dCache has many parameters that can be used to configure the systems
behaviour. You can find all these parameters well documented and together
with their default values in the properties files in
/usr/share/dcache/defaults/
. To use
non-default values, you have to set the new values in
/etc/dcache/dcache.conf
or in the layout file.
Do not change the defaults in the properties files! After changing a
parameter you have to restart the concerned cells.
Refer to the file gplazma.properties
for a full list
of properties for gPlazma
One commonly used property is
gPlazmaNumberOfSimultaneousRequests
, which is used to
set the maximum number of concurrent requests to gPlazma
. The default
value is 30
.
Setting the value for
gPlazmaNumberOfSimultaneousRequests
too high may
result in large spikes of CPU activity and the potential to run out of
memory. Setting the number too low results in potentially slow login
activity.
This section describes how to activate the Username/Password access for
WebDAV
. It uses dcache.kwpd
file as an example
format for storing Username/Password information. First make sure
gPlazma2
is enabled in the /etc/dcache/dcache.conf
or in the layout file.
Example:
Check your WebDAV
settings: enable the HTTP
access, disallow the
anonymous access, disable requesting and requiring the client
authentication and activate basic authentication.
webdavProtocol=http webdavAnonymousAccess=NONE webdavWantClientAuth=false webdavNeedClientAuth=false webdavBasicAuthentication=true
Adjust the /etc/dcache/gplazma.conf
to use the
kpwd
plug-in (for more information see also the section called “Plug-ins”).
It will look something like this:
auth optional kpwd map requisite kpwd session requisite kpwd
The /etc/dcache/dcache.kpwd
file is the place
where you can specify the username/password record. It should contain
the username and the password hash, as well as UID, GID, access
mode and the home, root and fsroot directories:
# set passwd passwd tanja 6a4cd089 read-write 500 100 / / /
The passwd-record could be automatically generated by the dCache kpwd-utility, for example:
[root] #
dcache kpwd dcuseradd -u 500 -g 100 -h / -r / -f / -w read-write -p dickerelch tanja
Some file access examples:
curl -u tanja:dickerelch http://webdav-door.example.org:2880/pnfs/
wget --user=tanja --password=dickerelch http://webdav-door.example.org:2880/pnfs/
This section describes how to configure gplazma
to enable webadmin
in authenticated mode
with a grid certificate as well as with a username/password and how to give a user administrator access.
Example for the {dcache.paths.etc}/gplazma.conf
file:
Example:
auth optional x509 auth optional kpwd map requisite kpwd session requisite kpwd
The following example will show how to set up the ${dcache.paths.etc}/dcache.kpwd
file:
version 2.1 mapping "/C=DE/O=ExampleOrganisation/OU=EXAMPLE/CN=John Doe" john # the following are the user auth records login john read-write 1700 1000 / / / /C=DE/O=ExampleOrganisation/OU=EXAMPLE/CN=John Doe # set pwd passwd john 8402480 read-write 1700 1000 / / /
This maps the DN of a grid certificate
subject=/C=DE/O=ExampleOrganisation/OU=EXAMPLE/CN=John Doe
to the user john
and the
entry
login john read-write 1700 1000 / / / /C=DE/O=GermanGrid/OU=DESY/CN=John Doe
applies unix-like
values to john
, most
important is the 1000
, because it is the assigned
GID. This must match the value of the webadminAdminGid
configured in your webadmin. This is sufficient for login using a
certificate. The entry:
passwd john 8402480 read-write 1700 1000 / / /
enables username/password login, such as a valid login would be user
john
with some password. The
password is encrypted with the kpwd-algorithm (also see the section called “The kpwd plug-in”) and then stored in the file. Again
the 1000
here is the assigned GID.