release notes | Book: 1.9.5, 1.9.12 (opt, FHS), 2.11 (FHS), 2.12 (FHS), 2.13 (FHS), 2.14 (FHS), | Wiki | Q&A black_bg
Web: Multi-page, Single page | PDF: A4-size, Letter-size | eBook: epub black_bg

Chapter 12. Authorization in dCache

dCache has an open interface to work with different authorization services. With dCache you get two implementations of this interface: gPlazma1 and gPlazma2. Both are described in this chapter. gPlazma is an acronym for Grid-aware PLuggable AuthorZation Management. Both implementations come with various plug-ins that implement different authorization methods (e.g., Username/Password). gPlazma1 is grown over the last few years and provides with some older authorization methods gPlazma2 does not. On the other hand: gPlazma2 has a more modular structure, offers the possibility to add custom plug-ins and is able to make use of some authorization techniques you cannot use with gPlazma1 (i.e., centralised banning of users). Also gPlazma2 has an new PAM like configuration system that makes configuration very easy.

Read the following sections and see which version matches your needs best. If both do, we recommend to use gPlazma2. For legacy reasons version 1 is used as default. To set the version set gplazma.version property in /etc/dcache/dcache.conf to 1 or 2.

Example:

gplazma.version = 2

The recommended way to specify the version is to set it in dcache.conf, but if you prefer you might as well do it in the layout file.

Example:

[gPlazmaDomain]
[gPlazmaDomain/gplazma]
gplazma.version = 2

Note

If you don’t explicitly set the version to 2 then gPlazma1 will be used.