grid-security/hostkey.pem</tls:KeyPath>
      <tls:CertificatePath>/etc/grid-security/hostcert.pem</tls:CertificatePath>
      <tls:CACertificatesDir>/etc/grid-security/certificates</tls:CACertificatesDir>
      <tls:VOMSCertTrustDNChain>
        <tls:VOMSCertTrustRegex>.*</tls:VOMSCertTrustRegex>
      </tls:VOMSCertTrustDNChain>
      <!-- SecHandler below calls specified Policy Decision Point components.
           In this example only one PDP is defined - simplelist.pdp. This
           PDP compares Distinguished Name of connecting client against
           list of allowed DNs. DNs are stored in external file one per line.
           They may be enclosed in '"'. -->
      <loader:SecHandler name="arc.authz" id="pdps" event="incoming">
        <authz:PDP name="simplelist.pdp" spdp:location="/etc/grid-security/grid-mapfile"/>
      </loader:SecHandler>
      <!-- Evaluate requestor's identity into local identity.
           Comment it if no user mapping is needed. -->
      <loader:SecHandler name="identity.map" id="map" event="incoming">
        <!-- Safe choice if all other rules failed -->
        <idmap:PDP name="allow.pdp"><idmap:LocalName>nobody</idmap:LocalName></idmap:PDP>
      </loader:SecHandler>
    </loader:Component>
    <!-- HTTP processing is done here -->
    <loader:Component name="http.service" id="http">
      <loader:next id="soap">POST</loader:next>
      <loader:next id="plexer">GET</loader:next>
      <loader:next id="plexer">PUT</loader:next>
      <loader:next id="plexer">HEAD</loader:next>
    </loader:Component>
    <!-- This one parses content into XML tree -->
    <loader:Component name="soap.service" id="soap">
      <loader:next id="plexer"/>
    </loader:Component>
    <!-- Directing messages to proper service -->
    <loader:Plexer name="plexer.service" id="plexer">
      <loader:next id="a-rex">^/arex</loader:next>
    </loader:Plexer>
    <!-- A-Rex service -->
    <loader:Service name="a-rex" id="a-rex">
      <!-- Optional endpoint element is advised in case of multiple IP adresses -->
      <arex:endpoint>https://localhost:60000/arex</arex:endpoint>
      <!-- Use information generated by identity.map plugin or default provided below -->
      <arex:usermap><arex:defaultLocalName>nobody</arex:defaultLocalName></arex:usermap>
      <!-- grid-manager part of a-rex requires legacy configuration file.
           Use arc_arex.conf example or write own. -->
      <arex:gmconfig>/etc/arc_arex.conf</arex:gmconfig>
    </loader:Service>
  </loader:Chain>
</ArcConfig>

APT Browse - Built by Thomas Orozco.