For the authenticated mode a configured gPlazma
is
required (see also the section called “gPlazma
config example to work with authenticated webadmin”). The user may either
authenticate by presenting his grid certificate or by entering a
valid username/password combination. This way it is possible to
login even if the user does not have a grid certificate. For a
non-authenticated webadmin
service you just need to start
the httpd
service.
For the authenticated mode using a grid certificate the host certificate has to be imported into the dCache-keystore. In the grid world host certificates are usually signed by national Grid-CAs. Refer to the documentation provided by the Grid-CA to find out how to request a certificate. To import them into the dCache-keystore use this command:
[root] #
/opt/d-cache/bin/dcache import hostcert
Now you have to initialise your truststore (this is the certificate-store used for the SSL connections) by using this command:
[root] #
/opt/d-cache/bin/dcache import cacerts
The webadmin
service uses the same truststore as
webdav
service, so you can skip this step if you have
webdav
configured with SSL.
The default instance name is the name of the host which runs the
httpdDomain and the default http port number is
2288
(this is the default port number of the
httpd
service). Now you should be able to have a
read-only access to the webpage
http://example.com:2288/webadmin
.
In the following example we will enable the authenticated mode.
Example:
[httpdDomain] authenticated=true
The most important value is
httpd.authz.admin-gid
, because it configures
who is allowed to alter dCache behaviour, which certainly
should not be everyone:
# # When a user has this GID he can become an admin for the webadmin interface # httpd.authz.admin-gid=0
To see all webadmin specific property values have a look
at
/opt/d-cache/share/defaults/httpd.properties
.
For information on gPlazma
configuration have a look
at Chapter 10, Authorization in dCache and for a special example
the section called “gPlazma
config example to work with authenticated webadmin”.