shibboleth-dev - ARP management
Subject: Shibboleth Developers
List archive
- From: Parviz Dousti <>
- To:
- Subject: ARP management
- Date: Sun, 05 May 2002 18:03:14 -0400
Running as: dousti ...
ARP: parviz
SHAR: shar.cmu.edu
URL: http://www.cmu.edu [edu, cmu, www]
EPPN
AFFILS filter: staff, faculty,
URL: http://www.cs.cmu.edu [edu, cmu, cs, www]
EPPN
SHAR: shar.mit.edu
URL: http://*.mit.edu [edu, mit, *]
AFFILS
SHAR: shar.osu.edu
URL: *.edu [edu, *]
AFFILS filter: staff, student, faculty, employee,
This is the out put of a utility I wrote to manage ARPs. The utility is called ArpUtil and can be found at /usr/local/shib/beta on shib2. It can add, remove and list ARPs. ARPs would be saved as files (for now as we agreed). It also do a reasonable amount of access control. There is a switch to the "list" command of this utility that shows the ACLs (not very pretty I might admit). Here is what the above ARP would look like with ACLs:
[dousti@shib2
beta]$ ./ArpUtil list parviz -acls
Running as: dousti ...
ARP: parviz
ACL: arpAcl{[+blk([INSERT]), +dousti([ALL])]}{[]}
SHAR: shar.cmu.edu
ACL: sharAcl{[+dousti([ALL])]}{[]}
URL: http://www.cmu.edu [edu, cmu, www]
ACL: resourceAcl{[+dousti([ALL])]}{[]}
EPPN
AFFILS filter: staff, faculty,
URL: http://www.cs.cmu.edu [edu, cmu, cs, www]
ACL: resourceAcl{[+dousti([ALL])]}{[]}
EPPN
SHAR: shar.mit.edu
ACL: sharAcl{[+dousti([ALL])]}{[]}
URL: http://*.mit.edu [edu, mit, *]
ACL: resourceAcl{[+dousti([ALL])]}{[]}
AFFILS
SHAR: shar.osu.edu
ACL: sharAcl{[+blk([ALL])]}{[]}
URL: *.edu [edu, *]
ACL: resourceAcl{[+blk([ALL])]}{[]}
AFFILS filter: staff, student, faculty, employee,
There is also a "setAcl" command in this utility. It let you give others access to your ARP or parts of it.
Here is the usage out put of the utility:
Usage:
ArpUtil list <arp name> [-acls]
or
ArpUtil add <arp name> [-admin] <shar name> [-default] <url> <attribute name> [-exclude] [-filter [!]<val1> [!]<val2> ...]
or
ArpUtil remove <arp name> [<shar name> [<url> [<attribute name>]]]
or
ArpUtil setAcl <user> <acl> <arp name> [<shar name> [<url>]]
Please feel free to play with it and give me a feed back. Again it is on shib2 at /usr/local/shib/beta/ArpUtil.
Parviz
------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at
http://archives.internet2.edu/
------------------------------------------------------mace-shib-design--
- colorado problem -- any thoughts?, Steven_Carmody, 05/04/2002
- RE: colorado problem -- any thoughts?, Scott Cantor, 05/04/2002
- ARP management, Parviz Dousti, 05/05/2002
- RE: colorado problem -- any thoughts?, Scott Cantor, 05/04/2002
Archive powered by MHonArc 2.6.16.